home

jp.win-install.info

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain jp.win-install.info is registered by proxy through GoDaddy.com, LLC (R171-LRMS). This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GoDaddy.com, LLC (R171-LRMS)

Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
win-install.info

Whois:
1 win-install.info record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Somoto.p, PUP.Installer.AppsInstallerSL.J, PUP.Solimba.DelimaxConcept (M), PUP.Solimba.AppsInst.Bundler (M), PUP.Solimba.FIRSERIA.Bundler (M)
100.00%

avast!
Win32:Somoto-R [PUP], Win32:Solimba-C [PUP]
33.33%

Kaspersky
not-a-virus:Downloader.Win32.Agent, not-a-virus:AdWare.Win32.Fiseria
33.33%

Sophos
Somoto BetterInstaller, PUA 'Solimba Installer'
33.33%

Dr.Web
Trojan.Packed.28357, Adware.Downware.4319
33.33%

ESET NOD32
Win32/Somoto, Win32/FirseriaInstaller (variant)
33.33%

AVG
Generic, Adware BundleApp.DX
33.33%

Panda Antivirus
PUP/MultiToolbar.A, Adware/Solimba
33.33%

Quick Heal
Adware.NSIS.BetterInstaller.A
16.67%

AhnLab V3 Security
Win-PUP/Somoto
16.67%

Baidu Antivirus
Adware.Win32.Somoto
16.67%

Qihoo 360 Security
Win32/Virus.Downloader.192
16.67%

Emsisoft Anti-Malware
Application.Bundler.Firseria
16.67%

Lavasoft Ad-Aware
Application.Bundler.Firseria.F
16.67%

F-Secure
Riskware.Application.Bundler.Firseria
16.67%

The domain jp.win-install.info has been seen to resolve to the following 7 IP addresses.

52.20.26.1
ec2-52-20-26-1.compute-1.amazonaws.com
June 26, 2016

52.86.173.174
ec2-52-86-173-174.compute-1.amazonaws.com
May 21, 2016

54.210.177.99
ec2-54-210-177-99.compute-1.amazonaws.com
May 21, 2016

52.0.144.33
ec2-52-0-144-33.compute-1.amazonaws.com
August 27, 2015

107.23.154.235
ec2-107-23-154-235.compute-1.amazonaws.com
August 27, 2015

54.235.147.60
ec2-54-235-147-60.compute-1.amazonaws.com
January 12, 2015

107.20.187.152
ec2-107-20-187-152.compute-1.amazonaws.com
January 12, 2015

File downloads found at URLs served by jp.win-install.info.

1 / 68      (Adware)
http://jp.win-install.info/microsoft-word/download/.../6086  (microsoft word.exe)

1 / 68      (Adware)
http://jp.win-install.info/dvd-shrink/download/.../27  (dvd shrink.exe)

12 / 68    (Adware)
http://jp.win-install.info/.../MicrosoftWord_downloader-Q12LumGg3.exe  (filedownloadedsuccessfully_downloader-n295rn8sp.exe)

1 / 68      (Adware)
http://jp.win-install.info/internet-explorer-10-para-windows-7/download/.../14493  (internet explorer 10.exe)

1 / 68      (Adware)
http://jp.win-install.info/cdex/download/.../233  (cdex.exe)

29 / 68    (Adware)
http://jp.win-install.info/irfanview/download/.../846  (irfanview.exe)

URL:
http://jp.win-install.info/

Google Analytics:
UA-45215772

Title:
“Win-Install”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx

win-install.com

win-install.net

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.