download.installs.co

NameFind LLC

Domain Information

The domain download.installs.co registered by NameFind LLC was initially registered in November of 2013 through GODADDY.COM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network.
Registrar:
GODADDY.COM, INC.

Server location:
New York, United States (US)

Create date:
Tuesday, November 5, 2013

Expires date:
Friday, November 4, 2016

Updated date:
Thursday, April 7, 2016

ASN:
AS393406 DIGITALOCEAN-ASN-NY3 - Digital Ocean, Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.DownloadAssistant.N, PUP.Installer.DownloadAssistant.U, PUP.Installer.DownloadAssistant.H, PUP.DownloadAssistant.K, PUP.Installer.Air Software, PUP.Air Software, PUP.Bundler.Air Software, PUP.Air Software.DownloadAssistant.Bundler (M), PUP.Vittalia.InstallHelper (M), PUP.Air Software.Download.Bundler (M), PUP.Vittalia.InstallH (M), PUP.Air Software (M)
100.00%

Malwarebytes
PUP.Optional.DownloadAssistant
54.55%

VIPRE Antivirus
Threat.4782985, Threat.4150696
54.55%

AVG
Generic
50.00%

K7 AntiVirus
Unwanted-Program
45.45%

ESET NOD32
Win32/DownloadAssistant.A potentially unwanted application
45.45%

G Data
Win32.Application.DownloadAssistant, Gen:Variant.Application.Bundler.32, Gen:Variant.Symmi.49704, Application.Bundler.FX
45.45%

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.32, Gen:Variant.Symmi.49704, Application.Bundler.FX
40.91%

MicroWorld eScan
Gen:Variant.Application.Bundler.32, Gen:Variant.Symmi.49704, Gen:Variant.Graftor.171462, Application.Bundler.FX
40.91%

Bitdefender
Gen:Variant.Application.Bundler.32, Gen:Variant.Symmi.49704, Application.Bundler.FX, Gen:Variant.Graftor.171462
40.91%

Dr.Web
Adware.Conduit.170, Trojan.Vittalia.3, Trojan.Vittalia.34
36.36%

Avira AntiVirus
APPL/Downloader.Gen
36.36%

Panda Antivirus
Trj/Genetic.gen
36.36%

avast!
Win32:Adware-gen [Adw], Win32:Malware-gen, Win32:Adware-CKE [PUP], Win32:Adware-CKC [PUP]
31.82%

Agnitum Outpost
Riskware.Agent
31.82%

The domain download.installs.co has been seen to resolve to the following 5 IP addresses.

April 12, 2016

December 26, 2015

ec2-52-20-30-71.compute-1.amazonaws.com
November 18, 2015

ec2-54-208-156-227.compute-1.amazonaws.com
November 18, 2015

useast.gtdlrfwd.com
October 9, 2014

File downloads found at URLs served by download.installs.co.

The following 19 files have been seen to comunicate with download.installs.co in live environments.

URL:
http://download.installs.co/

Title:
“installs.co”

Title (10/9/2014):
“Welcome to nginx!”

Title (8/28/2015):
“installs.co - domain expired”

Web server:
Apache