home

dl.869v.com

xiao jie

Domain Information

The domain dl.869v.com registered by xiao jie was initially registered in July of 2014 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Nanning, Guangxi within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Guangxi, China (CN)

Create date:
Wednesday, July 9, 2014

Expires date:
Thursday, July 9, 2015

Updated date:
Tuesday, August 5, 2014

ASN:
AS4134 CHINANET-BACKBONE No.31,Jin-rong Street,CN

Root domain:
869v.com

Whois:
1 869v.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Yantai (L)
66.67%

Clam AntiVirus
Win.Trojan.691128
66.67%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
33.33%

Bkav FE
W32.FamVT.YantaiTTc
33.33%

McAfee
Artemis!D712EA108CB1
33.33%

F-Prot
W32/Yantai.A.gen
33.33%

Trend Micro House Call
Suspicious_GEN.F47V0406
33.33%

NANO AntiVirus
Riskware.Win32.ShouQu.dmnfjx
33.33%

ESET NOD32
Win32/RiskWare.Yantai (variant)
33.33%

Fortinet FortiGate
Riskware/Generic.AC.18053
33.33%

The domain dl.869v.com has been seen to resolve to the following 4 IP addresses.

183.56.172.10
July 17, 2016

183.56.172.229
July 17, 2016

183.57.148.247
September 21, 2014

116.11.254.249
September 21, 2014

File downloads found at URLs served by dl.869v.com.

2 / 68      (PUP)
http://dl.869v.com/down.php?sid=328  (game_358.exe)

8 / 68      (PUP)
http://dl.869v.com/down.php?sid=339  (setup_339.exe)

2 / 68      (PUP)
http://dl.869v.com/down.php?sid=328  (setup_328.exe)

The following 20 files have been seen to comunicate with dl.869v.com in live environments.

TCP » 183.56.172.10:80
life_assistant.crx

TCP » 183.56.172.10:80
leidian.crx

TCP » 183.56.172.10:80
music.crx

TCP » 183.56.172.10:80
novel.crx

TCP » 183.56.172.10:80
life_assistant.crx

TCP » 183.56.172.10:80
leidian.crx

TCP » 183.56.172.10:80
shipin.crx

TCP » 183.56.172.10:80
music.crx

TCP » 183.56.172.10:80
novel.crx

TCP » 183.56.172.10:80
leidian.crx

TCP » 183.56.172.10:80
ejmoceoaphoacojefmkhmfbgkidaefdl.crx

TCP » 183.56.172.10:80
live_assist.crx

TCP » 183.56.172.229:80
piao_5.2.0.32.crx

TCP » 183.56.172.229:80
piao.crx

TCP » 183.56.172.229:80
piao.crx

TCP » 183.56.172.229:80
fqb.crx

TCP » 183.56.172.229:80
fvddownloader_2.1.1.crx

TCP » 183.56.172.229:80
cortica_addon_3.2.0.88.crx

TCP » 183.57.148.247:80
wifi_1.0.1.1002.crx

TCP » 183.57.148.247:80
365guard.crx

 
Latest 20 of 20 files

URL:
http://dl.869v.com/

Title:
“dl”

Web server:
nginx

ke8u.com

qxiazai.com

7r7z.com

duowan.com

it376.com

miliao.com

miui.com

moyoi.com

sh5y.com

winrar.com.cn

yeecall.com

yingyonghui.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.