home

downlaod.xiaocen.com

Song Li

Domain Information

The domain downlaod.xiaocen.com registered by Song Li was initially registered in November of 2010 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Nanning, Guangxi within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Guangxi, China (CN)

Create date:
Sunday, November 28, 2010

Expires date:
Tuesday, November 28, 2017

Updated date:
Sunday, January 17, 2016

ASN:
AS37963 CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd.,CN

Root domain:
xiaocen.com

Whois:
1 xiaocen.com record

Google Safe Browsing:
malware,unwanted

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SHANGHAIFENGHANNETWORKINFORMATIONTECHNOLOGYSTUDIO.Installer (M), PUP.SHANGHAI.Installer (M), PUP.Shanghai.Installer (M), PUP (M)
100.00%

The domain downlaod.xiaocen.com has been seen to resolve to the following 4 IP addresses.

121.40.120.230
AY140721104848Z
January 30, 2016

121.40.77.49
January 30, 2016

120.26.48.151
January 30, 2016

112.124.60.81
January 30, 2016

File downloads found at URLs served by downlaod.xiaocen.com.

1 / 68      (Malware)
http://downlaod.xiaocen.com/.../?cid=1998  (setup_1998vvct.exe)

1 / 68      (Malware)
http://downlaod.xiaocen.com/.../?cid=1974  (setup_1974.exe)

1 / 68      (Malware)
http://downlaod.xiaocen.com/.../?cid=1557  (setup_1557.exe)

0 / 68
http://downlaod.xiaocen.com/.../?cid=1848  (13__3112003__3f7372633d6c6d266c733d6e37396163333737333961__68616f2e3336302e636e__0c74.exe)

1 / 68      (Malware)
http://downlaod.xiaocen.com/.../?cid=1538  (setup_1538qatb.exe)

1 / 68      (Malware)
http://downlaod.xiaocen.com/.../?cid=1538  (setup_1538t6vx.exe)

1 / 68      (PUP)
http://downlaod.xiaocen.com/.../?cid=800  (setup_0800gl8m.exe)

1 / 68      (PUP)
http://downlaod.xiaocen.com/.../?cid=1524  (setup_1524wlu2.exe)

1 / 68      (PUP)
http://downlaod.xiaocen.com/.../?cid=1524  (setup_1524qte8.exe)

1 / 68      (PUP)
http://downlaod.xiaocen.com/.../?cid=1572  (setup_1572abg5.exe)

1 / 68      (PUP)
http://downlaod.xiaocen.com/.../?cid=1998  (setup_1998alzs.exe)

1 / 68      (PUP)
http://downlaod.xiaocen.com/.../?cid=1522  (setup_1522z2zp.exe)

1 / 68      (PUP)
http://downlaod.xiaocen.com/.../?cid=1803  (setup_1803ytuz.exe)

The following 5 files have been seen to comunicate with downlaod.xiaocen.com in live environments.

TCP » 121.40.120.230:80
迅捷微信聊天记录恢复器3.2绿色版@304_170929.exe (Downloader)

TCP » 121.40.120.230:80
setup_0425nner.exe

TCP » 121.40.120.230:80
setup_1603iqun.exe

TCP » 121.40.120.230:80
setup_0736clcv.exe

TCP » 121.40.120.230:80
setup_0796rroi.exe

URL:
http://downlaod.xiaocen.com/

Web server:
Microsoft-IIS/7.5 (ASP.NET)

cdren.com

dns-vip.net

haodown.net

tuizhong.com

vstart.net

xiazaicdn.ren

xiazaiyuan.net

3ddianshiji.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.