home

dde.de.drive-files-b.com

Perion Network Ltd.

Domain Information

The domain dde.de.drive-files-b.com registered by Client Connect Ltd. was initially registered in May of 2013 through GODADDY.COM, LLC. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Dallas, Texas within the United States which resides on the Akamai Technologies, Inc. network. The domain is associated with the publisher Perion Network Ltd. who is located in Tel Aviv, Israel.
Registrar:
GODADDY.COM, LLC

Server location:
Texas, United States (US)

Create date:
Sunday, May 5, 2013

Expires date:
Sunday, January 1, 2017

Updated date:
Tuesday, January 6, 2015

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.,US

Root domain:
drive-files-b.com

Whois:
2 drive-files-b.com records

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.ClientConnect.M, PUP.Installer.ClientConnect.P, PUP.Perion.T, PUP.ClientConnect.AA, PUP.Win.Reputation, PUP.Perion.V, PUP.Perion Partner.PaloAltoTechnologies.Bundler (M), PUP.Conduit.ClientConnect.Installer (M), PUP.Perion.Bundler (M), PUP.Perion.Bundler.Conduit (M), PUP.Perion.Bundler.Conduit.Installer (M), PUP.Conduit.ClientCo.Installer (M), PUP.Perion Partner.PaloAlto.Bundler (M), PUP.Conduit.Installer (M)
97.96%

Dr.Web
Adware.Conduit.87, Adware.Downware.1895, Trojan.PWS.Stealer.13174, Adware.Conduit.96
28.57%

VIPRE Antivirus
Threat.4786236, Conduit, Trojan.Win32.Generic
26.53%

ESET NOD32
Win32/Toolbar.Conduit.AE, Win32/ClientConnect (variant), Win32/Toolbar.Conduit.AB (variant)
26.53%

avast!
Adware-BRM [PUP], Win32:Adware-BRM [PUP], Win32:Adware-gen [Adw]
22.45%

Malwarebytes
PUP.Optional.ClientConnect, PUP.Optional.Conduit, PUP.Optional.Conduit.A
22.45%

Trend Micro House Call
TROJ_GEN.F47V0606, Suspicious_GEN.F47V0623, TROJ_GEN.F47V0512, Suspicious_GEN.F47V0616, TROJ_GEN.F47V0505, Suspicious_GEN.F47V0721, Suspicious_GEN.F47V0711
20.41%

Baidu Antivirus
Adware.Win32.Conduit, Adware.Win32.Perinet, PUA.Win32.Perinet, Trojan.Win32.ClientConnect, Adware.Win32.Toolbar, PUA.Win32.ClientConnect
20.41%

Fortinet FortiGate
Riskware/Toolbar_Conduit, Riskware/ClientConnect, Riskware/Agent
20.41%

AVG
Generic
16.33%

IKARUS anti.virus
PUA.ClientConnect, PUA.Toolbar.Conduit
12.24%

Kaspersky
not-a-virus:WebToolbar.Win32.Perinet, not-a-virus:WebToolbar.Win32.Agent
12.24%

McAfee
Artemis!AFBB9E4BEC37, Artemis!89E9899B9041, Artemis!4D681B5C1684, Artemis!824461472DD8, RDN/Generic PUP.x!c2r
10.20%

ESET NOD32
Win32/ClientConnect.A potentially unwanted application, Win32/Toolbar.Conduit.AE potentially unwanted application
6.12%

NANO AntiVirus
Trojan.Win32.ClientConnect.deinfe, Riskware.Win32.Conduit.dbqqxi
6.12%

The domain dde.de.drive-files-b.com has been seen to resolve to the following 78 IP addresses.

