dd.simple-files.com

Blisbury LLP

Domain Information

The domain dd.simple-files.com registered by Whois Privacy Corp. was initially registered in April of 2013 through INTERNET.BS CORP.. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher Blisbury LLP who is located in London, United Kingdom.
Registrar:
INTERNET DOMAIN SERVICE BS CORP

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Monday, April 15, 2013

Expires date:
Friday, April 15, 2016

Updated date:
Friday, December 11, 2015

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.TechnologyIsland.i, PUP.Installer.NewMonte.b, PUP.Installer.TechnologyIsland.r, PUP.Installer.TechnologyIsland.?, PUP.Installer.NewMonte.V, PUP.Installer.NewMonte.d, PUP.Installer.TechnologyIsland.v, PUP.Installer.Via Advertising, PUP.Bundler.Via Advertising, PUP.Blisbury.Bundler, Threat.Blisbury.Bundler, PUP.Blisbury.httpwwwsimplefiles.Bundler (M), PUP.Via Advertising.TechnologyIsland.Bundler (M), PUP.Blisbury.NewMonte.Bundler (M), PUP.Via Advertising.Technolo.Bundler (M), PUP.Blisbury.httpwwws.Bundler (M), PUP.Via Advertising (M), PUP.Blisbury (M)
100.00%

Dr.Web
Adware.Downware.7936, Threat.Undefined, Adware.Downware.8279, Adware.Downware.9527, Adware.Downware.10330
24.00%

avast!
Win32:Adware-gen [Adw], Win32:Rootkit-gen [Rtk], Win32:PUP-gen [PUP], Win32:Trojan-gen
22.00%

AVG
Generic, Adware BundleApp_r.AL, Adware BundleApp_r.AM, Adware BundleApp_r.AO
20.00%

VIPRE Antivirus
Threat.4925438, Threat.4150696
18.00%

ESET NOD32
Win32/ExpressDownloader.J potentially unwanted application, Win32/ExpressDownloader.H potentially unwanted application
16.00%

IKARUS anti.virus
PUA.ICLoader, PUA.Expressdownloader, PUA.BrowseFox
16.00%

K7 Gateway Antivirus
Trojan , Unwanted-Program
14.00%

NANO AntiVirus
Riskware.Win32.Downware.dedwnb, Riskware.Win32.Babylon.dffshm, Trojan.Win32.BPlug.dkkvvf, Riskware.Win32.Downware.deleer
14.00%

herdProtect (fuzzy)
a variant of 299731bbd6c85fe09cba6bcbf216040b1ab4c66c, a variant of b6758f1f54ef04c91956cdcbe2e0ee3099953c61, a variant of 292a79294cfb9efb1332b6fccf5141cd14b97426
12.00%

G Data
Gen:Variant.Kazy.462844, Win32.Application.Expressdownloader, Gen:Variant.Adware.Kazy.462844
12.00%

Agnitum Outpost
Riskware.Agent
10.00%

K7 AntiVirus
Unwanted-Program , Trojan
10.00%

ESET NOD32
Win32/BrowseFox, Win32/ExpressDownloader (variant)
6.00%

Malwarebytes
PUP.Optional.SimpleFiles.A, PUP.Optional.ExpressFiles.A
6.00%

The domain dd.simple-files.com has been seen to resolve to the following 3 IP addresses.

ns1.ibspark.com
April 17, 2016

unallocated.barefruit.co.uk
May 6, 2015

206.190.132.156.static.midphase.com
April 11, 2014

File downloads found at URLs served by dd.simple-files.com.

1 / 68      (PUP)
http://dd.simple-files.com/.../Z  (sholawat_nabi_downloader.exe)

1 / 68      (Adware)

1 / 68      (Adware)
http://dd.simple-files.com/.../8Sr4 2GLCd  (web_templates_for_construction_downloader.exe)

1 / 68      (PUP)

 
Latest 30 of 68 download URLs

The following 372 files have been seen to comunicate with dd.simple-files.com in live environments.

 
Latest 20 of 384 files