home

landesk-admin.okta.com

Okta, Inc.

Domain Information

The domain landesk-admin.okta.com registered by Okta, Inc. was initially registered in June of 2004 through NAME.COM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
NAME.COM, INC.

Server location:
Virginia, United States (US)

Create date:
Friday, June 11, 2004

Expires date:
Sunday, June 11, 2023

Updated date:
Friday, June 6, 2014

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
okta.com

Whois:
1 okta.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

F-Prot
W32/InstallRex.B
100.00%

Agnitum Outpost
PUA.TDownloader.A
100.00%

Comodo Security
Application.Win32.InstalleRex.KG
100.00%

Vba32 AntiVirus
AdWare.Agent
100.00%

Reason Heuristics
PUP.Installer.Okta.Installer.Meta (M)
100.00%

Bkav FE
W32.FamVT.AntiFWK.Trojan
50.00%

McAfee
Artemis!D29BA93B26A3
50.00%

Rising Antivirus
PE:PUF.InstallRex!1.9E4C[F1]
50.00%

The domain landesk-admin.okta.com has been seen to resolve to the following 16 IP addresses.

54.197.192.170
ec2-54-197-192-170.compute-1.amazonaws.com
October 13, 2015

54.197.192.169
ec2-54-197-192-169.compute-1.amazonaws.com
October 13, 2015

54.197.192.168
ec2-54-197-192-168.compute-1.amazonaws.com
October 13, 2015

54.197.192.167
ec2-54-197-192-167.compute-1.amazonaws.com
October 13, 2015

54.197.192.166
ec2-54-197-192-166.compute-1.amazonaws.com
October 13, 2015

54.197.192.165
ec2-54-197-192-165.compute-1.amazonaws.com
October 13, 2015

54.197.192.164
ec2-54-197-192-164.compute-1.amazonaws.com
October 13, 2015

54.197.192.171
ec2-54-197-192-171.compute-1.amazonaws.com
October 13, 2015

54.197.192.179
ec2-54-197-192-179.compute-1.amazonaws.com
September 17, 2015

54.197.192.178
ec2-54-197-192-178.compute-1.amazonaws.com
September 17, 2015

54.197.192.177
ec2-54-197-192-177.compute-1.amazonaws.com
September 17, 2015

54.197.192.176
ec2-54-197-192-176.compute-1.amazonaws.com
September 17, 2015

54.197.192.175
ec2-54-197-192-175.compute-1.amazonaws.com
September 17, 2015

54.197.192.174
ec2-54-197-192-174.compute-1.amazonaws.com
September 17, 2015

54.197.192.173
ec2-54-197-192-173.compute-1.amazonaws.com
September 17, 2015

54.197.192.172
ec2-54-197-192-172.compute-1.amazonaws.com
September 17, 2015

File downloads found at URLs served by landesk-admin.okta.com.

5 / 68      (PUP)
https://landesk-admin.okta.com/static/.../OktaADAgentSetup-3.2.1.exe  (9c5f2110b22b89804a18ad27bfc40091)

8 / 68      (PUP)
https://landesk-admin.okta.com/static/.../OktaLDAPAgentSetup.exe  (d29ba93b26a3d344fe9e327ebf0d89b2)

The following file have been seen to comunicate with landesk-admin.okta.com in live environments.

TCP » 54.197.192.165:443
browser.exe (Browser)

URL:
http://landesk-admin.okta.com/

Title:
“LANDesk Software - Sign In”

Network:
Amazon Web Services (AWS), running an EC2 instance

SSL certificate subject:
CN=*.okta.com, O="Okta, Inc.", L=San Francisco, S=California, C=US

SSL certificate issuer:
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Web server:
nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.