home

teasoft.co

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain teasoft.co is registered by proxy through GODADDY.COM, INC. and was originally registered in September of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, INC.

Server location:
Arizona, United States (US)

Create date:
Friday, September 5, 2014

Expires date:
Friday, September 4, 2015

Updated date:
Friday, September 5, 2014

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Whois:
1 teasoft.co record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.OOOAlians.R, PUP.installCore.OOOAlians.Installer (M)
100.00%

Dr.Web
Trojan.MulDrop5.38502
50.00%

ESET NOD32
Win32/InstallCore.TU potentially unwanted application
50.00%

VIPRE Antivirus
Threat.4150696
50.00%

Sophos
PUA 'Install Core Click run software'
50.00%

nProtect
Trojan-Clicker/W32.InstallCore.780160
50.00%

Zillya! Antivirus
Adware.InstallCore.Win32.267
50.00%

K7 AntiVirus
Trojan
50.00%

NANO AntiVirus
Riskware.Win32.InstallCore.dfglko
50.00%

Avira AntiVirus
ADWARE/InstallCore.Gen9
50.00%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
50.00%

AVG
Generic
50.00%

ESET NOD32
Win32/InstallCore.QH (variant)
25.00%

Clam AntiVirus
Win.Adware.Installcore-569
25.00%

The domain teasoft.co has been seen to resolve to the following 2 IP addresses.

184.168.221.62
ip-184-168-221-62.ip.secureserver.net
January 14, 2015

207.244.83.45
September 10, 2014

File downloads found at URLs served by teasoft.co.

1 / 68      (Adware)
http://teasoft.co/download.php?site_id=292&app_id=4&lp_id=383&v=ico&dist_id=269&channel=acmnj&cid=28858932161410275579&pubid=172546&c=20a4febe59cb94a853d80a5d31ff8739&v_id=f09139e2be4a53e3efebe9553d4e5b40  (adobe_flash_setup.exe)

12 / 68    (Adware)
http://teasoft.co/download.php?site_id=292&app_id=4&lp_id=383&v=ico&dist_id=269&channel=acmnj&cid=8497212851410267907&pubid=231699&c=20a4febe59cb94a853d80a5d31ff8739&v_id=d8aa6f095a71e4277c569eab7d736006  (adobe_flash_setup.exe)

13 / 68    (Adware)
http://teasoft.co/download.php?site_id=292&app_id=4&lp_id=382&v=ico&dist_id=269&channel=acmnj&cid=11934323321410275552&pubid=307190&c=20a4febe59cb94a853d80a5d31ff8739&v_id=f09139e2be4a53e3efebe9553d4e5b40  (adobe_flash_setup.exe)

2 / 68      (Adware)
http://teasoft.co/download.php?site_id=292&app_id=4&lp_id=382&v=ico&dist_id=269&channel=acmnj&cid=14162892821410271687&pubid=151018&c=20a4febe59cb94a853d80a5d31ff8739&v_id=653675de2a12afbcbd52454ff76d8f41  (adobe_flash_setup.exe)

The following 59 files have been seen to comunicate with teasoft.co in live environments.

TCP » 184.168.221.62:80
18bab385-8633-4236-91b3-c45ad6346b0d-1-7.exe (CinemaP-1.8cV16.03 by Cinema PlusV16.03)

TCP » 184.168.221.62:80
702616c8-167f-46e6-942c-7f87c76f8c90-1-7.exe (Ge-Force by Webar)

TCP » 184.168.221.62:80
d28ee7aa-58af-44de-b0ce-c9db6caf266c-1-7.exe (Ge-Force by Webar)

TCP » 184.168.221.62:80
googleupdate.exe13d7b73 (globalUpdate Update by globalUpdate)

TCP » 184.168.221.62:80
65a290d0-e287-4663-969d-797a2ca0867e-1-7.exe (Sense by Sense+)

TCP » 184.168.221.62:80
04bc7675-6f20-438d-8504-507c1fcc21ab-1-7.exe (Sense by Sense+)

TCP » 184.168.221.62:80
3611885b-7426-4427-8b34-a8074cc3901e-1-7.exe (Ge-Force by Webar)

TCP » 184.168.221.62:80
4ae13859-92aa-4f07-a123-8804bfef6e86-1-7.exe (Ge-Force by Webar)

TCP » 184.168.221.62:80
2846cc36-090b-4510-b3a5-ca756fae0964-1-7.exe (SavePass 1.1 by OB)

TCP » 184.168.221.62:80
1804.exe (SavePass 1.1 by OB)

TCP » 184.168.221.62:80
ca74c945-57a8-411b-bd0b-8f9c7e5fdf7f-10.exe (Cinema Video 1.8V22.03 by Cinema VideoV22.03)

TCP » 184.168.221.62:80
ContentFinder.exe (ContentFinder by DigitalSoftware Group)

TCP » 184.168.221.62:80
online-guardian-v2.0.9.exe

TCP » 184.168.221.62:80
0eefa065-0bc3-4fe4-a5a3-572748d93922-7.exe (Sense by Sense+)

TCP » 184.168.221.62:80
130cc12a-73e0-4f4b-b7da-5ba0e7d6d037-11.exe (I - Cinema by iCinema)

TCP » 184.168.221.62:80
130cc12a-73e0-4f4b-b7da-5ba0e7d6d037-10.exe (I - Cinema by iCinema)

TCP » 184.168.221.62:80
6db1c134-6dbd-4f5e-b985-ae8cc9f8da4d-10.exe (App Lid by Lid)

TCP » 184.168.221.62:80
4dcf231e-038d-4a74-b1b7-f6aa9854b83b-10.exe (App Lid by Lid)

TCP » 184.168.221.62:80
f1142521-fea3-4e38-98be-8ba5e5ea5c30-10.exe (CinemaP-1.8cV18.03 by Cinema PlusV18.03)

TCP » 184.168.221.62:80
b3069ac7-6beb-4131-bb03-ea8eb054d38b-1-7.exe (Ge-Force by Webar)

 
Latest 20 of 62 files

URL:
http://teasoft.co/

Title:
“TeaSoft - Free Software Downloads”

Description:
“Download free software. Safe and 100% virus-free. Software downloads, tutorials, and much more. The website created to help you enjoy the best software.”

Web server:
nginx/1.2.1 (PHP/5.4.4-14+deb7u12)

1clickmoviedownloader.info

almuseo.com

basicrun.info

blue9876.info

downserver6.com

easternuser.info

entouragelab.info

ex-soft.net

file3desktop.com

fluff1210.info

goeren.info

grininstall.com

how-to-remove.net

imagesys.info

limelinx.com

nappee.info

net-peak.com

newplaynow.com

officersgotoprod.com

patriotcom.info

soft74.co

sureinstall.com

swangotoprod.com

vm95.net

sandisoft.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.