104.96.221.139
a104-96-221-139.deploy.static.akamaitechnologies.com
July 25, 2016

104.96.221.107
a104-96-221-107.deploy.static.akamaitechnologies.com
July 22, 2016

104.96.221.83
a104-96-221-83.deploy.static.akamaitechnologies.com
July 22, 2016

209.66.87.35
209.66.87.35.IPYX-073920-004-ZYO.zip.zayo.com
July 18, 2016

209.66.87.32
209.66.87.32.IPYX-073920-004-ZYO.zip.zayo.com
July 18, 2016

208.31.170.10
June 27, 2016

208.31.170.27
June 27, 2016

104.96.220.129
a104-96-220-129.deploy.static.akamaitechnologies.com
June 8, 2016

209.48.37.43
June 8, 2016

209.48.37.99
June 8, 2016

173.205.24.195
June 6, 2016

173.205.24.200
June 6, 2016

104.96.220.160
a104-96-220-160.deploy.static.akamaitechnologies.com
May 18, 2016

104.96.220.136
a104-96-220-136.deploy.static.akamaitechnologies.com
May 18, 2016

198.47.116.33
April 16, 2016

23.3.13.200
a23-3-13-200.deploy.static.akamaitechnologies.com
April 13, 2016

23.3.13.193
a23-3-13-193.deploy.static.akamaitechnologies.com
April 13, 2016

23.3.13.249
a23-3-13-249.deploy.static.akamaitechnologies.com
April 13, 2016

23.3.13.226
a23-3-13-226.deploy.static.akamaitechnologies.com
April 13, 2016

23.3.13.211
a23-3-13-211.deploy.static.akamaitechnologies.com
April 13, 2016

23.3.13.208
a23-3-13-208.deploy.static.akamaitechnologies.com
April 13, 2016

23.3.13.224
a23-3-13-224.deploy.static.akamaitechnologies.com
April 10, 2016

23.3.13.203
a23-3-13-203.deploy.static.akamaitechnologies.com
April 10, 2016

23.3.13.240
a23-3-13-240.deploy.static.akamaitechnologies.com
April 10, 2016

23.0.160.88
a23-0-160-88.deploy.static.akamaitechnologies.com
February 10, 2016

23.0.160.99
a23-0-160-99.deploy.static.akamaitechnologies.com
February 1, 2016

23.0.160.89
a23-0-160-89.deploy.static.akamaitechnologies.com
February 1, 2016

168.143.242.249
February 1, 2016

168.143.242.235
February 1, 2016

23.62.236.35
a23-62-236-35.deploy.static.akamaitechnologies.com
May 4, 2015

 
Showing 30 of 78 IP Addresses

File downloads found at URLs served by dde.de.drive-files-b.com.

1 / 68      (Adware)
http://dde.de.drive-files-b.com//0/203/ct2030500/f38a9c68bda645d1af0be11b1fa5f2e6/Downloads/Prod/DDE1.3.8.9.140410.01_nosign/.../Setup.exe  (setup_tsv3a536j.exe)

2 / 68      (PUP)
http://dde.de.drive-files-b.com//42/616/ct6162342/4dba910fb13948348b246ae81e5da9ab/Downloads/Prod/DDE1.3.8.9.140410.01/.../InstallConverter.exe  (installconverter_tsa23di4u.exe)

2 / 68      (false positives)
http://dde.de.drive-files-b.com//32/805/ct8051332/948d71e82d9147abb6ebd73f8e4fbebe/Downloads/Prod/DDE1.4.0.1_pr.140805.01/.../IncrediMail.exe  (wrar420.exe)

1 / 68      (PUP)
http://dde.de.drive-files-b.com//70/877/ct8775970/ed60b2160e45465e95b8f010fc4bbf58/Downloads/Prod/DDE1.4.0.0.140521.02/.../FlappyBird.exe  (flappybird_tsv18xd2j.exe)

1 / 68      (PUP)
http://dde.de.drive-files-b.com//50/233/ct2336650/27d3b64a29094d8a90c96e437631298f/Downloads/Prod/DDE1.3.8.9.140410.01/.../Garden_Rescue.exe  (garden_rescue_tsv49fbve.exe)

1 / 68      (PUP)
http://dde.de.drive-files-b.com//70/877/ct8775970/ed60b2160e45465e95b8f010fc4bbf58/Downloads/Prod/DDE1.4.0.0.140526.02/.../FlappyBird.exe  (flappybird_tsv29ibwd.exe)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//31/891/ct8916831/5d54ef5bf50742148a02ad8e25b892e3/Downloads/Prod/DDE1.3.9.0.140520.01/.../BeginConvert.exe  (beginconvert_tsv3b7are.exe)

