home

down.xiazaiyuan.net

Li Xin

Domain Information

The domain down.xiazaiyuan.net registered by Li Xin was initially registered in November of 2015 through CHENGDU WEST DIMENSION DIGITAL TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Nanning, Guangxi within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
CHENGDU WEST DIMENSION DIGITAL TECHNOLOGY CO., LTD.

Server location:
Guangxi, China (CN)

Create date:
Thursday, November 5, 2015

Expires date:
Saturday, November 5, 2016

Updated date:
Tuesday, November 10, 2015

ASN:
AS37963 CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd.,CN

Root domain:
xiazaiyuan.net

Whois:
1 xiazaiyuan.net record

Google Safe Browsing:
malware,unwanted

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SHANGHAI.Installer (M), PUP.SHANGHAIFENGHANNETWORKINFORMATIONTECHNOLOGYSTU, PUP (M)
100.00%

The domain down.xiazaiyuan.net has been seen to resolve to the following 4 IP addresses.

120.26.48.151
May 30, 2016

112.124.60.81
May 30, 2016

121.40.120.230
AY140721104848Z
May 30, 2016

121.40.77.49
May 30, 2016

File downloads found at URLs served by down.xiazaiyuan.net.

1 / 68      (Malware)
http://down.xiazaiyuan.net/.../?cid=146  (setup_0146lfct.exe)

1 / 68      (Malware)
http://down.xiazaiyuan.net/.../?cid=99  (setup_0099n1uo.exe)

1 / 68      (Malware)
http://down.xiazaiyuan.net/.../?cid=277  (setup_0277txwu.exe)

1 / 68      (Malware)
http://down.xiazaiyuan.net/.../?cid=2046  (setup_2046ozuo.exe)

1 / 68      (PUP)
http://down.xiazaiyuan.net/.../?cid=277  (setup_0277b3nl.exe)

1 / 68      (PUP)
http://down.xiazaiyuan.net/.../?cid=99  (setup_0099wfd2.exe)

1 / 68      (PUP)
http://down.xiazaiyuan.net/.../?cid=99  (setup_0099vptq.exe)

1 / 68      (PUP)
http://down.xiazaiyuan.net/.../?cid=277  (setup_0277hbu0.exe)

1 / 68      (PUP)
http://down.xiazaiyuan.net/.../?cid=1  (setup_0001pzvd.exe)

1 / 68      (PUP)
http://down.xiazaiyuan.net/.../?cid=584  (setup_0584l08i.exe)

1 / 68      (PUP)
http://down.xiazaiyuan.net/.../?cid=865  (setup_0865xi2n.exe)

0 / 68
http://down.xiazaiyuan.net/.../?cid=583  (99e6bfe7d0285148c4a72675e11cd165.exe)

1 / 68      (PUP)
http://down.xiazaiyuan.net/.../?cid=584  (setup_0584sp1y.exe)

The following 5 files have been seen to comunicate with down.xiazaiyuan.net in live environments.

TCP » 121.40.120.230:80
迅捷微信聊天记录恢复器3.2绿色版@304_170929.exe (Downloader)

TCP » 121.40.120.230:80
setup_0425nner.exe

TCP » 121.40.120.230:80
setup_1603iqun.exe

TCP » 121.40.120.230:80
setup_0736clcv.exe

TCP » 121.40.120.230:80
setup_0796rroi.exe

URL:
http://down.xiazaiyuan.net/

Web server:
Microsoft-IIS/7.5 (ASP.NET)

cdren.com

dns-vip.net

haodown.net

tuizhong.com

vstart.net

xiaocen.com

xiazaicdn.ren

3ddianshiji.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.