home

download.oneinstaller.com

Only contact by email, all postal mail will be rejected  (Proxy Registrant)

Domain Information

The domain download.oneinstaller.com is registered by proxy through SOLUCIONES CORPORATIVAS IP, SL and was originally registered in January of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Madrid, Madrid within Spain which resides on the RIPE Network Coordination Centre network.
Registrar:
SOLUCIONES CORPORATIVAS IP, SL

Server location:
Madrid, Spain (ES)

Create date:
Tuesday, January 15, 2013

Expires date:
Sunday, January 15, 2017

Updated date:
Monday, December 14, 2015

ASN:
AS45037 HISPAWEB-NETWORK Propelin Consulting S.L.U.,ES

Root domain:
oneinstaller.com

Whois:
2 oneinstaller.com records

Scanner detections:
Detections  (91% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.MaxSetup.L, Threat.Installer.OneInstaller, PUP.InstallCore (M), PUP.Vittalia.OneInstaller (M), PUP.Vittalia.OneInsta.Bundler (M), PUP.installCore.MaxSetup (M), PUP.Vittalia (M)
90.00%

K7 AntiVirus
Trojan , Adware , Unwanted-Program
40.00%

NANO AntiVirus
Riskware.Win32.InstallCore.dfglmk, Trojan.Win32.Siggen5.cthmqx
40.00%

Agnitum Outpost
PUA.InstallCore, Riskware.Agent
40.00%

Dr.Web
Trojan.Packed.24524, Adware.Downware.1265, Trojan.MulDrop5.10078
40.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4786531, Threat.4788237
40.00%

G Data
Win32.Application.InstallCore, NSIS.Adware.Lollipop
40.00%

IKARUS anti.virus
Backdoor.Win32.Hupigon, PUA.Lollipop
40.00%

Qihoo 360 Security
Win32/Virus.Adware.94c, Trojan.Generic
40.00%

F-Prot
W32/InstallCore.AD.gen
30.00%

Trend Micro House Call
TROJ_GEN.R0C1C0OLQ14, Suspicious_GEN.F47V0723, Suspicious_GEN.F47V0217
30.00%

Sophos
Install Core Click run software, Generic PUA OO
30.00%

Avira AntiVirus
ADWARE/InstallCore.Gen7
30.00%

McAfee
Artemis!300D0E302EB1, Artemis!E1CC237A7F7C, Artemis!E450A7E12EE6
30.00%

Vba32 AntiVirus
Downware.InstallCore
30.00%

The domain download.oneinstaller.com has been seen to resolve to the following IP address.

93.189.35.51
oneinstaller.com
January 23, 2015

File downloads found at URLs served by download.oneinstaller.com.

1 / 68      (Adware)
http://download.oneinstaller.com/.../?iid=636&nsoft=1  (vlc_2.1.2.exe)

1 / 68      (Adware)
http://download.oneinstaller.com/.../?iid=216&nsoft=12  (utorrent_3.3.dl.exe)

1 / 68      (Adware)
http://download.oneinstaller.com/.../?iid=207&nsoft=12  (utorrent_3.4.exe)

1 / 68      (Adware)
http://download.oneinstaller.com/.../?iid=450&nsoft=14  (flashplayer_11.3.dl.exe)

1 / 68      (Adware)
http://download.oneinstaller.com/.../?iid=450&nsoft=14  (flashplayer_11.3.dl.exe)

18 / 68    (Adware)
http://download.oneinstaller.com/.../?iid=216&nsoft=12  (icreinstall_utorrent_3.4.exe)

0 / 68
http://download.oneinstaller.com/.../?iid=592&nsoft=14  (non confirmé 838244.crdownload)

1 / 68      (Adware)
http://download.oneinstaller.com/.../?iid=288&nsoft=2  (jdownloader_0.9.dl.exe)

28 / 68    (PUP)
http://download.oneinstaller.com/.../?iid=636&nsoft=1  (vlc_2.1.5.exe)

14 / 68    (Adware)
http://download.oneinstaller.com/.../?iid=288&nsoft=2  (jdownloader_0.9.dl.exe)

26 / 68    (Adware)
http://download.oneinstaller.com/.../?iid=216&nsoft=12  (utorrent_3.4.exe)

The following 6 files have been seen to comunicate with download.oneinstaller.com in live environments.

TCP » 93.189.35.51:80
avast-free-antivirus-2014_9.0.2006.exe

TCP » 93.189.35.51:80
vlc_2.1.3.exe

TCP » 93.189.35.51:80
foofind-download-manager_0.2-20140318.exe

TCP » 93.189.35.51:80
avg-antivirus-free-2014_2014.0.4116.exe

TCP » 93.189.35.51:80
free-youtube-download-manager.exe

TCP » 93.189.35.51:80
minecraft_1.7.2.exe

URL:
http://download.oneinstaller.com/

Web server:
Apache/2.2.22 (Ubuntu)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.