home

down.meiheitou.com

yang yang

Domain Information

The domain down.meiheitou.com registered by yang yang was initially registered in October of 2012 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chengdu, Sichuan within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Sichuan, China (CN)

Create date:
Friday, October 19, 2012

Expires date:
Wednesday, October 19, 2016

Updated date:
Monday, October 20, 2014

ASN:
AS4134 CHINANET-BACKBONE No.31,Jin-rong Street,CN

Root domain:
meiheitou.com

Whois:
2 meiheitou.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (57% detected)

Scan engine
Details
Detections

Vba32 AntiVirus
Signed-Adware.Hao123.BaiduBeijingCo
85.71%

Rising Antivirus
PE:Trojan.Win32.Generic.177C8130!394035504, PE:Trojan.Win32.Generic.173B1DCB!389750219, PE:Trojan.Win32.Generic.1754AEC4!391425732
57.14%

Trend Micro House Call
Suspicious_GEN.F47V0623, Suspicious_GEN.F47V1028, Suspici.F6E93178
42.86%

NANO AntiVirus
Trojan.Win32.Rogue.ctojyu, Trojan.Win32.Conduit.dfemlz
42.86%

McAfee
Artemis!362EE85552E2, Artemis!A56A8DC23870, Artemis!31220CC65829
42.86%

Norman
Malware
28.57%

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
28.57%

IKARUS anti.virus
PUA.AdGazelle, Trojan.NSIS.StartPage
28.57%

Qihoo 360 Security
Trojan.Generic
28.57%

ESET NOD32
Win32/FlyStudio.Packed.AD (variant)
14.29%

Baidu Antivirus
Trojan.Win32.FlyStudio.BPacked
14.29%

AVG
Suining
14.29%

AegisLab AV Signature
DangerousObject.Multi.Gen
14.29%

Reason Heuristics
PUP.Downloader
14.29%

herdProtect (fuzzy)
a variant of 1aceee1c43c2b35ebc6609813ff772af6f8186cf
14.29%

The domain down.meiheitou.com has been seen to resolve to the following 4 IP addresses.

58.215.177.195
May 21, 2016

220.167.104.171
171.104.167.220.dial.dy.sc.dynamic.163data.com.cn
May 6, 2015

221.236.174.69
69.174.236.221.broad.ls.sc.dynamic.163data.com.cn
November 13, 2014

218.87.111.75
July 31, 2014

File downloads found at URLs served by down.meiheitou.com.

13 / 68    (PUP)
http://down.meiheitou.com/.../QvodSetup.exe  (31220cc65829cc3a7fec71823affc9e6)

3 / 68      (inconclusive)
http://down.meiheitou.com/.../QvodSetup.exe  (1e591d6c6e3d66280ced09bc2ca22e3d)

6 / 68      (PUP)
http://down.meiheitou.com/.../Xigua_Install.exe  (bdupdate.exe)

7 / 68      (PUP)
http://down.meiheitou.com/.../QvodSetup.exe  (eb7165140862e50462f4e0e35e73d2ef)

4 / 68      (inconclusive)
http://down.meiheitou.com/.../Xigua_Install.exe  (d1a60141c6006c23db015e7d59438a57)

5 / 68      (PUP)
http://down.meiheitou.com/.../Xigua_Install.exe  (c43100e5a0815e5afcb58bf9ee905224)

6 / 68      (PUP)
http://down.meiheitou.com/.../Xigua_Install.exe  (bdupdate.exe)

4 / 68      (inconclusive)
http://down.meiheitou.com/.../QvodSetup.exe  (bdupdate.exe)

URL:
http://down.meiheitou.com/

Web server:
nginx

21outward.com

lome.cc

vicp.net

aq8.cc

cdyb.net

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.