downloads.updatersoft.com

Air Software  (via a Proxy Registrant)

Domain Information

The domain downloads.updatersoft.com is registered by proxy through ENOM, INC. and was originally registered in August of 2013. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network. The domain is associated with the publisher Air Software who is located in Victoria, British Columbia in Canada.
Remove Malware from downloads.updatersoft.com - Powered by Reason Core Security
Registrar:
ENOM, INC.

Server location:
New York, United States (US)

Create date:
Tuesday, August 06, 2013

Expires date:
Saturday, August 06, 2016

Updated date:
Tuesday, July 14, 2015

ASN:
AS14061 DIGITALOCEAN-ASN - Digital Ocean, Inc.

Root domain:

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

avast!
Win32:Malware-gen, Win32:GenMaliciousA-HZM [Trj], Win32:Adware-gen [Adw], Win32:Installer-L [PUP], Win32:PUP-gen [PUP], Hoblig [Heur]
100.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696, Iminent, Threat.4784938, Threat.4848734, Threat.5061940
100.00%

Reason Heuristics
PUP.Installer.NetworkDownloads.T, PUP.Installer.HudsonExchangeGroup, PUP.Air Software.AirSoftware.Bundler (M), PUP.Air Software.InstallerSetup.Installer (M), PUP.Adknowledge.InstallManager.Installer (M)
100.00%

Dr.Web
Trojan.DownLoader11.48581, Trojan.SMSSend.4953, Adware.Downware.2035, Trojan.SMSSend.4723, Trojan.SMSSend.5245, Trojan.SMSSend.4790
97.83%

AVG
Networkd, InstallCore, Generic_r, Adware Generic_r, Adware InstallCore, Potentially harmful program Downloader, Win.Threat.Medium
97.83%

K7 Gateway Antivirus
Adware , Unwanted-Program
97.83%

K7 AntiVirus
Adware , Unwanted-Program
97.83%

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF, PE:PUF.Airinstall!1.9C4C, PE:Trojan.Win32.SpeedingUpMyPC.a!1075357520
97.83%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, AdWare.AirAdInstaller, AdWare.AirAdInstaller.ajov
95.65%

Malwarebytes
PUP.Optional.AirAdInstaller, PUP.Optional.AirInstaller, PUP.Optional.Bundle
95.65%

IKARUS anti.virus
Win32.SuspectCrc, Win32.Malware, Trojan-Spy.Zbot, Win32.AdWare, PUA.DownloadAssistant, PUA.AirAdInstaller, not-a-virus:AdWare.AirAdInstaller
95.65%

NANO AntiVirus
Riskware.Win32.AirAdInstaller.cwbyev, Riskware.Win32.AirAdInstaller.cwbkcs, Riskware.Win32.AirAdInstaller.cwblbu, Riskware.Win32.AirAdInstaller.cwbkkg
95.65%

AhnLab V3 Security
PUP/Win32.Agent, PUP/Win32.AirAdInstaller, PUP/Win32.InstallCore, PUP/Win32.Installer
93.48%

Agnitum Outpost
PUA.AirAdInstaller
93.48%

Sophos
AirInstaller, PUA 'AirInstaller'
93.48%

The domain downloads.updatersoft.com has been seen to resolve to the following 10 IP addresses.

static-ip-62-75-207-166.inaddr.ip-pool.com
January 31, 2016

justice.airinstaller.com
June 9, 2014

uswestmeganode1.airinstaller.com
May 23, 2014

50.23.68.85-static.reverse.softlayer.com
April 23, 2014

173.192.195.226-static.reverse.softlayer.com
April 20, 2014

empire.airinstaller.com
April 14, 2014

chicago.airinstaller.com
April 4, 2014

108.168.218.35-static.reverse.softlayer.com
February 20, 2014

173.192.195.228-static.reverse.softlayer.com
February 7, 2014

108.168.218.34-static.reverse.softlayer.com
November 26, 2013

File downloads found at URLs served by downloads.updatersoft.com.

 
Latest 30 of 230 download URLs

The following 2 files have been seen to comunicate with downloads.updatersoft.com in live environments.

URL:
http://downloads.updatersoft.com/

Web server:
nginx/1.0.15

Remove Malware from downloads.updatersoft.com - Powered by Reason Core Security