8 / 68      (PUP)
http://dde.de.drive-files-b.com//47/624/ct6241547/0f3d3f84f7044702a28fe752faee7284/Downloads/Prod/DDE1.3.9.0.140511.03/.../SweetPlayer.exe  (sweetplayer_tsv490mdc.exe)

1 / 68      (PUP)
http://dde.de.drive-files-b.com//6/898/ct8984206/570bddd5acd84a28b64650027e6aeedf/Downloads/Prod/SmallStub1.3.8.7.140224.01/.../bs_Active_KillDisk.exe  (b6a21de87230ba1cfb5c45a34247a50b)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//69/241/ct2411669/af00475459ad41c8b3edcdd22dfc3c1b/Downloads/Prod/SmallStub1.3.9.0.140504.01/.../tb_TenchisTV.exe  (7dec3aa6b2c77059721b801837ec46a3)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//20/750/ct7501920/15915f9ddac44514a2fc5abd7208e767/Downloads/Prod/DDE1.3.8.9.140410.01_nosign/.../InstallConverter.exe  (installconverter_tsv39xg3u.exe)

3 / 68      (PUP)
http://dde.de.drive-files-b.com//94/343/ct3439194/f43752e2c78b4b97860b804d7d1c7f84/Downloads/Prod/DDE1.3.9.0.140520.01/.../RealPlayer.exe  (realplayer_tsv3ajali.exe)

1 / 68      (PUP)
http://dde.de.drive-files-b.com//14/850/ct8505714/3779994871fc4526b4852aa09eb4a505/Downloads/Prod/DDE1.3.8.8_FSB.140401.01/.../Hotspot_Shield.exe  (hotspot_shield_tsa131d6n.exe)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//57/970/ct9701157/3e89e2c449e94d118670ba09f89dbbc4/Downloads/Prod/DDE1.4.0.1.140825.01/.../KMPlayer.exe  (kmplayer_tsv61o49e.exe)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//8/116/ct1163008/44fc4fe91d3f48a09ba0a268bfbc9829/Downloads/Prod/DDE1.3.9.0.140520.01/.../ManualSearch.exe  (manualsearch_tsv3cdvva.exe)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//20/750/ct7501920/15915f9ddac44514a2fc5abd7208e767/Downloads/Prod/DDE1.3.9.0.140520.01/.../InstallConverter.exe  (installconverter_tsv2ahkza.exe)

2 / 68      (false positives)
http://dde.de.drive-files-b.com//42/616/ct6162342/4dba910fb13948348b246ae81e5da9ab/Downloads/Prod/DDE1.3.8.9.140410.01/.../InstallConverter.exe  (wrar420.exe)

9 / 68      (Adware)
http://dde.de.drive-files-b.com//20/750/ct7501920/15915f9ddac44514a2fc5abd7208e767/Downloads/Prod/DDE1.3.8.9.140410.01_nosign/.../InstallConverter.exe  (336797dad09f37227333aaf798e956b45844f370e6e6c2cb23c76c9e29ceb6da)

1 / 68      (PUP)
http://dde.de.drive-files-b.com//39/381/ct3811639/a72f6ae4610b4550adac760479f61b8a/Downloads/Prod/DDE1.4.0.1.140825.01/.../IncrediMail.exe  (incredimail_tsa2im8s5.exe)

1 / 68      (PUP)
http://dde.de.drive-files-b.com//28/842/ct8422728/eaac60a5f670413db39af2714a0c547e/Downloads/Prod/DDE1.3.9.0.140520.01/.../Safari.exe  (safari_tsa24dhhb.exe)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//36/610/ct6106536/f92e7ec6bf7742b0a923933c742d68df/Downloads/Prod/DDE1.3.9.0.140520.01/.../Setup.exe  (setup_tsv4bvp4e.exe)

