The domain opendownloadmanager.com registered by GlobalDnsProvider.com Inc was initially registered in February of 2013 through TLDS, LLC DBA SRSPLUS. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Los Angeles, California within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
TLDS, LLC DBA SRSPLUS
California, United States (US)
Sunday, February 17, 2013
Wednesday, February 17, 2016
Thursday, February 19, 2015
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US
Detections (91% detected)
PUP.Installer.INSTALLERTECHNOLOGYCO.J, PUP.Installer.INSTALLERTECHNOLOGYCO.M, PUP.INSTALLERTECHNOLOGYCO.c, PUP.Installer.InstallerTechCorp.J, PUP.Installer.HudsonExchangeGroup, PUP.HudsonExchangeGroup.Installer (M), PUP.TrafficSpace.Installer (M), PUP.DisplayTimeSoftware.Installer (M), PUP.INSTALLERTECHNOLOGYCO.Installer (M)
NS:PUF.SilenceInstaller!1.9DDF, NS:Malware.Install!1.9F62, NS:PUF.SilenceInstaller!1.9DDF [F]
Win32.Sector.21, Adware.Downware.3736, Adware.Downware.2266, Adware.Downware.2185, Adware.Downware.10994, Adware.Downware.11268, Adware.Downware.1441
InstallerTech, Trojan.Win32.Generic.pak!cobra, Threat.4786240, Marketscore.RelevantKnowledge
Trend Micro House Call
TROJ_GEN.F47V0322, TROJ_GEN.F47V0522, TROJ_GEN.F47V0103, TROJ_GEN.F47V1215, TROJ_GEN.F47V0104, TROJ_GEN.F47V0316, Suspicious_GEN.F47V0119, Suspici.39360A4E
McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-PKR.G, BehavesLike.Win32.Suspicious.gc, BehavesLike.Win32.Suspicious.dc, BehavesLike.Win32.AdwareSweet.gc
Artemis!8E3B7A216408, Artemis!7A0DCE8E0E2C, Artemis!FB211B415368, Trojan.Artemis!DAB4D5AFDC3F, Artemis!2B4A0BE970A4, Artemis!8A9A9E676D64
Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen, HEUR/QVM21.1.Malware.Gen, HEUR/QVM42.1.Malware.Gen
PUA.Conduit.SearchProtect, PUA.RiskWare.Historychecker, PUA.RiskWare.Avdetector
Win32/Packed.VMDetector.N potentially unwanted, Win32/Conduit.SearchProtect, Win32/Adware.OpenSUpdater, Generik.HJDEJTI potentially unwanted (variant)
suspected of Trojan.Downloader.gen.h
The domain opendownloadmanager.com has been seen to resolve to the following 21 IP addresses.
File downloads found at URLs served by opendownloadmanager.com.
“Open Download Manager”
SSL certificate subject:
CN=ssl347200.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Statistics above are for the previous month of January 2017.