home

i.facemoods.com

VoloNet Ltd.

Domain Information

The domain i.facemoods.com registered by VoloNet Ltd. was initially registered in July of 2009 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Providence, Utah within the United States which resides on the Hosting Services, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Utah, United States (US)

Create date:
Thursday, July 23, 2009

Expires date:
Saturday, July 23, 2016

Updated date:
Sunday, June 28, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
facemoods.com

Whois:
3 facemoods.com records

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/InstallCore.BH (variant), Win32/InstallCore (variant), Win32/SweetIM (variant), Win32/InstallCore.AY (variant), Win32/InstallCore.AL (variant)
94.74%

Avira AntiVirus
ADWARE/InstallCore.Gen, TR/Agent.623420
84.21%

Reason Heuristics
PUP.Installer.Volonet.J, PUP.Installer.Volonet.M, PUP.InstallCore.ESTM, PUP.installCore.Installer (M)
84.21%

Dr.Web
Adware.Funmoods.3, Adware.InstallCore.6, Adware.InstallCore.75, Adware.InstallCore.59
84.21%

avast!
Win32:FunMood-A [PUP], Win32:InstallCore-J [PUP], Win32:InstallCore-BA [PUP], Win32:PUP-gen [PUP]
78.95%

F-Prot
W32/InstallCore.G4.gen, W32/InstallCore.I.gen, W32/InstallCore.P.gen, W32/InstallCore.I2.gen
73.68%

Trend Micro House Call
TROJ_GEN.F47V0722, TROJ_SPNR.0CE413, TROJ_GEN.RCBOHB7, TROJ_GEN.FCBCBKN, TROJ_GEN.RCBH1KM, TROJ_GEN.F47V0821
68.42%

Rising Antivirus
PE:PUF.InstallCore!1.9DE1, Trojan.Win32.Generic.128686F5, PE:Malware.XPACK-LNR/Heur!1.5594
68.42%

Fortinet FortiGate
Riskware/InstallCore, Riskware/SweetIM
63.16%

NANO AntiVirus
Riskware.Win32.InstallToolbar.crpgoq, Riskware.Win32.InstallCore.nxzhi, Riskware.Win32.InstallCore.debtzv
63.16%

Sophos
Generic PUA OF, Install Core, Install Core Installer
63.16%

McAfee
Artemis!2F4B6F6CEBFE, Artemis!23E6603D369E, Artemis!9D0F2E703DB6, Artemis!DD2AA6D5F31C
63.16%

Trend Micro
TROJ_SPNR.0CE413, TROJ_GEN.FCBCBKN
57.89%

K7 AntiVirus
Trojan , Unwanted-Program
52.63%

Baidu Antivirus
Trojan.Win32.InstallCore
52.63%

The domain i.facemoods.com has been seen to resolve to the following 6 IP addresses.

174.127.102.229
April 11, 2014

174.37.174.85
April 11, 2014

173.255.138.101
April 11, 2014

50.23.103.21
April 11, 2014

50.22.197.221
April 11, 2014

184.173.134.101
April 11, 2014

File downloads found at URLs served by i.facemoods.com.

20 / 68    (Adware)
http://i.facemoods.com/gppc/.../Facemoods.exe  (9d0f2e703db66c0a2b8a262c9ff2d59c)

1 / 68      (Adware)
http://i.facemoods.com/metanw/wr/.../Facemoods.exe  (f3c05440fb6ba246b9223db16388db3a)

9 / 68      (Adware)
http://i.facemoods.com/gppc/.../Facemoods.exe  (f01ccf479b11d953b93298efb9bebc91)

46 / 68    (Adware)
http://i.facemoods.com/wbst/.../Facemoods.exe  (9415e6f8a84d8ad159ab5e63b93c4ff5)

13 / 68    (PUP)
http://i.facemoods.com/wbst/.../Facemoods.exe  (dd2aa6d5f31c7e02b929c39b0128f7e4)

20 / 68    (Adware)
http://i.facemoods.com/gppc/.../Facemoods.exe  (28cdba90173cbd3aa68e7ccbb8375f3e)

8 / 68      (PUP)
http://i.facemoods.com/wbst/.../Facemoods.exe  (f7df6f891564be939602c3220b134fb1)

8 / 68      (Adware)
http://i.facemoods.com/wbst/.../Facemoods.exe  (59543527521275b13ab6afd6aa350ca7)

9 / 68      (Adware)
http://i.facemoods.com/umail3/.../Facemoods.exe  (85f37ed62fd22de5750ffeeb92ffd10b)

1 / 68      (Adware)
http://i.facemoods.com/gppc/wr/.../Facemoods.exe  (0da09ef68e777b42f06659f14f5a0fb3)

10 / 68    (Adware)
http://i.facemoods.com/gppc/wr/.../Facemoods.exe  (23e6603d369ef621d2e31a9edd1c11ea)

10 / 68    (Adware)
http://i.facemoods.com/gppc/wr/.../Facemoods.exe  (747aeb0c751778c95dc3122a6eb199ab)

0 / 68
http://i.facemoods.com/gppc/.../Facemoods.exe  (697308423434a553359088dfd8832d9c)

20 / 68    (Adware)
http://i.facemoods.com/gppc/.../Facemoods.exe  (c1d42bcacf50935b42b0573dcb10b80a)

2 / 68      (PUP)
http://i.facemoods.com/wbst/.../Facemoods.exe  (2dc1b31be28d002c6dac405667054643)

21 / 68    (Adware)
http://i.facemoods.com/gppc/wr/.../Facemoods.exe  (13f77bd328ddc2ad52efdacfd5da1c13)

20 / 68    (Adware)
http://i.facemoods.com/gppc/.../Facemoods.exe  (9957b0472bc21740d1424781d6306277)

22 / 68    (Adware)
http://i.facemoods.com/gppc/wr/.../Facemoods.exe  (2dfc4784a9ce7a320393c15ce5fc5c49)

23 / 68    (Adware)
http://i.facemoods.com/gppc/.../Facemoods.exe  (be82e1ecd89b0829c3e73bfc3369c850)

7 / 68      (Adware)
http://i.facemoods.com/wesell/.../Facemoods.exe  (icreinstall_facemoods.exe)

7 / 68      (Adware)
http://i.facemoods.com/tlv/.../Facemoods.exe  (icreinstall_facemoods.exe)

7 / 68      (Adware)
http://i.facemoods.com/metanw/wr/.../Facemoods.exe  (icreinstall_facemoods.exe)

7 / 68      (Adware)
http://i.facemoods.com/gppc/.../Facemoods.exe  (icreinstall_facemoods.exe)

7 / 68      (Adware)
http://i.facemoods.com/gppc/wr/.../Facemoods.exe  (icreinstall_facemoods.exe)

The following 4 files have been seen to comunicate with i.facemoods.com in live environments.

TCP » 50.23.103.21:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 173.255.138.101:80
WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

TCP » 50.22.197.221:80
WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

TCP » 50.23.103.21:80
WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

TCP » 173.255.138.101:80
facemoods.exe (InstallCore© Installer SDK 4.1 by InstallCore© Technologies)

URL:
http://i.facemoods.com/

Web server:
nginx/1.0.10

funmoods.com

greetingmoods.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.