home

installs.peepsrv.com

Pinball Corp

Domain Information

The domain installs.peepsrv.com registered by Pinball Corp was initially registered in January of 2013 through Network Solutions, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Seattle, Washington within the United States. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
Network Solutions, LLC

Server location:
Washington, United States (US)

Create date:
Thursday, January 3, 2013

Expires date:
Tuesday, January 3, 2017

Updated date:
Tuesday, November 4, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
peepsrv.com

Whois:
1 peepsrv.com record

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.betwikx.L, PUP.betwikx.U, PUP.betwikx.V, PUP.betwikx.J, PUP.betwikx.g, PUP.Betwikx.Installer (M)
95.24%

Malwarebytes
Adware.Agent, PUP.Optional.PricePeep.A
80.95%

Dr.Web
Adware.Shopper.297
80.95%

VIPRE Antivirus
Pinball Corporation, Trojan.Win32.Generic
80.95%

AVG
AdInject.Betwikx, SmartShopper.L, Generic5
76.19%

Trend Micro House Call
TROJ_GEN.R0CBH07J513, TROJ_GEN.R0CBH07J913, TROJ_GEN.F47V1121, TROJ_GEN.F47V1222, TROJ_GEN.R0CBB01JG13, TROJ_GEN.R0CBH07IR13
57.14%

Vba32 AntiVirus
AdWare.Agent.adln, AdWare.JS.PricePeep
52.38%

Kaspersky
not-a-virus:AdWare.JS.PricePeep
52.38%

Comodo Security
Heur.Suspicious, ApplicUnwnt, Application.Win32.AdWare.PricePeep.A
47.62%

IKARUS anti.virus
not-a-virus:AdWare.JS.PricePeep, Win32.SuspectCrc, AdWare.PricePeep
47.62%

Fortinet FortiGate
Adware/Agent, Adware/JS_PricePeep
42.86%

MicroWorld eScan
Adware.PricePeep.A, Adware.PricePeep.B, Adware.Generic.454601
38.10%

Bitdefender
Adware.PricePeep.A, Adware.PricePeep.B, Adware.Generic.454601
38.10%

Emsisoft Anti-Malware
Adware.PricePeep, Adware.Generic.454601
38.10%

G Data
Adware.PricePeep, Adware.Generic.454601
38.10%

The domain installs.peepsrv.com has been seen to resolve to the following 99 IP addresses.

