home

clientapi.wasu.cn

Domain Information

Server location:
Liaoning, China (CN)

ASN:
AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone,CN

Root domain:
wasu.cn

Scanner detections:
Detections  (67% detected)

Scan engine
Details
Detections

Quick Heal
AdWare.iBryte.g5 (Not a Virus)
66.67%

Trend Micro House Call
TROJ_GEN.F47V0425, Suspici.C51D39CD
66.67%

Kaspersky
not-a-virus:AdWare.Win32.iBryte
66.67%

Vba32 AntiVirus
AdWare.iBryte
66.67%

IKARUS anti.virus
not-a-virus:AdWare.Win32
33.33%

Sophos
Generic PUA GH
33.33%

McAfee
Program.Artemis!E0794D943665
33.33%

Dr.Web
Trojan.Click3.10610
33.33%

The domain clientapi.wasu.cn has been seen to resolve to the following 11 IP addresses.

221.204.23.16
16.23.204.221.adsl-pool.sx.cn
May 20, 2016

218.60.108.135
cncln.online.ln.cn
May 20, 2016

218.58.209.106
May 20, 2016

218.24.17.40
May 20, 2016

123.130.123.6
May 20, 2016

119.188.138.29
May 20, 2016

119.188.138.24
May 20, 2016

221.204.171.42
42.171.204.221.adsl-pool.sx.cn
May 20, 2016

221.204.23.18
18.23.204.221.adsl-pool.sx.cn
May 20, 2016

221.204.20.12
12.20.204.221.adsl-pool.sx.cn
September 27, 2014

61.240.134.22
September 27, 2014

File downloads found at URLs served by clientapi.wasu.cn.

2 / 68      (inconclusive)
http://clientapi.wasu.cn/.../wasutv.exe  (29d3aa041f90045f8c3df6fb55b54b71)

5 / 68      (PUP)
http://clientapi.wasu.cn/.../wasutv.exe  (4adccea0d0489f2e47493327f7235752)

5 / 68      (PUP)
http://clientapi.wasu.cn/.../wasutv.exe  (a00cd11a9518548ec399a97378a4759a)

The following 8 files have been seen to comunicate with clientapi.wasu.cn in live environments.

TCP » 218.60.108.135:80
jingling.exe

TCP » 221.204.171.42:80
dailaymation.exe (by wgj)

TCP » 218.60.108.135:80
dailaymation.exe (by wgj)

TCP » 218.60.108.135:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 221.204.171.42:80
UCBrowser.exe (by UCWeb)

TCP » 218.60.108.135:80
ysupdate.exe (by Green Creatures Environment Protection Science End Technology Co)

TCP » 218.60.108.135:80
bookmark.crx

TCP » 221.204.171.42:80
jingling.exe

TCP » 221.204.23.18:80
Client.exe

duba.net

ecitic.com

gmw.cn

iciba.com

ijinshan.com

job391.com

letv.com

taotaosou.com

teeqee.com

khit.cn

wps.cn

2144.cn

cgbchina.com.cn

conew.com

miwifi.com

xunyou.com

apabi.com

cebbank.com

kuaiwan.com

tp-link.com.cn

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.