files.installs.co

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain files.installs.co is registered by proxy through GODADDY.COM, INC. and was originally registered in November of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network.
Registrar:
GODADDY.COM, INC.

Server location:
New York, United States (US)

Create date:
Tuesday, November 05, 2013

Expires date:
Friday, November 04, 2016

Updated date:
Tuesday, December 22, 2015

ASN:
AS46652 SERVERSTACK-ASN - ServerStack, Inc.

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
DownloadManager.AirSoftware.U, DownloadManager.AirSoftware.N, DownloadManager.AirSoftware.T, DownloadManager.AirSoftware.E, DownloadManager.AirSoftware.F, DownloadManager.AirSoftware.M, PUP.Installer.InstallManager.Y, DownloadManager.AirSoftware.J, DownloadManager.AirSoftware.R, DownloadManager.Bundler.Air Software, PUP.Air Software.AirSoftware.Bundler (M), PUP.Adknowledge.InstallManager.Installer (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Adknowledge.InstallM.Installer (M), PUP.Air Software (M)
100.00%

Malwarebytes
PUP.Optional.AirAdInstaller, PUP.Optional.AirInstaller
53.13%

Dr.Web
Trojan.SMSSend.5041, Trojan.SMSSend.5095, Trojan.SMSSend.5121, Trojan.SMSSend.5270, Trojan.SMSSend.5289, Adware.Downware.2035
53.13%

VIPRE Antivirus
Iminent, Threat.4784938, Threat.4150696, Threat.4665102
53.13%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
53.13%

Sophos
AirInstaller, PUA.AirInstaller
50.00%

Avira AntiVirus
ADWARE/Adware.Gen, Adware/AirAdInstaller.aldw.4, APPL/AirInstaller.97366, TR/Rogue.11466095, Adware/AgentCV.A.15058, ADWARE/Adware.Gen7
46.88%

ESET NOD32
Win32/AirAdInstaller.A potentially unwanted application
46.88%

IKARUS anti.virus
Win32.SuspectCrc, PUA.AirAdInstaller, Win32.AdWare, AdWare.AirAdInstaller, not-a-virus:AdWare.AirAdInstaller, AdWare.Airinstall
46.88%

AVG
Skodna.Downloader.CX, Airsoftware, Adware Generic5, Generic_r, Adware Generic_r.JB, Adware BundleApp, Adware BundleApp_r
46.88%

Agnitum Outpost
PUA.AirAdInstaller, Trojan.SMSSend
43.75%

Panda Antivirus
Trj/Genetic.gen, Adware/AirInstaller
43.75%

K7 AntiVirus
Unwanted-Program , Adware
40.63%

K7 Gateway Antivirus
Unwanted-Program
40.63%

avast!
Win32:Adware-gen [Adw], Win32:Installer-L [PUP], PUP-gen [PUP], Win32:Adware-BZI [PUP], Win32:Adware-CAH [PUP]
37.50%

The domain files.installs.co has been seen to resolve to the following 10 IP addresses.

May 19, 2016

December 23, 2015

ec2-52-20-30-71.compute-1.amazonaws.com
December 16, 2015

ec2-54-165-103-1.compute-1.amazonaws.com
December 16, 2015

108.168.218.35-static.reverse.softlayer.com
April 17, 2015

173.192.195.226-static.reverse.softlayer.com
August 10, 2014

justice.airinstaller.com
July 23, 2014

173.192.195.228-static.reverse.softlayer.com
June 5, 2014

empire.airinstaller.com
May 31, 2014

chicago.airinstaller.com
May 21, 2014

File downloads found at URLs served by files.installs.co.

The following 6 files have been seen to comunicate with files.installs.co in live environments.

URL:
http://files.installs.co/

Title:
“installs.co”

Title (5/21/2014):
“Air Installer ™”

Title (11/10/2014):
“installs.co - domain expired”

Web server:
Apache