12 / 68    (PUP)
http://dde.de.drive-files-b.com//3/951/ct9517203/f1e403d3932146ef93028446400bacfd/Downloads/Prod/SmallStub1.3.9.0.140504.01/.../nana_Icy_Tower_.exe  (fc4215dd9b658b7298801facb048169e)

7 / 68      (Adware)
http://dde.de.drive-files-b.com//95/774/ct7743495/54ca4fc3a5944b6dbc5933bde33eeca4/Downloads/Prod/DDE1.4.0.1.140812.02/.../BitLordSetup.exe  (47ae62d1e9d3f7432ef286a4c96efd0f)

1 / 68      (PUP)
http://dde.de.drive-files-b.com//59/428/ct4285259/103c41aa75134d89b7bf765633c24392/Downloads/Prod/DDE1.4.0.1.140825.01/.../SweetPlayer.exe  (sweetplayer_tsv51lyp8.exe)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//35/970/ct9701335/d85314ffe3f342109fb551396653fda3/Downloads/Prod/SmallStub1.3.9.0.140504.01/.../bs_iPod_PC_Transfer.exe  (902df734357f3b10a868552cd96ba9f2)

12 / 68    (PUP)
http://dde.de.drive-files-b.com//49/783/ct7838549/2353a982c0ec4441be9797073bac2288/Downloads/Prod/DDE1.3.9.0.140520.01/.../Minecraft.exe  (minecraft_tsv4ca7zh.exe)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//8/283/ct2831508/4adc6d8c650d4e28b6b990d523e858f1/Downloads/Prod/DDE1.3.9.0.140520.01/.../Minecraft.exe  (minecraft_tsv4ces8o.exe)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//49/558/ct5588649/9da9e7647d474d40a0426c64c39643d2/Downloads/Prod/DDE1.3.9.0.140520.01/.../InstallConverter.exe  (installconverter_tsv2abqkj.exe)

1 / 68      (Adware)
http://dde.de.drive-files-b.com//0/203/ct2030500/f38a9c68bda645d1af0be11b1fa5f2e6/Downloads/Prod/DDE1.3.9.0.140520.01/.../Setup.exe  (setup_tsv19t684.exe)

10 / 68    (Adware)
http://dde.de.drive-files-b.com//0/203/ct2030500/f38a9c68bda645d1af0be11b1fa5f2e6/Downloads/Prod/DDE1.3.9.0.140520.01/.../Setup.exe  (e3e4474dad742f63a74629ec3f51c11eb3fcce1d1add43650be909bd1f24d62f)

 
Latest 30 of 370 download URLs

The following 390 files have been seen to comunicate with dde.de.drive-files-b.com in live environments.

TCP » 23.3.13.200:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.3.13.211:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.67.250.99:80
dailywiki.exe

TCP » 23.15.9.11:80
browser.exe (Browser)

TCP » 23.3.13.200:80
GPlayer.exe (by Exent Technologies)

TCP » 104.96.220.129:443
kometa.exe (Kometa by Kometa Authors)

TCP » 184.26.143.184:80
browser.exe (Browser)

TCP » 104.96.220.160:443
beamrise.exe (Beamrise by The Beamrise Authors)

TCP » 23.62.6.162:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 23.3.13.249:80
browser.exe (Browser)

TCP » 104.96.220.129:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.15.9.11:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 104.96.221.83:80
browser.exe (Browser)

TCP » 23.3.13.243:80
apptrailers.exe

TCP » 23.3.13.226:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 104.96.220.129:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 104.96.220.136:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.3.13.243:443
browser.exe (Browser)

TCP » 104.96.220.160:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 104.96.220.160:443
UCBrowser.exe (UC Browser by UCWeb)

 
Latest 20 of 449 files

URL:
http://dde.de.drive-files-b.com/

Web server:
Microsoft-IIS/7.5 (ASP.NET)

perion.com

codefuel.com

guardi.us

fileparade.com

incredibar.com

better-search.net

software-watcher.com

soft-now.com

soft-now.net

databssint.com

spccint.com

drive-files-a.com

drive-files-c.com

stgbssint.com

trovigo.com

guard-search.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.