54.197.226.9

ec2-54-197-226-9.compute-1.amazonaws.com

IP Address Information

The IP Address resolves to the DNS record of ec2-54-197-226-9.compute-1.amazonaws.com. Currently there are 5 domain names that utilize this address. The primary domain hosted by this IP is www.joydownload.com along with 4 other domains which are known adware distribution web sites. This is an Amazon Web Services (AWS) Elastic IP Address and is hosted within the AWS cloud computing platform.
Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SevasS.b, PUP.SevasS.R, PUP.SevasS.DD, PUP.SevasS.O, PUP.SevasS.a, PUP.SevasS.Z, PUP.SevasS.V, PUP.SevasS.P, PUP.Installer.SevasS.R, PUP.SevasS.Q, PUP.SevasS.J, PUP.SevasS.N, PUP.SevasS.Y, PUP.SevasS.U, PUP.SevasS.M
100.00%

Malwarebytes
PUP.Optional.OpenCandy
97.92%

ESET NOD32
Win32/JoyDownloader
95.83%

Dr.Web
Adware.Downware.1446
91.67%

Trend Micro House Call
TROJ_GEN.F47V0912, TROJ_GEN.F47V0911, TROJ_GEN.F47V1114, TROJ_GEN.F47V1214, TROJ_GEN.F47V0815, TROJ_GEN.F47V1017, TROJ_GEN.F47V1009
89.58%

Antiy Labs AVL
Trojan/Win32.Generic
87.50%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
87.50%

herdProtect (fuzzy)
a variant of 0cf5301154f5f364e803d712a10a0b01ed501d87, a variant of 7cf9735c6a42e943038d2c26b4392525307e4c63, a variant of c47c6fe9f75371bc6f95213868bbf49548dba3f2
79.17%

McAfee
Artemis!E189BE25DE3B, Artemis!10B81882D9C4, Artemis!EF44C75D74F2, Artemis!7B21141237E8, Artemis!182E2784F78F, Artemis!8063DADAF8FD, Artemis!F08AA3B17AAF, Artemis!4630DCFEFB06, Artemis!30F793226CF5, Artemis!DEF32AE932B4, Artemis!C3542218EAC1, Artemis!5163BA407AA3, Artemis!F1636D86F8AE, Artemis!05ABA008CD79, Artemis!130EEDA1E119, Artemis!7C3301782ABC, Artemis!E13BFA96EEF9
70.83%

McAfee Web Gateway
Artemis!E189BE25DE3B, Artemis!10B81882D9C4, Artemis!EF44C75D74F2, Artemis!7B21141237E8, Artemis!182E2784F78F, Artemis!8063DADAF8FD
70.83%

The following domains resolved to the IP address 54.197.226.9.

File URLs download from 54.197.226.9.

9 / 68      (Adware)

9 / 68      (Adware)
http://www.joydownload.com/wi/1/3/1/.../dap-10.0.5.3.exe  (e779b0c31b73685ba78ced7f6038bc67)

10 / 68    (Adware)

10 / 68    (Adware)
http://www.joydownload.com/wi/1/3/1/.../speedfan-4.49.exe  (c31575454a21f16c04d799bb5df3786a)

9 / 68      (Adware)

13 / 68    (Adware)
http://www.joydownload.com/d/.../RealPlayer-oc-jd.exe  (fd5aabcb5744a29bb48151a383bc1371)

8 / 68      (Adware)
http://www.joydownload.com/d/.../ps1001-oc-jd.exe  (b6c80b2310f2a97b7b5dafa76d721a4c)

14 / 68    (Adware)

16 / 68    (Adware)

12 / 68    (Adware)

14 / 68    (Adware)

14 / 68    (Adware)

10 / 68    (Adware)

15 / 68    (Adware)

13 / 68    (Adware)

13 / 68    (Adware)

13 / 68    (Adware)

12 / 68    (Adware)

24 / 68    (Adware)

14 / 68    (Adware)

21 / 68    (Adware)

12 / 68    (Adware)
http://www.joydownload.com/wi/1/3/1/.../Set-up.exe  (f1636d86f8aeb702d353b622388db33b)

12 / 68    (Adware)

12 / 68    (Adware)

 
Latest 30 of 1,823 download URLs

The geographical location of this IP address.

Country:
United States (US)

Region:
Virginia

City:
Ashburn

Coordinates:
39.0437, -77.4875

ARIN WHOIS:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=54.197.226.9?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

Amazon Technologies Inc. AMAZON-2011L (NET-54-192-0-0-1) 54.192.0.0 - 54.207.255.255
Amazon.com, Inc. AMAZO-ZIAD7 (NET-54-196-0-0-1) 54.196.0.0 - 54.197.255.255



#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#


Autonomous System Assignment
ASNumber:
14618

ASName:
AMAZON-AES - Amazon.com, Inc.,US

ASHandle:
AS14618

Remove Malware from 54.197.226.9 - Powered by Reason Core Security