www.win-install.com

FIRSERIA, S.L.  (via a Proxy Registrant)

Domain Information

The domain www.win-install.com is registered by proxy through GODADDY.COM, LLC and was originally registered in October of 2013. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform. The domain is associated with the publisher FIRSERIA, S.L. who is located in Badalona, Barcelona in Spain.
Remove Malware from www.win-install.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Thursday, October 24, 2013

Expires date:
Monday, October 24, 2016

Updated date:
Monday, October 20, 2014

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (90% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.AppsInstallerSL.X, PUP.EilioDevelopmentssl.O, PUP.ContumarEmpresarial.Q, PUP.OlehAleksyuk.U, PUP.EilioDevelopmentssl.K, PUP.StartNow.W, PUP.ironSource, PUP.Solimba, Threat.Solimba.Bundler, PUP.Covus.Bundler, PUP.Solimba.POPELERSYSTEM, PUP.Outbrowse.ClickToStart.Bundler (M), PUP.Solimba.DelimaxConcept (M), PUP.Solimba.EilioDevelopmentssl (M), PUP.Solimba.AppsInstaller.Installer (M), PUP.Covus.Freemium.Bundler (M), PUP.Solimba.SETUPPROCESS.Bundler (M), PUP.installCore.WorldSetup (M), PUP.Solimba.Firseria.Bundler (M), PUP.Solimba.ContumarEmpresarial (M), PUP.Outbrowse.StartNow.Bundler (M), PUP.Downloader.Bundler.Soft32.Installer (M), PUP.Outbrowse.CyberservicesBV (M), PUP.Freemium (M), PUP.Freemium.Installer (M), PUP.Solimba.RAPIDDOWN (M), PUP.Outbrowse.Bundler (M), PUP.Solimba.VetaformDevelopments (M), PUP.InstallCore.Installer.Installer (M), PUP.Sien.LiveSoftAction.Bundler (M)
97.83%

ESET NOD32
Win32/FirseriaInstaller.J potentially unwanted application, MSIL/Solimba.AH potentially unwanted application, MSIL/Solimba.AK.gen potentially unwanted application
36.96%

Dr.Web
Win32.Sector.21, Adware.Downware.3722, Adware.Downware.8808, Trojan.WebPick.2984, Adware.Downware.9221, Trojan.OutBrowse.1, Trojan.DownLoader11.64099
34.78%

AVG
Adware BundleApp.DE, Adware BundleApp.IF, Adware BundleApp_r.AJ, Adware Generic_r.WZ, Adware BundleApp_r.AV, InstallC, Win.Threat.High
34.78%

Avira AntiVirus
W32/Sality.AT, APPL/Firseria.A.26, APPL/Firseria.Gen8, Adware/MultiPlug.bfp, APPL/Outbrowse.Gen, ADWARE/InstallCore.Gen
32.61%

VIPRE Antivirus
Threat.4782980, Threat.4758821, Threat.4150696, Threat.4786018
32.61%

K7 Gateway Antivirus
Unwanted-Program , DoS-Trojan
32.61%

K7 AntiVirus
Unwanted-Program , Trojan
32.61%

Vba32 AntiVirus
Downware.Morstar, Heur.Malware-Cryptor.Multiplug, Hoax.PornoAsset, Downware.InstallCore, Downloader.DownloadHelper
32.61%

NANO AntiVirus
Riskware.Win32.Downware.cytedc, Trojan.Win32.Morstar.dicrgq, Trojan.Win32.Morstar.dkwxhn, Trojan.Win32.WebPick.diwplr, Trojan.Win32.Morstar.djohiw
30.43%

Sophos
Solimba Installer, PUA 'Solimba Installer', PUA 'MultiPlug' (of type Adware), PUA 'Install Core Click run software'
30.43%

avast!
Win32:Adware-BQN [Trj], Win32:Solimba-M [PUP], Win32:MultiPlug-MP [PUP], PUP-gen [PUP], Win32:Rootkit-gen [Rtk], MSIL:Solimba-V [PUP]
28.26%

Malwarebytes
PUP.Optional.AppsInstaller, Trojan.Agent, PUP.Optional.Solimba, PUP.Optional.Unizeto, PUP.Optional.Morstars, PUP.Optional.Outbrowse
28.26%

Comodo Security
Application.Win32.Firseria.K, Application.Win32.Solimba.LSW, Application.Win32.Firseria.GH, Application.Win32.Multiplug.CT
28.26%

G Data
Win32.Application.Morstar, Gen:Variant.Adware.Mplug.21, Application.Generic.999511, Trojan.Generic.12663549, Application.Generic.872462
28.26%

The domain www.win-install.com has been seen to resolve to the following 7 IP addresses.

ec2-52-2-153-162.compute-1.amazonaws.com
October 26, 2015

ec2-54-164-36-16.compute-1.amazonaws.com
October 26, 2015

ec2-52-0-144-33.compute-1.amazonaws.com
June 18, 2015

ec2-107-23-154-235.compute-1.amazonaws.com
June 18, 2015

ec2-107-20-187-152.compute-1.amazonaws.com
May 1, 2014

ec2-54-235-147-60.compute-1.amazonaws.com
April 11, 2014

ec2-107-22-251-68.compute-1.amazonaws.com
February 14, 2014

File downloads found at URLs served by www.win-install.com.

1 / 68      (Adware)

1 / 68      (PUP)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)
http://www.win-install.com/openofficeorg/download/.../bing  (win-install_apache openoffice_1.0.exe)

1 / 68      (Adware)

1 / 68      (PUP)
http://www.win-install.com/counter-strike-online/download/.../bing  (win-install_counter-strike online_1.0.exe)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (PUP)

1 / 68      (Adware)

1 / 68      (PUP)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (PUP)
http://www.win-install.com/yahoo-messenger/download/.../yahoo  (win-install_yahoo! messenger_1.0.exe)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (PUP)

13 / 68    (Adware)

5 / 68      (false positives)

13 / 68    (Adware)

13 / 68    (Adware)

35 / 68    (Adware)

1 / 68      (Adware)

16 / 68    (PUP)
http://www.win-install.com/filezilla-client/download/.../google  (win-install_filezilla client_1.0.exe)

33 / 68    (Adware)

 
Latest 30 of 95 download URLs

URL:
http://www.win-install.com/

Google Analytics:
UA-45215772

Title:
“Win-Install”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx

Facebook:
Shares:  4

Statistics are for the previous month.

Remove Malware from www.win-install.com - Powered by Reason Core Security