install.safeinstall.org

WhoisGuard, Inc.  (Proxy Registrant)

Domain Information

The domain install.safeinstall.org is registered by proxy through eNom, Inc. (R39-LROR). This domain has been known to host and distribute adware as well as other potentially unwanted software.
Remove Malware from install.safeinstall.org - Powered by Reason Core Security
Registrar:
eNom, Inc. (R39-LROR)

ASN:
AS9498 BBIL-AP BHARTI Airtel Ltd.,IN

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

F-Prot
W32/InstallCore.R3.gen
100.00%

Agnitum Outpost
PUA.InstallCore
100.00%

Dr.Web
Trojan.Packed.25266, Trojan.MulDrop5.10078
100.00%

VIPRE Antivirus
InstallCore.b, Threat.4788237
100.00%

Vba32 AntiVirus
Downware.InstallCore
100.00%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
100.00%

Reason Heuristics
PUP.DownloadandInstall.Y, PUP.DownloadandInstall.M
100.00%

ESET NOD32
Win32/InstallCore.ES (variant), Win32/InstallCore.BY (variant)
50.00%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
50.00%

IKARUS anti.virus
Backdoor.Hupigon
50.00%

McAfee
Artemis!12C9A41A9C54
25.00%

Trend Micro House Call
TROJ_GEN.F47V0114
25.00%

McAfee Web Gateway
Artemis!12C9A41A9C54
25.00%

ESET NOD32
Win32/InstallCore.BY potentially unwanted application
25.00%

MicroWorld eScan
Gen:Variant.Strictor.53116
25.00%

The domain install.safeinstall.org has been seen to resolve to the following 6 IP addresses.

ReasonOne
December 26, 2014

a23-0-160-35.deploy.static.akamaitechnologies.com
September 5, 2014

a23-0-160-82.deploy.static.akamaitechnologies.com
September 4, 2014

a23-0-160-59.deploy.static.akamaitechnologies.com
September 4, 2014

a23-67-243-66.deploy.static.akamaitechnologies.com
April 26, 2014

a23-67-243-91.deploy.static.akamaitechnologies.com
April 26, 2014

File downloads found at URLs served by install.safeinstall.org.

11 / 68    (Adware)
http://install.safeinstall.org/.../Easy Torrent.exe  (icreinstall_easy torrent.exe)

8 / 68      (Adware)
http://install.safeinstall.org/.../Easy Torrent.exe  (3720dd76b9b509ea7f5e44f2ea1bf0b9)

16 / 68    (Adware)
http://install.safeinstall.org/.../Easy Torrent.exe  (dc8fe1ac005f66566de3a79aa8c7e06f)

11 / 68    (Adware)
http://install.safeinstall.org/.../Easy Torrent.exe  (icreinstall_easy torrent.exe)

The following 77 files have been seen to comunicate with install.safeinstall.org in live environments.

 
Latest 20 of 77 files

URL:
http://install.safeinstall.org/

Web server:
Apache

Remove Malware from install.safeinstall.org - Powered by Reason Core Security