home

installs.dealply.com

Deal Ply Technologies Ltd.

Domain Information

The domain installs.dealply.com registered by Deal Ply Technologies Ltd. was initially registered in January of 2011 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Dublin City, Ireland (IE)

Create date:
Monday, January 31, 2011

Expires date:
Wednesday, January 31, 2018

Updated date:
Wednesday, January 27, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:
dealply.com

Whois:
2 dealply.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.DealPly.H, PUP.BrowserOptOut.DealPly.N, PUP.DealPly.Installer (M)
100.00%

VIPRE Antivirus
Adware.DealPly
75.00%

McAfee
Artemis!D2389E42ABFF, Artemis!A2D01C19AD2F
50.00%

Trend Micro House Call
TROJ_GEN.F47V0510
50.00%

Dr.Web
Adware.Shopper.328
50.00%

Emsisoft Anti-Malware
Trojan.Win32.DealPly.AMN
50.00%

ESET NOD32
Win32/DealPly (variant)
50.00%

Malwarebytes
PUP.Optional.Dealply
50.00%

avast!
Win32:DealPly-A [PUP]
50.00%

Microsoft Security Essentials
Adware:Win32/DealPly
50.00%

K7 AntiVirus
Trojan
50.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, Signed-Adware.DealPly
50.00%

Norman
W32/Downloader
50.00%

Boost by Reason
Optional.DealPly.H
25.00%

herdProtect (fuzzy)
a variant of 6a54e6c0537949483e74328c8edce8e2b79edb7c
25.00%

The domain installs.dealply.com has been seen to resolve to the following 7 IP addresses.

54.231.114.60
s3-1.amazonaws.com
May 24, 2016

54.231.49.212
s3-1.amazonaws.com
April 7, 2016

54.231.97.219
s3-1.amazonaws.com
April 5, 2016

54.231.17.232
s3-1.amazonaws.com
November 29, 2014

176.32.102.66
s3-1.amazonaws.com
April 23, 2014

176.32.101.138
s3-1.amazonaws.com
April 23, 2014

72.21.194.15
s3-1.amazonaws.com
November 19, 2013

File downloads found at URLs served by installs.dealply.com.

1 / 68      (Adware)
http://installs.dealply.com/v2000solo/vn/.../dealply-ff.exe  (4f28b89428ae82467c4d2cb06bde7f02)

14 / 68    (Adware)
http://installs.dealply.com/v2000solo/wbpk/.../dealply.exe  (7d90b2b46344de616120e5e2f177094c)

1 / 68      (Adware)
http://installs.dealply.com/v2000solo/vn/.../dealply-ch.exe  (2eba44ed51762789bb655d21758bc907)

16 / 68    (Adware)
http://installs.dealply.com/latest/dir/.../dealply.exe  (a2d01c19ad2fb73baf7acbba09346492)

3 / 68      (Adware)
http://installs.dealply.com/.../diagnosis64.exe  (BrowserOptOut.exe)

3 / 68      (Adware)
http://installs.dealply.com/.../diagnosis32.exe  (BrowserOptOut.exe)

15 / 68    (Adware)
http://installs.dealply.com/v2000solo/lnklr/.../dealply.exe  (496391b1cbf90ab8e18317c3f874cfe0)

15 / 68    (Adware)
http://installs.dealply.com/v2000solo/wbpk/.../dealply.exe  (d2389e42abff950b2d86ce644d41483a)

The following 34 files have been seen to comunicate with installs.dealply.com in live environments.

TCP » 54.231.114.60:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.231.97.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.49.212:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.114.60:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.97.219:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.97.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.231.49.212:80
onlysetup.exe (by Pay By Ads)

TCP » 54.231.114.60:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 54.231.49.212:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.49.212:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.49.212:80
UCBrowser.exe (by UCWeb)

TCP » 54.231.49.212:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.231.97.219:443
browser.exe (speed browser by Fast Applications)

TCP » 54.231.97.219:80
client.exe (ClientWrapper)

TCP » 54.231.114.60:443
browser.exe (speed browser by Fast Applications)

TCP » 54.231.114.60:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.97.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.231.114.60:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.231.114.60:80
browser.exe (Speed Browser by Smart Applications)

TCP » 54.231.114.60:443
Client.exe

 
Latest 20 of 48 files

URL:
http://installs.dealply.com/

Network:
Amazon Web Services (AWS)

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.