winipoly.me

WhoisGuard, Inc.  (Proxy Registrant)

Domain Information

The domain winipoly.me is registered by proxy through NameCheap R216-ME (1068) and was originally registered in June of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Beauharnois, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Registrar:
NameCheap R216-ME (1068)

Server location:
Quebec, Canada (CA)

Create date:
Saturday, June 6, 2015

Expires date:
Monday, June 6, 2016

Updated date:
Wednesday, August 5, 2015

ASN:
AS16276 OVH OVH SAS,FR

Scanner detections:
Detections  (61% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ELEX.YuxinWANG (M), PUP.YuBao.Installer (M), PUP.YuBao (M)
44.44%

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic, Trojan.Win32.Nurjax, not-a-virus:Downloader.Win32.YeSearch
38.89%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
38.89%

McAfee
Trojan.Artemis!18FE6F6B0AA0, Trojan.Artemis!60F9A483BD2A, Artemis!D661F5ED4678, Artemis!224BE2D458BD, Artemis!7E170540D08A, Artemis!C9E9D0F45D9B, Artemis!647A25149EB8
38.89%

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen, HEUR/QVM42.1.Malware.Gen
33.33%

Avira AntiVirus
W32/Sality.AT, TR/Patched.Gen
11.11%

Clam AntiVirus
Win.Adware.Agent-59030, Win.Adware.Agent-59029
11.11%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
5.56%

F-Secure
Application:W32/Generic.70053c248f!Online
5.56%

Malwarebytes
PUP.Optional.YesSearches
5.56%

nProtect
Trojan-Dropper/W32.Agent.50166
5.56%

AhnLab V3 Security
PUP/Win32.OutBrowse
5.56%

Dr.Web
Trojan.DownLoader18.65293
5.56%

The domain winipoly.me has been seen to resolve to the following 2 IP addresses.

February 1, 2016

January 3, 2016

File downloads found at URLs served by winipoly.me.

1 / 68
http://winipoly.me/100214_2_1.exe  (125aa195_stp.exe)

4 / 68      (inconclusive)
http://winipoly.me/100214_2_1.exe  (a serie divergente insurgente bdrip blu-ray 1080p 5.1 ch dublado download torrent.exe)

6 / 68      (PUP)
http://winipoly.me/100214_2_1.exe  (125aa195_stp.exe)

3 / 68      (inconclusive)
http://winipoly.me/100214_2_1.exe  (125aa195_stp.exe)

2 / 68      (false positives)

3 / 68      (inconclusive)
http://winipoly.me/100214_2_1.exe  (125aa195_stp.exe)

6 / 68      (PUP)
http://winipoly.me/100214_2_1.exe  (125aa195_stp.exe)

4 / 68      (inconclusive)
http://winipoly.me/100214_2_1.exe  (125aa195_stp.exe)

5 / 68      (Malware)
http://winipoly.me/100214_2_1.exe  (125aa195_stp.exe)

2 / 68      (inconclusive)
http://winipoly.me/100214_2_1.exe  (125aa195_stp.exe)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

2 / 68      (PUP)

1 / 68      (Adware)
http://winipoly.me/.../310714_a9.exe  (oa6j0qm2ap5iqgixdllysmiaqsoa6j0qm2ap5iqgixdllysmiaqs_a9.exe)

1 / 68      (PUP)

2 / 68      (PUP)

1 / 68      (PUP)

URL:
http://winipoly.me/

Title:
“Em manutencao”

Web server:
nginx/1.0.15 (PHP/5.6.13)