winipoly.me
WhoisGuard, Inc. (Proxy Registrant)
Domain Information
The domain winipoly.me is registered by proxy through NameCheap R216-ME (1068) and was originally registered in June of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Beauharnois, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Registrant:
WhoisGuard, Inc.
Registrar:
NameCheap R216-ME (1068)
Server location:
Quebec, Canada (CA)
Create date:
Saturday, June 6, 2015
Expires date:
Monday, June 6, 2016
Updated date:
Wednesday, August 5, 2015
ASN:
AS16276 OVH OVH SAS,FR
Scanner detections:
Detections (61% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.ELEX.YuxinWANG (M), PUP.YuBao.Installer (M), PUP.YuBao (M)
44.44%
Kaspersky
HEUR:Trojan-Downloader.Win32.Generic, Trojan.Win32.Nurjax, not-a-virus:Downloader.Win32.YeSearch
38.89%
Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
38.89%
McAfee
Trojan.Artemis!18FE6F6B0AA0, Trojan.Artemis!60F9A483BD2A, Artemis!D661F5ED4678, Artemis!224BE2D458BD, Artemis!7E170540D08A, Artemis!C9E9D0F45D9B, Artemis!647A25149EB8
38.89%
Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen, HEUR/QVM42.1.Malware.Gen
33.33%
Avira AntiVirus
W32/Sality.AT, TR/Patched.Gen
11.11%
Clam AntiVirus
Win.Adware.Agent-59030, Win.Adware.Agent-59029
11.11%
Microsoft Security Essentials
Worm:Win32/NeksMiner.A
5.56%
F-Secure
Application:W32/Generic.70053c248f!Online
5.56%
Malwarebytes
PUP.Optional.YesSearches
5.56%
nProtect
Trojan-Dropper/W32.Agent.50166
5.56%
AhnLab V3 Security
PUP/Win32.OutBrowse
5.56%
Dr.Web
Trojan.DownLoader18.65293
5.56%
The domain winipoly.me has been seen to resolve to the following 2 IP addresses.
File downloads found at URLs served by winipoly.me.
Web server:
nginx/1.0.15 (PHP/5.6.13)