home

dl2.vid4installer.com

NATIVEX HOLDINGS, LLC

Domain Information

The domain dl2.vid4installer.com registered by NATIVEX HOLDINGS, LLC was initially registered in January of 2014 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
ENOM, INC.

Create date:
Wednesday, January 15, 2014

Expires date:
Thursday, January 15, 2015

Updated date:
Wednesday, August 20, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
vid4installer.com

Whois:
1 vid4installer.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.InstallX.E, PUP.Installer.InstallX.O, PUP.Installer.InstallX.J, PUP.InstallX.SafeInst.Installer (M)
100.00%

VIPRE Antivirus
Threat.4783689, InstallIQ Installer
80.00%

Dr.Web
Threat.Undefined, Adware.Downware.2512
80.00%

Kaspersky
not-a-virus:Downloader.NSIS.Agent
80.00%

MicroWorld eScan
Gen:Variant.Application.Bundler.Graftor.155902
80.00%

Malwarebytes
PUP.Optional.SafeInstall.A
80.00%

Zillya! Antivirus
Downloader.Agent.Win32.223881
80.00%

K7 AntiVirus
Unwanted-Program
80.00%

NANO AntiVirus
Riskware.Win32.Searcher.csnymk
80.00%

Bitdefender
Gen:Variant.Application.Bundler.Graftor.155902
80.00%

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Graftor.155902
80.00%

Sophos
InstallQ
80.00%

Comodo Security
Application.Win32.InstallIQ.B
80.00%

F-Secure
Gen:Variant.Application.Bundler
80.00%

Avira AntiVirus
APPL/InstallIQ.Gen4
80.00%

The domain dl2.vid4installer.com has been seen to resolve to the following 3 IP addresses.

52.18.157.175
ec2-52-18-157-175.eu-west-1.compute.amazonaws.com
May 15, 2016

208.111.160.6
cdn-208-111-160-6.iad.llnw.net
November 2, 2014

208.111.161.254
cdn-208-111-161-254.iad.llnw.net
November 2, 2014

File downloads found at URLs served by dl2.vid4installer.com.

32 / 68    (Adware)
http://dl2.vid4installer.com/download/Base/343013/.../7zip_bimo.exe  (3893c27f93a9cecc3197764520985cf1)

1 / 68      (Adware)
http://dl2.vid4installer.com/download/Base/384909/.../adobeflashplayer.exe  (2641b88c91b43a6347af3e13c8c734af)

20 / 68    (Adware)
http://dl2.vid4installer.com/download/Base/354337/.../java.exe  (360a308ff5721738a951b11b9be9d4b8)

23 / 68    (Adware)
http://dl2.vid4installer.com/download/Base/193162/.../mplayer_freely.exe  (fd9e236c0d038907b068be0e72d87c77)

31 / 68    (Adware)
http://dl2.vid4installer.com/download/Base/383327/.../manualdownload.exe  (d211f1ba75fdb635baf0c6ed286eee00)

The following 88 files have been seen to comunicate with dl2.vid4installer.com in live environments.

TCP » 208.111.161.254:80
AppVerifierapc.exe (AppApcVerifier)

TCP » 208.111.160.6:80
AppVerifierapc.exe (AppApcVerifier)

TCP » 208.111.161.254:80
crossbrowse.exe (Crossbrowse)

TCP » 208.111.160.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.161.254:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.161.254:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 208.111.160.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.160.6:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 208.111.160.6:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.161.254:80
Patcher.exe (Audition Patcher by Axeso5.com)

TCP » 208.111.161.254:80
sysmon.exe (SysMon)

TCP » 208.111.160.6:80
SimpleMalwareProtector.exe (Simple Malware Protector by SimpleStar)

TCP » 208.111.161.254:80
AdvancedSystemProtector.exe (ASP)

TCP » 208.111.160.6:80
AdvancedSystemProtector.exe (ASP)

TCP » 208.111.161.254:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.160.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.160.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.161.254:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.160.6:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.161.254:443
vosteran.exe

 
Latest 20 of 138 files

URL:
http://dl2.vid4installer.com/

Title:
“Please Wait - You are being redirected.”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/7.5 (ASP.NET)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.