files.installs.co

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain files.installs.co is registered by proxy through GODADDY.COM, INC. and was originally registered in November of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network.
Remove Malware from files.installs.co - Powered by Reason Core Security
Registrar:
GODADDY.COM, INC.

Server location:
New York, United States (US)

Create date:
Tuesday, November 05, 2013

Expires date:
Friday, November 04, 2016

Updated date:
Tuesday, December 22, 2015

ASN:
AS46652 SERVERSTACK-ASN - ServerStack, Inc.

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
DownloadManager.AirSoftware.U, DownloadManager.AirSoftware.N, DownloadManager.AirSoftware.T, DownloadManager.AirSoftware.E, DownloadManager.AirSoftware.F, DownloadManager.AirSoftware.M, PUP.Installer.InstallManager.Y, DownloadManager.AirSoftware.J, DownloadManager.AirSoftware.R, DownloadManager.Bundler.Air Software, PUP.Air Software.AirSoftware.Bundler (M), PUP.Adknowledge.InstallManager.Installer (M)
100.00%

Malwarebytes
PUP.Optional.AirAdInstaller, PUP.Optional.AirInstaller
84.21%

Dr.Web
Trojan.SMSSend.5041, Trojan.SMSSend.5095, Trojan.SMSSend.5121, Trojan.SMSSend.5270, Trojan.SMSSend.5289, Adware.Downware.2035
84.21%

VIPRE Antivirus
Iminent, Threat.4784938, Threat.4150696, Threat.4665102
84.21%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
84.21%

Sophos
AirInstaller, PUA.AirInstaller
78.95%

Avira AntiVirus
ADWARE/Adware.Gen, Adware/AirAdInstaller.aldw.4, APPL/AirInstaller.97366, TR/Rogue.11466095, Adware/AgentCV.A.15058
73.68%

ESET NOD32
Win32/AirAdInstaller.A potentially unwanted application
73.68%

IKARUS anti.virus
Win32.SuspectCrc, PUA.AirAdInstaller, Win32.AdWare, AdWare.AirAdInstaller, not-a-virus:AdWare.AirAdInstaller
73.68%

AVG
Skodna.Downloader.CX, Airsoftware, Adware Generic5, Generic_r, Adware Generic_r.JB, Adware BundleApp, Adware BundleApp_r
73.68%

Agnitum Outpost
PUA.AirAdInstaller, Trojan.SMSSend
68.42%

Panda Antivirus
Trj/Genetic.gen, Adware/AirInstaller
68.42%

K7 AntiVirus
Unwanted-Program
63.16%

K7 Gateway Antivirus
Unwanted-Program
63.16%

avast!
Win32:Adware-gen [Adw], Win32:Installer-L [PUP], PUP-gen [PUP], Win32:Adware-BZI [PUP], Win32:Adware-CAH [PUP]
57.89%

The domain files.installs.co has been seen to resolve to the following 9 IP addresses.

December 23, 2015

ec2-52-20-30-71.compute-1.amazonaws.com
December 16, 2015

ec2-54-165-103-1.compute-1.amazonaws.com
December 16, 2015

108.168.218.35-static.reverse.softlayer.com
April 17, 2015

173.192.195.226-static.reverse.softlayer.com
August 10, 2014

justice.airinstaller.com
July 23, 2014

173.192.195.228-static.reverse.softlayer.com
June 5, 2014

empire.airinstaller.com
May 31, 2014

chicago.airinstaller.com
May 21, 2014

File downloads found at URLs served by files.installs.co.

The following 2 files have been seen to comunicate with files.installs.co in live environments.

URL:
http://files.installs.co/

Title:
“installs.co”

Title (5/21/2014):
“Air Installer ™”

Title (11/10/2014):
“installs.co - domain expired”

Web server:
Apache

Remove Malware from files.installs.co - Powered by Reason Core Security