home

www.dexpot.de

Domain Information

Server location:
Berlin, Germany (DE)

Root domain:
dexpot.de

Scanner detections:
Detections  (67% detected)

Scan engine
Details
Detections

Malwarebytes
PUP.Optional.OpenCandy, PUP.Optional.OpenCandy.A
82.35%

ESET NOD32
Win32/OpenCandy, Win32/OpenCandy (variant), Win32/OpenCandy.C potentially unsafe (variant), Win32/OpenCandy.A potentially unsafe (variant)
82.35%

Fortinet FortiGate
Adware/OpenCandy, Riskware/OpenCandy
64.71%

Trend Micro House Call
ADW_OPENCANDY, TROJ_GEN.F47V0106, TROJ_GEN.F47V0401, TROJ_GE.34764AD7, TROJ_GEN.F47V0609, Suspicious_GEN.F47V0722, Suspici.1E48FE7A
58.82%

Dr.Web
Adware.OpenCandy.4, Adware.OpenCandy.39, Adware.OpenCandy.55, Adware.OpenCandy.147, Adware.OpenCandy.183
52.94%

McAfee
Adware-OpenCandy!8A85F5AD22C6, Adware-OpenCandy!2FF7EB50E7B6, Adware-OpenCandy!7A33F3343630, Artemis!5DA7E98522BC, Artemis!C9709047D4A4, Program.Adware-OpenCandy
47.06%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
41.18%

Agnitum Outpost
Riskware.OpenCandy, Riskware.Agent
29.41%

IKARUS anti.virus
PUA.OpenCandy, PUA.SpeedingUpMyPC
23.53%

Bkav FE
W32.Clod3ad.Trojan, W32.Clodef1.Trojan, W32.Clod944.Trojan
17.65%

G Data
Win32.Adware.OpenCandy, Win32.Application.OpenCandy
17.65%

Reason Heuristics
PUP.OpenCandy.Installer (L), Threat.Win.Reputation.IMP
17.65%

avast!
Win32:Adware-gen [Adw]
17.65%

Baidu Antivirus
Adware.Win32.OpenCandy
17.65%

Clam AntiVirus
Win.Adware.Agent-59160
11.76%

The domain www.dexpot.de has been seen to resolve to the following 3 IP addresses.

81.169.145.77
w0d.rzone.de
April 6, 2016

46.226.115.54
54.115.226.46.in-addr.arpa
February 2, 2016

78.138.89.14
srv17.sysproserver.de
December 28, 2013

File downloads found at URLs served by www.dexpot.de.

1 / 68
http://www.dexpot.de/download/.../VWInterpreter.exe  (f6abb516395ce1585eb50abf4f879869)

0 / 68
http://www.dexpot.de/download/.../Raindexer.exe  (b323f47158986457bae36c8d0a27d0b1)

0 / 68
http://www.dexpot.de/.../dexclock_13_r39.exe  (15e066a1a0a5591a7d40b02f5cc14bac)

1 / 68
http://www.dexpot.de/.../dexpot_1518_r2098.exe  (dexpot_1518_r2098_pro.exe)

0 / 68
http://www.dexpot.de/.../dexpot_1614_r2439.exe  (785cbaedb62178cb23b6cb1c25891c16)

13 / 68    (false positives)
http://www.dexpot.de/.../dexpot_1614_r2439.exe  (cdef20b8003cb3e1d1bd564e8ff696c2)

6 / 68      (PUP)
http://www.dexpot.de/.../dexpot_168_r2266.exe  (dexpot_1614_r2439.exe)

13 / 68    (PUP)
http://www.dexpot.de/.../dexpot_1614_r2439.exe  (5c3b730140c558bfe002979833632dca)

1 / 68      (Malware)
http://www.dexpot.de/.../dexpot_1614_r2439.exe  (9db39cc41e112946269a0379fa780035)

0 / 68
http://www.dexpot.de/download/.../VWInterpreter.exe  (cbf28c17ba4b05f0d0da3e509cc88399)

6 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1614_r2439.exe  (b81a9c89ec57e20176ad3d8410fc400e)

8 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1614_r2439.exe  (77d59e8affcdc1355883da895cd32b35)

7 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1614_r2439.exe  (c9709047d4a4428ceee63355f95dd09a)

3 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1614_r2439.exe  (5e397fec87ab6404be7a03e6e27891e3)

8 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1610_r2373.exe  (7a33f3343630bdf24e7b1de4c480bf85)

4 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1613_r2429.exe  (5da7e98522bc0672748c9eecd4421428)

7 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1613_r2429.exe  (dexpot.exe)

6 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1612_r2416.exe  (dexpot 1.6.12 build 2416free-20 различных виртуальных рабочих столов.exe)

7 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1611_r2394.exe  (5d8a21d4a2b379a37a695e8330b71b98)

5 / 68      (PUP)
http://www.dexpot.de/.../dexpot_167_r2249.exe  (dexpot_169_r2285.exe)

4 / 68      (PUP)
http://www.dexpot.de/.../dexpot_165_r2207.exe  (f880f07990dd0c74379d0266064af3b9)

8 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1510_r1579.exe  (dexpot_1610_r2373.exe)

5 / 68      (PUP)
http://www.dexpot.de/.../dexpot_169_r2285.exe  (2ff7eb50e7b64da394247a334ff90550)

8 / 68      (PUP)
http://www.dexpot.de/.../dexpot_1610_r2373.exe  (8a85f5ad22c6b4d9246a17ea0ba2b19b)

The following 8 files have been seen to comunicate with www.dexpot.de in live environments.

TCP » 81.169.145.77:80
browser.exe (speed browser by Smart Applications)

TCP » 81.169.145.77:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 81.169.145.77:80
online-guardian-v2.0.9.exe

TCP » 81.169.145.77:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 81.169.145.77:80
jingling.exe

TCP » 81.169.145.77:80
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 81.169.145.77:80
onlineguardian-v2.exe

TCP » 81.169.145.77:80
jingling.exe

alldup.de

aquad.de

bewek.de

familybookcreator.com

friedrich-datentechnik.de

getfoldersize.de

hazardx.com

siraudiotools.com

tagtraum.com

ukrebs-software.de

wtcdehellen.nl

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.