The domain files.installs.co is registered by proxy through GODADDY.COM, INC. and was originally registered in November of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network.
Registrant:
Domains By Proxy, LLC
Registrar:
GODADDY.COM, INC.
Server location:
New York, United States (US)
Create date:
Tuesday, November 5, 2013
Expires date:
Friday, November 4, 2016
Updated date:
Tuesday, December 22, 2015
ASN:
AS46652 SERVERSTACK-ASN - ServerStack, Inc.
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
DownloadManager.AirSoftware.U, DownloadManager.AirSoftware.N, DownloadManager.AirSoftware.T, DownloadManager.AirSoftware.E, DownloadManager.AirSoftware.F, DownloadManager.AirSoftware.M, PUP.Installer.InstallManager.Y, DownloadManager.AirSoftware.J, DownloadManager.AirSoftware.R, DownloadManager.Bundler.Air Software, PUP.Air Software.AirSoftware.Bundler (M), PUP.Adknowledge.InstallManager.Installer (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Adknowledge.InstallM.Installer (M), PUP.Air Software (M)
100.00%
Malwarebytes
PUP.Optional.AirAdInstaller, PUP.Optional.AirInstaller
53.13%
Dr.Web
Trojan.SMSSend.5041, Trojan.SMSSend.5095, Trojan.SMSSend.5121, Trojan.SMSSend.5270, Trojan.SMSSend.5289, Adware.Downware.2035
53.13%
VIPRE Antivirus
Iminent, Threat.4784938, Threat.4150696, Threat.4665102
53.13%
Rising Antivirus
PE:PUF.Airinstall!1.9C4C
53.13%
Sophos
AirInstaller, PUA.AirInstaller
50.00%
Avira AntiVirus
ADWARE/Adware.Gen, Adware/AirAdInstaller.aldw.4, APPL/AirInstaller.97366, TR/Rogue.11466095, Adware/AgentCV.A.15058, ADWARE/Adware.Gen7
46.88%
ESET NOD32
Win32/AirAdInstaller.A potentially unwanted application
46.88%
IKARUS anti.virus
Win32.SuspectCrc, PUA.AirAdInstaller, Win32.AdWare, AdWare.AirAdInstaller, not-a-virus:AdWare.AirAdInstaller, AdWare.Airinstall
46.88%
AVG
Skodna.Downloader.CX, Airsoftware, Adware Generic5, Generic_r, Adware Generic_r.JB, Adware BundleApp, Adware BundleApp_r
46.88%
Agnitum Outpost
PUA.AirAdInstaller, Trojan.SMSSend
43.75%
Panda Antivirus
Trj/Genetic.gen, Adware/AirInstaller
43.75%
K7 AntiVirus
Unwanted-Program , Adware
40.63%
avast!
Win32:Adware-gen [Adw], Win32:Installer-L [PUP], PUP-gen [PUP], Win32:Adware-BZI [PUP], Win32:Adware-CAH [PUP]
37.50%
NANO AntiVirus
Riskware.Win32.AirAdInstaller.dafqnz, Riskware.Win32.AirAdInstaller.cwbyev, Trojan.Win32.SMSSend.ddvfxt, Riskware.Win32.AirAdInstaller.cwblbu
37.50%
The domain files.installs.co has been seen to resolve to the following 10 IP addresses.
ec2-52-20-30-71.compute-1.amazonaws.com
December 16, 2015
ec2-54-165-103-1.compute-1.amazonaws.com
December 16, 2015
108.168.218.35-static.reverse.softlayer.com
April 17, 2015
173.192.195.226-static.reverse.softlayer.com
August 10, 2014
justice.airinstaller.com
July 23, 2014
173.192.195.228-static.reverse.softlayer.com
June 5, 2014
empire.airinstaller.com
May 31, 2014
chicago.airinstaller.com
May 21, 2014
File downloads found at URLs served by files.installs.co.
The following 6 files have been seen to comunicate with files.installs.co in live environments.
URL:
http://files.installs.co/
Title (5/21/2014):
“Air Installer ™”
Title (11/10/2014):
“installs.co - domain expired”