home

dwl.redir.info

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dwl.redir.info is registered by proxy through GoDaddy.com, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
GoDaddy.com, LLC

Server location:
Northern Ireland, United Kingdom (GB)

Root domain:
redir.info

Whois:
5 redir.info records

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Air Software.AirSoftware.Bundler (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Air Software (M)
100.00%

Malwarebytes
PUP.Optional.AirAdInstaller, PUP.Optional.AirInstaller
24.49%

avast!
Win32:Adware-CAH [PUP], PUP-gen [PUP], Adware-gen [Adw]
24.49%

Comodo Security
Application.Win32.AirAdInstaller.A, Application.Win32.AirAdInstaller.B
24.49%

Dr.Web
Adware.Downware.10718, Trojan.SMSSend.4723, Trojan.SMSSend.4684, Trojan.SMSSend.4722
24.49%

VIPRE Antivirus
Iminent, Threat.4150696, AirInstaller, Threat.5061940
24.49%

Sophos
PUA 'AirInstaller'
24.49%

ESET NOD32
Win32/AirAdInstaller.A potentially unwanted application
24.49%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
24.49%

Qihoo 360 Security
HEUR/Malware.QVM01.Gen
24.49%

Agnitum Outpost
PUA.AirAd, PUA.AirAdInstaller
24.49%

K7 AntiVirus
Adware
22.45%

NANO AntiVirus
Riskware.Win32.AirAdInstaller.cwcgpq
22.45%

Avira AntiVirus
ADWARE/Adware.Gen
22.45%

Vba32 AntiVirus
AdWare.AirAdInstaller
22.45%

The domain dwl.redir.info has been seen to resolve to the following 6 IP addresses.

92.242.140.21
unallocated.barefruit.co.uk
May 4, 2015

162.243.2.91
empire.airinstaller.com
August 23, 2014

173.192.195.228
173.192.195.228-static.reverse.softlayer.com
August 19, 2014

192.241.139.115
justice.airinstaller.com
April 20, 2014

184.154.116.114
chicago.airinstaller.com
April 4, 2014

108.168.218.35
108.168.218.35-static.reverse.softlayer.com
April 4, 2014

File downloads found at URLs served by dwl.redir.info.

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Browser_Update  (browser_update.exe)

0 / 68
http://dwl.redir.info/get/click/.../?filename=Browser_Update  (browser_update.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_272064522  (version_272064522.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Google Chrome_Setup  (google chrome_setup.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_pgd-290671441  (version_pgd-290671441.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=HDPlayerSetup  (hdplayersetup.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_pgd-313466520  (version_pgd-313466520.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_pgd-tst4-43e77d1e2b2e7e131350a6dae0444b6e  (version_pgd-tst4-43e77d1e2b2e7e131350a6dae0444b6e.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_265417403  (version_265417403.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_pgd-295820385  (version_pgd-295820385.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_295962394  (version_295962394.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_pgd-d1-4f3420d879f47dea13526ecf783261e0  (version_pgd-d1-4f3420d879f47dea13526ecf783261e0.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_282366094  (version_282366094.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_285293685  (version_285293685.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_269741278  (version_269741278.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_273461982  (version_273461982.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_249595824  (version_249595824.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_315810531  (version_315810531.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_284336090  (version_284336090.exe)

12 / 68    (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_308756592  (version_308756592.exe)

1 / 68      (Adware)
http://dwl.redir.info/get/click/.../?filename=Version_307567724  (version_307567724.exe)

The following 231 files have been seen to comunicate with dwl.redir.info in live environments.

TCP » 92.242.140.21:80
smelled.exe (Smelled)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
marini.exe (Marini)

TCP » 92.242.140.21:443
client.exe (ClientWrapper)

TCP » 92.242.140.21:80
thebrowser.exe (TheBrowser by Goobzo)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:443
WindowService.exe (WindowService)

TCP » 92.242.140.21:443
ciuninstall.exe

TCP » 92.242.140.21:1866
jutched.exe

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
masterupdater.exe

TCP » 173.192.195.228:80
setup.exe (Software Updater by AirInstaller)

TCP » 92.242.140.21:80
pricemeterexpress.crx

TCP » 92.242.140.21:80
chrome.crx

TCP » 92.242.140.21:80
app-center.crx

TCP » 92.242.140.21:80
ntp.crx

TCP » 92.242.140.21:80
3dayinvite.crx

TCP » 92.242.140.21:80
twitter.crx

TCP » 92.242.140.21:80
viewlater.crx

TCP » 92.242.140.21:80
rss.crx

 
Latest 20 of 231 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.