149.56.9.64

IP Address Information

Currently there are 15 domain names that utilize this address. The primary domain hosted by this IP is app.pix-easy.com along with 14 other domains which are known adware distribution web sites.
Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Adedge, PUP.Conduit.R, PUP.CoolMirageltd.L, PUP.Installer.JumpyApps.O, PUP.Conduit.W, PUP.Installer.CoolMirageltd.N, PUP.Installer.FriedCookie.O, PUP.CoolMirageltd.CC, PUP.CoolMirageltd.e, PUP.Installer.ComboApps.O, PUP.installCore.FriedCookie.Installer (M), PUP.installCore.ComboApps.Installer (M), PUP.Adedge.AedgePerformanceBCNU.Installer (M), PUP.installCore.JumpyApps.Installer (M), PUP.OfferBox.SecureDigitalServices.Installer (M), PUP.installCore.Installer, PUP.Adedge.AedgePer.Installer (M), PUP.OfferBox.SecureDi.Installer (M), PUP.Adedge (M)
100.00%

VIPRE Antivirus
Conduit, InstallCore, Iminent, Trojan.Win32.Generic, Threat.4788237, Threat.4786018
42.86%

Dr.Web
Adware.Conduit.6, Trojan.Packed.24524, Adware.Downware.902, Trojan.MulDrop5.10078, Trojan.Packed.26328
40.82%

Avira AntiVirus
ADWARE/InstallCore.Gen7, APPL/CoolMirage.Gen6, TR/Spy.670976, APPL/CoolMirage.kle, ADWARE/InstallCore.Gen9
30.61%

Sophos
Install Core Click run software, FT Downloader, PUA 'Install Core Click run software'
26.53%

ESET NOD32
Win32/OpenCandy, Win32/InstallCore.IX (variant), Win32/InstallCore.GZ (variant), Win32/Adware.1ClickDownload, Win32/Injected (variant)
24.49%

Malwarebytes
PUP.Optional.OpenCandy, PUP.Optional.JumpyApps, PUP.Optional.Conduit.A, PUP.Optional.JumpyApps.A, PUP.BundleInstaller.DW
22.45%

Vba32 AntiVirus
Downware.InstallCore
22.45%

G Data
Win32.Application.ConduitBrothersoftTB, Win32.Application.InstallCore, Gen:Trojan.Heur2.GZ.OHZ@bqhNp9oG, Win32.Application.InstallCore.CZ
18.37%

Agnitum Outpost
Trojan.Injected, PUA.InstallCore
18.37%

The following domains resolved to the IP address 149.56.9.64.

File URLs download from 149.56.9.64.

1 / 68      (Adware)

6 / 68      (PUP)
http://produtools.com/.../downloadmanuals_sp.php  (manualsearch_tsv42dvgv.exe)

1 / 68      (Adware)
http://app.pix-easy.com/download.php?ul=en  (InstallShield Setup.exe)

The geographical location of this IP address.

Country:
Canada (CA)

Region:
Quebec

City:
Montreal

Coordinates:
45.5088, -73.5878

ARIN WHOIS:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=149.56.9.64?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

Cogini Hong Kong Limited OVH-CUST-2382670 (NET-149-56-9-64-1) 149.56.9.64 - 149.56.9.79
OVH Hosting, Inc. HO-2 (NET-149-56-0-0-1) 149.56.0.0 - 149.56.255.255



#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


Autonomous System Assignment
ASNumber:
16276

ASName:
OVH OVH SAS, FR

ASHandle:
AS16276

Remove Malware from 149.56.9.64 - Powered by Reason Core Security