home

get.installmatic.net

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain get.installmatic.net is registered by proxy through GODADDY.COM, LLC and was originally registered in February of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Sao Paulo, Sao Paulo within Brazil which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Sao Paulo, Brazil (BR)

Create date:
Tuesday, February 19, 2013

Expires date:
Sunday, February 19, 2017

Updated date:
Thursday, January 28, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
installmatic.net

Whois:
1 installmatic.net record

Scanner detections:
Detections  (91% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Bundler.Installmatic, PUP.Installmatic.UnilogicInformaticaaME (M), PUP.Installmatic.Unilogic (M)
90.91%

F-Secure
Application:W32/Generic.70053c248f!Online, Riskware.Gen:Variant.Application.Downloader
18.18%

Dr.Web
Trojan.Click3.11315, Trojan.Click3.9739
18.18%

VIPRE Antivirus
Threat.5062944
18.18%

avast!
Malware-gen, Win32:Malware-gen
18.18%

Norman
Gen:Variant.Graftor.156076, Gen:Variant.Strictor.62764
18.18%

Kaspersky
not-a-virus:Downloader.Win32.Agent
18.18%

Malwarebytes
PUP.Optional.MultiInstall.A
18.18%

Zillya! Antivirus
Downloader.Agent.Win32.241009, Downloader.Agent.Win32.238826
18.18%

K7 AntiVirus
Unwanted-Program
18.18%

NANO AntiVirus
Trojan.Win32.Agent.dphjjq, Trojan.Win32.Agent.dnxrhv
18.18%

Agnitum Outpost
PUA.Downloader
18.18%

G Data
Win32.Application.MultiInstall, Gen:Variant.Application.Downloader.190
18.18%

AhnLab V3 Security
PUP/Win32.MultiInstall
18.18%

IKARUS anti.virus
PUA.UltraDownloads
18.18%

The domain get.installmatic.net has been seen to resolve to the following IP address.

54.207.221.204
ec2-54-207-221-204.sa-east-1.compute.amazonaws.com
April 15, 2015

File downloads found at URLs served by get.installmatic.net.

1 / 68      (Adware)
http://get.installmatic.net/.../Mamae-Que-Nos-Faz.exe  (ddba1ad2734a78ce72bd9d88fd965334)

1 / 68      (Adware)
http://get.installmatic.net/.../Loki-Cola-Coca-Cola.exe  (c38706ff5ed17a75b6e7f50a4b76cfac)

1 / 68      (Adware)
http://get.installmatic.net/.../Hao123.exe  (1f3a62ab0ef3894b3b77a5674d63ab72)

1 / 68      (Adware)
http://get.installmatic.net/.../CD-Matheus-e-Kauan-Face-a-Face-Audio-do-DVD-ao-Vivo-em-Brasilia-Lancamento-2015_10.exe  (4b8d8e03283bbde195c42aa748b59955)

1 / 68      (Adware)
http://get.installmatic.net/.../Ludo_311a.exe  (f194060e360ab4cec08b52e0dec8134e)

1 / 68      (Adware)
http://get.installmatic.net/.../Jorge-e-Mateus-Os-Anjos-Cantam-Lancamento-2015_10.exe  (53f20c74dcc5e8a559fede22144803f1)

1 / 68      (Adware)
http://get.installmatic.net/.../Avioes-Militares-Caca_1280x1024.exe  (dfc48be1c51ea1823a1420be1e57b483)

1 / 68      (Adware)
http://get.installmatic.net/.../CBR-Comic-Book-Reader_07.exe  (f257a9391a511e1650b22fb700727b2e)

2 / 68      (false positives)
http://get.installmatic.net/.../Microsoft-Office-2007.exe  (wrar420.exe)

25 / 68    (Adware)
http://get.installmatic.net/.../OpenOffice-BrOfficeorg_411.exe  (a7e8b58ed2ccaace0e09ca37959da989)

18 / 68    (Adware)
http://get.installmatic.net/.../Ativador-permanenterar_10.exe  (ecfe430ea34a9de8f7ebdea96df4c3f5)

The following 2 files have been seen to comunicate with get.installmatic.net in live environments.

TCP » 54.207.221.204:80
corte-certo-plus_80221.exe (Instalador by Unilogic Informaticaa ME)

TCP » 54.207.221.204:80
songr_198.exe (Instalador by Unilogic Informaticaa ME)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.