52.84.125.170
server-52-84-125-170.iad16.r.cloudfront.net
July 22, 2016

52.84.125.163
server-52-84-125-163.iad16.r.cloudfront.net
July 22, 2016

52.84.125.120
server-52-84-125-120.iad16.r.cloudfront.net
July 22, 2016

52.84.125.105
server-52-84-125-105.iad16.r.cloudfront.net
July 22, 2016

52.84.125.68
server-52-84-125-68.iad16.r.cloudfront.net
July 22, 2016

52.84.125.58
server-52-84-125-58.iad16.r.cloudfront.net
July 22, 2016

52.84.125.46
server-52-84-125-46.iad16.r.cloudfront.net
July 22, 2016

52.84.125.236
server-52-84-125-236.iad16.r.cloudfront.net
July 22, 2016

52.85.131.156
server-52-85-131-156.iad53.r.cloudfront.net
July 2, 2016

52.85.131.129
server-52-85-131-129.iad53.r.cloudfront.net
July 2, 2016

52.85.131.120
server-52-85-131-120.iad53.r.cloudfront.net
July 2, 2016

52.85.131.113
server-52-85-131-113.iad53.r.cloudfront.net
July 2, 2016

52.85.131.93
server-52-85-131-93.iad53.r.cloudfront.net
July 2, 2016

52.85.131.75
server-52-85-131-75.iad53.r.cloudfront.net
July 2, 2016

52.85.142.207
server-52-85-142-207.iad12.r.cloudfront.net
June 6, 2016

52.85.142.162
server-52-85-142-162.iad12.r.cloudfront.net
June 6, 2016

52.85.142.148
server-52-85-142-148.iad12.r.cloudfront.net
June 6, 2016

52.85.142.132
server-52-85-142-132.iad12.r.cloudfront.net
June 6, 2016

52.85.142.64
server-52-85-142-64.iad12.r.cloudfront.net
June 6, 2016

52.85.142.244
server-52-85-142-244.iad12.r.cloudfront.net
June 6, 2016

52.85.142.226
server-52-85-142-226.iad12.r.cloudfront.net
June 6, 2016

52.85.142.222
server-52-85-142-222.iad12.r.cloudfront.net
June 6, 2016

52.85.131.178
server-52-85-131-178.iad53.r.cloudfront.net
May 20, 2016

52.85.131.140
server-52-85-131-140.iad53.r.cloudfront.net
May 20, 2016

52.85.131.118
server-52-85-131-118.iad53.r.cloudfront.net
May 20, 2016

52.85.131.57
server-52-85-131-57.iad53.r.cloudfront.net
May 20, 2016

52.85.131.46
server-52-85-131-46.iad53.r.cloudfront.net
May 20, 2016

52.85.131.221
server-52-85-131-221.iad53.r.cloudfront.net
May 20, 2016

52.85.131.220
server-52-85-131-220.iad53.r.cloudfront.net
May 20, 2016

52.85.131.202
server-52-85-131-202.iad53.r.cloudfront.net
May 20, 2016

 
Showing 30 of 99 IP Addresses

File downloads found at URLs served by installs.peepsrv.com.

8 / 68      (PUP)
http://installs.peepsrv.com/pricepeep_50001_1001.exe  ({08335a88-0992-4ff2-9c20-c63443495e40})

17 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_190001_0102.exe  (470a0e302a51441a657de706df4aba9c)

0 / 68
http://installs.peepsrv.com/pricepeep_50001_1001.exe  (d6bc4b97a43c65bc4f77231e3f6768b7)

13 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_510001_0101.exe  (bf00528851ba31f8b78379afc6b2b8f9)

20 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_510001_0101.exe  (0df80cb92673f9f937a99dea0bbe8852)

16 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_190001_0101.exe  (pricepeep_1.exe)

14 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_50001_1001.exe  (59cf025de66f574adc9021bcd304d56f)

8 / 68      (PUP)
http://installs.peepsrv.com/pricepeep_190001_0102.exe  (1_offer_6.exe)

24 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_50001_1001.exe  (a7fdb6d2ea8f5da2721f91e09312ef0a)

1 / 68      (PUP)
http://installs.peepsrv.com/pricepeep_270006_0101.exe  (setup_.exe)

20 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_50001_1001.exe  (8b064220ebee5da7907c71c7a04393e9)

18 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_50001_1001.exe  (f4bd7fba9baa873a31b478cd5a5ab0fd)

6 / 68      (PUP)
http://installs.peepsrv.com/pricepeep_190001_0102.exe  (472756a50fcc2849b9ac5feeb22cd921)

15 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_510001_0101.exe  (8e13313c536e1fc7d803900b713cba37)

8 / 68      (PUP)
http://installs.peepsrv.com/pricepeep_190001_0102.exe  (7d5320862f3081209648604d019dcbc5)

1 / 68      (PUP)
http://installs.peepsrv.com/pricepeep_50001_1001.exe  (70ac8573e0ba38fb2cee3504500c49db)

1 / 68      (PUP)
http://installs.peepsrv.com/pricepeep_270024_0101.exe  (7525718afe99be247c60659edf81452e)

1 / 68      (PUP)
http://installs.peepsrv.com/pricepeep_270003_1647.exe  (e55621041c4132b34cde2cd1144a59f8)

14 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_50001_1001.exe  (cedc7ef402747f13ed0c6f7bc6575a93)

14 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_50001_1001.exe  (5f07e2c04bef9752be614e4de9f19fd8)

22 / 68    (PUP)
http://installs.peepsrv.com/pricepeep_50001_1001.exe  (e6905412a94b85ae23233f0113362d12)

8 / 68      (PUP)
http://installs.peepsrv.com/pricepeep_50001_1001.exe  (6698f7e4fd694d2111e58f5ecd56de94)

The following 39 files have been seen to comunicate with installs.peepsrv.com in live environments.

TCP » 52.85.142.132:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.179:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.131.148:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.195.216:443
onlineguardian-v2.exe

TCP » 52.85.131.30:443
browser.exe (Browser)

TCP » 52.85.142.9:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.207:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.252:443
cpx.exe (Google Embedded Application)

TCP » 52.85.142.182:80
UCBrowser.exe (by UCWeb)

TCP » 52.85.142.252:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.120:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.252:443
whatsapptime.exe

TCP » 52.85.142.37:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.9:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.93:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.42:80
ssn.exe (ssn)

TCP » 52.85.142.146:443
online-guardian-v2.0.9.exe

TCP » 52.85.142.179:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.120:443
APK2Mobile.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 52.84.125.120:443
UCBrowser.exe (UC Browser by UCWeb)

 
Latest 20 of 117 files

URL:
http://installs.peepsrv.com/

Network:
Amazon Cloudfront

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.