home

downlaod.tuizhong.com

Song Li

Domain Information

The domain downlaod.tuizhong.com registered by Song Li was initially registered in March of 2010 through ENAME TECHNOLOGY CO., LTD.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Nanning, Guangxi within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Guangxi, China (CN)

Create date:
Tuesday, March 23, 2010

Expires date:
Monday, March 23, 2015

Updated date:
Wednesday, January 8, 2014

ASN:
AS37963 CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd.,CN

Root domain:
tuizhong.com

Whois:
1 tuizhong.com record

Google Safe Browsing:
malware

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SHANGHAIFENGHANNETWORKINFORMATIONTECHNOLOGYSTUDIO.Installer (M), PUP (M)
100.00%

Dr.Web
BackDoor.Infector.50
50.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
50.00%

The domain downlaod.tuizhong.com has been seen to resolve to the following 6 IP addresses.

120.26.48.151
September 1, 2016

112.124.60.81
September 1, 2016

115.29.98.159
August 12, 2014

121.40.77.49
August 12, 2014

182.92.106.237
August 12, 2014

121.40.120.230
AY140721104848Z
August 12, 2014

File downloads found at URLs served by downlaod.tuizhong.com.

1 / 68      (Malware)
http://downlaod.tuizhong.com/.../?cid=789  (setup_0789c6wh.exe)

3 / 68      (PUP)
http://downlaod.tuizhong.com/.../?cid=625  (setup0625.exe)

The following 5 files have been seen to comunicate with downlaod.tuizhong.com in live environments.

TCP » 121.40.120.230:80
迅捷微信聊天记录恢复器3.2绿色版@304_170929.exe (Downloader)

TCP » 121.40.120.230:80
setup_0425nner.exe

TCP » 121.40.120.230:80
setup_1603iqun.exe

TCP » 121.40.120.230:80
setup_0736clcv.exe

TCP » 121.40.120.230:80
setup_0796rroi.exe

URL:
http://downlaod.tuizhong.com/

Web server:
Microsoft-IIS/7.5 (ASP.NET)

cdren.com

dns-vip.net

haodown.net

vstart.net

xiaocen.com

xiazaicdn.ren

xiazaiyuan.net

3ddianshiji.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.