The domain files.installs.co is registered by proxy through GODADDY.COM, INC. and was originally registered in November of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network.
New York, United States (US)
Tuesday, November 05, 2013
Friday, November 04, 2016
Tuesday, December 22, 2015
AS46652 SERVERSTACK-ASN - ServerStack, Inc.
Detections (100% detected)
DownloadManager.AirSoftware.U, DownloadManager.AirSoftware.N, DownloadManager.AirSoftware.T, DownloadManager.AirSoftware.E, DownloadManager.AirSoftware.F, DownloadManager.AirSoftware.M, PUP.Installer.InstallManager.Y, DownloadManager.AirSoftware.J, DownloadManager.AirSoftware.R, DownloadManager.Bundler.Air Software, PUP.Air Software.AirSoftware.Bundler (M), PUP.Adknowledge.InstallManager.Installer (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Adknowledge.InstallM.Installer (M), PUP.Air Software (M)
Trojan.SMSSend.5041, Trojan.SMSSend.5095, Trojan.SMSSend.5121, Trojan.SMSSend.5270, Trojan.SMSSend.5289, Adware.Downware.2035
Iminent, Threat.4784938, Threat.4150696, Threat.4665102
ADWARE/Adware.Gen, Adware/AirAdInstaller.aldw.4, APPL/AirInstaller.97366, TR/Rogue.11466095, Adware/AgentCV.A.15058, ADWARE/Adware.Gen7
Win32/AirAdInstaller.A potentially unwanted application
Win32.SuspectCrc, PUA.AirAdInstaller, Win32.AdWare, AdWare.AirAdInstaller, not-a-virus:AdWare.AirAdInstaller, AdWare.Airinstall
Skodna.Downloader.CX, Airsoftware, Adware Generic5, Generic_r, Adware Generic_r.JB, Adware BundleApp, Adware BundleApp_r
Unwanted-Program , Adware
K7 Gateway Antivirus
Win32:Adware-gen [Adw], Win32:Installer-L [PUP], PUP-gen [PUP], Win32:Adware-BZI [PUP], Win32:Adware-CAH [PUP]
The domain files.installs.co has been seen to resolve to the following 10 IP addresses.
December 16, 2015
December 16, 2015
April 17, 2015
August 10, 2014
July 23, 2014
June 5, 2014
May 31, 2014
May 21, 2014
File downloads found at URLs served by files.installs.co.
The following 6 files have been seen to comunicate with files.installs.co in live environments.
“Air Installer ™”
“installs.co - domain expired”