home

www.osdsoft.com

OSDSoft Ltd.

Domain Information

The domain www.osdsoft.com registered by OSDSoft Ltd. was initially registered in April of 2011 through GODADDY.COM, LLC. Currently this domain has been known to host various forms of malware. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Friday, April 1, 2011

Expires date:
Friday, April 1, 2016

Updated date:
Friday, November 6, 2015

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Root domain:
osdsoft.com

Whois:
1 osdsoft.com record

Google Safe Browsing:
unwanted

Scanner detections:
Malware distribution  (86% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Amonetize.DEPROEKT.Bundler (M), Threat.Win.Reputation.IMP, Adware.Downloader.Meta (M), Trojan.Downloader.Adload, Adware.Generic.AT (M), PUP.DefenseM (M), Trojan.Downloader.AdLoad.Meta (M)
75.56%

avast!
Win32:Dropper-gen [Drp], Win32:Evo-gen [Susp], Win32:Adware-gen [Adw]
28.89%

ESET NOD32
Win32/Adware.OxyPumper.K application, Win32/TrojanDownloader.Adload.NPQ trojan, Win32/TrojanDownloader.Adload.NQS trojan, Win32/TrojanDownloader.Adload.NQZ trojan, Win32/TrojanDownloader.Adload.NRO trojan
24.44%

Norman
Gen:Variant.Adware.Graftor.266465, Gen:Variant.Mikey.31545, Gen:Variant.Zusy.184778, Gen:Variant.Kazy.326822, Gen:Variant.Mikey.35696
24.44%

Emsisoft Anti-Malware
Trojan.GenericKD.2663156, Gen:Variant.Graftor.258672, Gen:Variant.Adware.Graftor.266465, Gen:Variant.Kazy.326822, Gen:Variant.Razy.59526
17.78%

F-Secure
Application:W32/Generic.70053c248f!Online, Variant.Zusy.184778, Variant.Kazy.326822, Variant.Mikey.35696, Variant.Razy.59526
13.33%

Kaspersky
not-a-virus:AdWare.Win32.Amonetize, not-a-virus:HEUR:AdWare.Win32.Generic, not-a-virus:HEUR:AdWare.Win32.Amonetize
13.33%

Dr.Web
Trojan.Amonetize.4075, Trojan.DownLoader20.6176, Detection.Undefined, Trojan.DownLoader21.56564
11.11%

Arcabit
PUP.Adware.Amonetize.eak, Trojan.Generic.D28A2F4, Trojan.Graftor.D3F270, Trojan.Razy.DE886
8.89%

Avira AntiVirus
ADWARE/Amonetize.kpb, TR/Dldr.Adload.224768, ADWARE/PennyBee.Gen7, ADWARE/Adware.Gen7
8.89%

AVG
Generic, Win32/DH
6.67%

MicroWorld eScan
Trojan.GenericKD.2663156, Gen:Variant.Graftor.258672, Gen:Variant.Razy.59526
6.67%

Bitdefender
Trojan.GenericKD.2663156, Gen:Variant.Graftor.258672, Gen:Variant.Razy.59526
6.67%

Lavasoft Ad-Aware
Trojan.GenericKD.2663156, Gen:Variant.Graftor.258672, Gen:Variant.Razy.59526
6.67%

F-Secure
Trojan.GenericKD.2663156, Gen:Variant.Graftor.258672, Gen:Variant.Razy.59526
6.67%

The domain www.osdsoft.com has been seen to resolve to the following 4 IP addresses.

184.168.221.87
ip-184-168-221-87.ip.secureserver.net
April 6, 2016

104.31.73.139
February 1, 2016

104.31.72.139
February 1, 2016

54.148.148.252
ec2-54-148-148-252.us-west-2.compute.amazonaws.com
January 4, 2016

File downloads found at URLs served by www.osdsoft.com.

1 / 68      (Malware)
http://www.osdsoft.com/.../IconRunner.exe  (b50e.tmp.exe)

14 / 68    (PUP)
http://www.osdsoft.com/.../WindowsUpdater.exe  (579d.tmp)

4 / 68      (PUP)
http://www.osdsoft.com/.../WindowsUpdater.exe  (b9be.tmp.exe)

12 / 68    (Adware)
http://www.osdsoft.com/.../WindowsUpdateKB12695__7428_il58163.exe  (tweaking com pro serial key 20 downloader__3687_i1586022216.exe)

3 / 68      (Malware)
http://www.osdsoft.com/.../WindowsUpdater3.exe  (6345.tmp.exe)

4 / 68      (PUP)
http://www.osdsoft.com/.../WindowsUpdater2.exe  (99af.tmp.exe)

The following 31 files have been seen to comunicate with www.osdsoft.com in live environments.

TCP » 54.148.148.252:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.148.148.252:80
UCBrowser.exe (by UCWeb)

TCP » 54.148.148.252:80
setup__2140_il2.exe

TCP » 54.148.148.252:80
UCBrowser.exe (by UCWeb)

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
UCBrowser.exe (by UCWeb)

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
microsoftupdater.exe

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
setup__20877.exe

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

TCP » 54.148.148.252:80
windowsupdatekb12695__7428_il1.exe

 
Latest 20 of 38 files

URL:
http://www.osdsoft.com/

SSL certificate subject:
CN=sni207370.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx

Facebook:
Likes:  1
Shares:  1

Statistics are for the previous month.

creative-scape.com

filekits.com

playmediasite.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.