» install.update95.com
Overview
Analysis
IPs Addresses (6)
Downloads (7)
Network (5)
Website Detail

install.update95.com

China Capital Investment Limited

Domain Information

The domain install.update95.com registered by China Capital Investment Limited was initially registered in May of 2014 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Incapsula Inc network.

Registrant:

China Capital Investment Limited

Registrar:

DOMAINHAWKS.NET LLC

Server location:

Virginia, United States (US)

Create date:

Friday, May 23, 2014

Expires date:

Monday, May 23, 2016

Updated date:

Monday, March 7, 2016

ASN:

AS19551 INCAPSULA - Incapsula Inc,US

Root domain:

update95.com

Whois:

5 update95.com records

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

DownloadManager.AirSoftware.H, DownloadManager.AirSoftware.F, DownloadManager.Air Software, DownloadManager.Bundler.Air Software, PUP.Air Software.AirSoftware.Bundler (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Air Software (M)

100.00%

K7 AntiVirus

Adware , Unwanted-Program

54.00%

F-Prot

W32/AirInstall.A.gen

54.00%

avast!

Win32:Installer-L [PUP], PUP-gen [PUP], Win32:Adware-CAH [PUP]

54.00%

Sophos

AirInstaller, PUA 'AirInstaller'

54.00%

Comodo Security

Application.Win32.Agent.AJ, Application.Win32.AirAdInstaller.A

54.00%

Dr.Web

Adware.Downware.963, Adware.Downware.897, Adware.Downware.1167, Trojan.SMSSend.4317, Adware.Downware.10718

54.00%

VIPRE Antivirus

AirInstaller

54.00%

Avira AntiVirus

Adware/Airinstall.J, ADWARE/Adware.Gen7, Adware/AirInst.1174

54.00%

AhnLab V3 Security

PUP/Win32.AirAdInstaller

54.00%

ESET NOD32

Win32/AirAdInstaller.A potentially unwanted application

54.00%

Rising Antivirus

PE:PUF.Airinstall!1.9C4C

54.00%

IKARUS anti.virus

Trojan-Downloader, Win32.Malware

54.00%

Vba32 AntiVirus

AdWare.AirAdInstaller

54.00%

AVG

Generic5, Adware Generic_r, Adware InstallCore.RV, Adware InstallCore.RW, Win.Threat.Medium

54.00%

The domain install.update95.com has been seen to resolve to the following 6 IP addresses.

192.230.92.93

192.230.92.93.ip.incapdns.net

August 15, 2016

199.83.132.93

199.83.132.93.ip.incapdns.net

June 30, 2016

April 3, 2016

May 5, 2015

February 28, 2015

August 7, 2014

File downloads found at URLs served by install.update95.com.

1 / 68 (Adware)

http://install.update95.com/get/click/.../?filename= (setup.exe)

1 / 68 (Adware)

http://install.update95.com/get/click/.../?filename=Upgrade (upgrade.exe)

1 / 68 (Adware)

http://install.update95.com/get/click/.../?filename=FlashPlayerPro (flashplayerpro.exe)

1 / 68 (Adware)

http://install.update95.com/get/click/.../?filename=Setup (setup.exe)

1 / 68 (Adware)

http://install.update95.com/get/click/.../?filename=Update (update.exe)

1 / 68 (Adware)

http://install.update95.com/get/click/.../?filename=Upgrade (upgrade.exe)

1 / 68 (Adware)

http://install.update95.com/get/click/.../?filename=Upgrade (upgrade.exe)

The following 5 files have been seen to comunicate with install.update95.com in live environments.

TCP » 104.130.124.96:443

translategenius.crx

TCP » 104.130.124.96:443

translategenius.crx

TCP » 104.130.124.96:443

translategenius.crx

TCP » 104.130.124.96:443

translategenius.crx

TCP » 141.8.226.14:80

google-bookmarks.crx

URL:

http://install.update95.com/

Web server:

nginx/1.8.1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.