home

urlserve.blob.core.windows.net

Microsoft Corporation

Domain Information

The domain urlserve.blob.core.windows.net registered by Microsoft Corporation was initially registered in August of 1995 through MARKMONITOR INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Redmond, Washington within the United States which resides on the Microsoft Corporation network.
Registrar:
MARKMONITOR INC.

Server location:
Washington, United States (US)

Create date:
Thursday, August 10, 1995

Expires date:
Saturday, June 4, 2016

Updated date:
Wednesday, October 8, 2014

ASN:
AS8075 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation,US

Root domain:
windows.net

Whois:
1 windows.net record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.TrafficSpace, PUP.TrafficSpace.Installer (M)
100.00%

Dr.Web
Adware.Downware.9973, Adware.Downware.10994
83.33%

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF, NS:PUF.SilenceInstaller!1.9DDF[F1]
83.33%

Qihoo 360 Security
HEUR/QVM40.1.Malware.Gen, HEUR/QVM42.0.Malware.Gen, HEUR/QVM42.1.Malware.Gen
75.00%

VIPRE Antivirus
Trojan.Win32.Generic, InstallerTech
75.00%

Bkav FE
W32.HfsAdware
66.67%

Trend Micro House Call
Suspicious_GEN.F47V0306, Suspicious_GEN.F47V0530, Suspicious_GEN.F47V0613, Suspicious_GEN.F47V0610
58.33%

AVG
Generic
58.33%

McAfee
Artemis!BDB0F4C8C9D6, Artemis!E7B2EE380304, Artemis!A9B8B0437590, Artemis!E665F978ACFD, Artemis!1A0309D47AD5
50.00%

avast!
Win32:Dropper-gen [Drp], Win32:Adware-gen [Adw], Win32:Malware-gen
41.67%

Avira AntiVirus
TR/Rogue.435416, TR/Changeling.A.59
41.67%

herdProtect (fuzzy)
a variant of f8597959fb0e6650c3b614542d0a7fbc58338a06, a variant of e2a62c6292634bdf481c721c9b6606f69943fed9
16.67%

MicroWorld eScan
Trojan.GenericKD.2206573
8.33%

nProtect
Trojan.GenericKD.2206573
8.33%

Bitdefender
Trojan.GenericKD.2206573
8.33%

The domain urlserve.blob.core.windows.net has been seen to resolve to the following IP address.

104.208.128.24
blob.bn4prdstr01a.store.core.windows.net
May 5, 2015

File downloads found at URLs served by urlserve.blob.core.windows.net.

1 / 68      (Adware)
https://urlserve.blob.core.windows.net/.../SetupODM.exe  (895c281b69f9afcb06aff9f433686e50)

1 / 68      (Adware)
http://urlserve.blob.core.windows.net/.../osuSetup.exe  (opensoftwareupdates.exe)

11 / 68    (Adware)
https://urlserve.blob.core.windows.net/.../SetupODM.exe  (5789f33ffdd3894669cece30776b61cc)

11 / 68    (Adware)
https://urlserve.blob.core.windows.net/.../SetupODM.exe  (e7b2ee380304ebd7e08dbf5535a2daba)

9 / 68      (Adware)
http://urlserve.blob.core.windows.net/.../SetupODM.exe  (1a0309d47ad5226f1041cebd1d876bba)

7 / 68      (Adware)
https://urlserve.blob.core.windows.net/.../SetupODM.exe  (ddb4dba015333b1b270b9a802e868d3d)

11 / 68    (Adware)
https://urlserve.blob.core.windows.net/.../SetupODM.exe  (33220aebfe50f2b9ec085d567023db1f)

9 / 68      (Adware)
https://urlserve.blob.core.windows.net/.../SetupODM.exe  (setup_odm.exe)

9 / 68      (Adware)
https://urlserve.blob.core.windows.net/.../SetupODM.exe  (7a4cefe0f50215e9e2d0b890b6a83407)

6 / 68      (Adware)
https://urlserve.blob.core.windows.net/.../SetupODM.exe  (setup_odm.exe)

5 / 68      (Adware)
https://urlserve.blob.core.windows.net/.../Setup.exe  (533fcd5fa118947af6aae37957551600)

19 / 68    (Adware)
https://urlserve.blob.core.windows.net/.../Setup.exe  (bdb0f4c8c9d6d0ad291f4599fdf4fbfb)

URL:
http://urlserve.blob.core.windows.net/

SSL certificate subject:
CN=*.blob.core.windows.net

SSL certificate issuer:
CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Web server:
Microsoft-HTTPAPI/2.0

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.