» www1.installsfiles.com
Overview
Analysis
IPs Addresses (1)
Downloads (17)
Related Domains (5)

www1.installsfiles.com

Domains By Proxy, LLC (Proxy Registrant)

Domain Information

The domain www1.installsfiles.com is registered by proxy through GODADDY.COM, LLC and was originally registered in February of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Studio City, California within the United States which resides on the netDNA network.

Registrant:

Domains By Proxy, LLC

Registrar:

GODADDY.COM, LLC

Server location:

California, United States (US)

Create date:

Tuesday, February 12, 2013

Expires date:

Sunday, February 12, 2017

Updated date:

Saturday, February 13, 2016

ASN:

AS4436 AS-NLAYER - nLayer Communications, Inc.

Root domain:

installsfiles.com

Whois:

3 installsfiles.com records

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.CoolMirage.V, PUP.CoolMirage.M, PUP.CoolMirage.Q, PUP.CoolMirage.N, PUP.CoolMirage.J, PUP.CoolMirageltd.J, PUP.CoolMirage.R, PUP.CoolMirageltd.Q, PUP.CoolMirage.T, PUP.CoolMirageltd.T, PUP.CoolMirage (M), PUP.CoolMirage.VASSANAK (M)

100.00%

VIPRE Antivirus

CoolMirage Ltd

87.88%

Dr.Web

Adware.Downware.1263, Adware.Yontoo.25, Adware.Downware.1403, Adware.Downware.625, Adware.Downware.902, Adware.Downware.2031

51.52%

avast!

Win32:Downloader-TPG [PUP], Win32:PUP-gen [PUP], Win32:Downloader-UHI [PUP], Win32:Oneclick-I [PUP]

39.39%

Trend Micro House Call

TROJ_GEN.F47V0801, Suspicious_GEN.F47V1210, TROJ_GEN.F47V0409, TROJ_GEN.F47V0605, TROJ_GEN.F47V0830, TROJ_GEN.F47V1226, TROJ_GEN.F47V0327

30.30%

Avira AntiVirus

Adware/1ClickDownload.AC.22, Adware/1ClickDownload.K, Adware/1ClickDownload.AA.19, APPL/CoolMirage.bti, Adware/1ClickDownload.AA.56

27.27%

IKARUS anti.virus

AdWare.1ClickDownload, not-a-virus:AdWare.Yontoo

27.27%

Malwarebytes

PUP.Optional.CoolMirage.A, PUP.Optional.DealPly.A, PUP.Optional.Downware

24.24%

Comodo Security

ApplicUnwnt, Application.Win32.MCool.B, UnclassifiedMalware, Application.Win32.MCool.A

21.21%

Agnitum Outpost

PUA.Yontoo, PUA.Downware

21.21%

Kaspersky

not-a-virus:AdWare.NSIS.Yontoo

21.21%

AVG

Generic

21.21%

Panda Antivirus

Generic Suspicious, Adware/MultiToolbar, PUP/MultiToolbar.A

18.18%

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen, Win32/Virus.Adware.7c6

18.18%

herdProtect (fuzzy)

a variant of 57703d51babaa7292afac8113fd355db46976fdb, a variant of eef9df0fca0fd9def4ede809cf9c245f78e1562f, a variant of b37ba8abdaba4f9f67aa283554a046faeb57fa70

9.09%

The domain www1.installsfiles.com has been seen to resolve to the following IP address.

108.161.189.3

November 16, 2013

File downloads found at URLs served by www1.installsfiles.com.

2 / 68 (Adware)

http://www1.installsfiles.com/Movie2KDownloader.exe (2fe359b0f917f8154204ddeb3d2f3e4d)

1 / 68 (Adware)

http://www1.installsfiles.com/FreeTVDownloader4.exe (freetvdownloader.exe)

1 / 68 (Adware)

http://www1.installsfiles.com/FTDownloader.exe (ffb70d6949fdd663086fce9e2afb3a58)

12 / 68 (Adware)

http://www1.installsfiles.com/FirstRowSportApp.exe (abad1fa625902ad31d132f8d534e3fc9)

1 / 68 (Malware)

http://www1.installsfiles.com/torntvdownloader.exe (05ff41a1e1a74e30e7d4e20af783aa90)

12 / 68 (Adware)

http://www1.installsfiles.com/Feed2AllApp.exe (e19eab8ee5e4f51ed1748d0e68f4440c)

6 / 68 (Adware)

http://www1.installsfiles.com/IlemiTVApp.exe (cf9c9fdd76d662463d3f6e3b9649f9a6)

3 / 68 (Adware)

http://www1.installsfiles.com/PutLockerDownloader.exe (8c0e99d9a046c047abea29c57e4dce63)

6 / 68 (Adware)

http://www1.installsfiles.com/MainPackFA2703c.exe (ocmainpack.exe)

2 / 68 (Adware)

http://www1.installsfiles.com/MovieDownloader4.exe (MovieDownloader.exe)

5 / 68 (Adware)

http://www1.installsfiles.com/VipBoxSportsApp.exe (fbafe9383f7641c9f74d33f3f9aaaf84)

16 / 68 (Adware)

http://www1.installsfiles.com/TornTVApp.exe (c6cc74b46e94f23866439c8e39ce0279)

5 / 68 (Adware)

http://www1.installsfiles.com/Movie2KDownloader4.exe (c99d9afdd0fc5c341c3868e48385609e)

2 / 68 (Adware)

http://www1.installsfiles.com/PutLockerDownloaderv2.exe (1a910d6219471c816e86d0ae92b426e1)

3 / 68 (Adware)

http://www1.installsfiles.com/FTDownloader4.exe (4570942f7821646f73b4d575c27ae4d7)

5 / 68 (Adware)

http://www1.installsfiles.com/HDPlayer.exe (FLVPlayer.EXE)

4 / 68 (Adware)

http://www1.installsfiles.com/PutLockerDownloaderv24.exe (PutLockerDownloaderv2.exe)

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.