download.winake.com

YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service)

Domain Information

The domain download.winake.com registered by YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service) was initially registered in October of 2015 through SOLUCIONES CORPORATIVAS IP,SLU. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
HICHINA ZHICHENG TECHNOLOGY LTD.

Server location:
Dublin City, Ireland (IE)

Create date:
Monday, October 19, 2015

Expires date:
Wednesday, October 19, 2016

Updated date:
Monday, October 19, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.WorldSetup.O, PUP.SecureFile.Installer (M), PUP.GammaInstall (M), PUP.SecureFi.Installer (M), PUP.GammaIns.Installer (M)
100.00%

Malwarebytes
PUP.Optional.InstallCore.A
16.67%

The Hacker
Trojan/Injected.e
16.67%

K7 Gateway Antivirus
Unwanted-Program
16.67%

Agnitum Outpost
Trojan.Injected
16.67%

Sophos
Install Core
16.67%

Comodo Security
Application.Win32.InstallCore.BWAN
16.67%

Dr.Web
Trojan.Packed.24524
16.67%

VIPRE Antivirus
Adware.Win32.InstallCore.ba
16.67%

Avira AntiVirus
ADWARE/InstallCore.Gen7
16.67%

Antiy Labs AVL
Trojan/Win32.SGeneric
16.67%

G Data
Win32.Application.InstallCore
16.67%

Vba32 AntiVirus
Downware.InstallCore
16.67%

ESET NOD32
Win32/Injected (variant)
16.67%

AVG
MalSign.Generic
16.67%

The domain download.winake.com has been seen to resolve to the following IP address.

ec2-54-228-230-132.eu-west-1.compute.amazonaws.com
April 4, 2014

File downloads found at URLs served by download.winake.com.

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

3 / 68      (PUP)

15 / 68    (Adware)

The following file have been seen to comunicate with download.winake.com in live environments.