home

go.xetcom.com

Xetcom Software Portal

Domain Information

The domain go.xetcom.com registered by Xetcom Software Portal was initially registered in August of 2009 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Monday, August 10, 2009

Expires date:
Wednesday, August 10, 2016

Updated date:
Tuesday, July 7, 2015

ASN:
AS16265 FIBERRING LeaseWeb B.V.,NL

Root domain:
xetcom.com

Whois:
1 xetcom.com record

Scanner detections:
Detections  (64% detected)

Scan engine
Details
Detections

Reason Heuristics
Optional.MediaGetApp.Installer.X, PUP.Installer.Banner, PUP.Installer.DestinyMedia, PUP.PROFISOF (M), PUP.Amonitize, PUP (M)
100.00%

Malwarebytes
PUP.Adware.MediaGet, PUP.Optional.Zona
57.14%

Kaspersky
not-a-virus:Downloader.Win32.MediaGet, not-a-virus:Downloader.Win32.AdLoad
57.14%

Sophos
MediaGet, Generic PUA BN
57.14%

Avira AntiVirus
APPL/MediaGet.Gen5, PUA/MediaGet.Gen5, Adware/ZvuZona.29998764
57.14%

G Data
Win32.Adware.MediaGet, Win32.Application.ZvuZona
57.14%

ESET NOD32
Win32/MediaGet.AE (variant), Win32/MediaGet.AF potentially unwanted (variant), Win32/ZvuZona.A potentially unwanted (variant)
57.14%

AVG
Banne, Generic
57.14%

Dr.Web
Program.MediaGet.21, Program.MediaGet.111, Program.Zona.41
42.86%

Trend Micro House Call
Suspicious_GEN.F47V0209, Suspicious_GEN.F47V0319, TROJ_GEN.R00UC0PCG15
42.86%

McAfee
Artemis!9A12E10510FA, Artemis!20E60E425AD5, ZvuZona
42.86%

avast!
Win32:Rootkit-gen [Rtk], Win32:ZvuZona-I [PUP]
28.57%

Qihoo 360 Security
Win32/Virus.Downloader.e90, Win32/Virus.Downloader.bd5
28.57%

K7 AntiVirus
Unwanted-Program , Adware
28.57%

Comodo Security
Application.Win32.MediaGet.G, Application.Win32.ZvuZona.A
28.57%

The domain go.xetcom.com has been seen to resolve to the following IP address.

62.212.73.98
xetcom.com
October 1, 2015

File downloads found at URLs served by go.xetcom.com.

1 / 68      (Malware)
http://go.xetcom.com/.../index.php  (kdwin.exe)

13 / 68    (PUP)
http://go.xetcom.com/.../index.php  (jupiter-ascending-ts-screener-espaol-latino-2015_id1181297ids2s.exe)

35 / 68    (PUP)
http://go.xetcom.com/.../index.php  (zonasetup_latest.exe)

1 / 68      (Adware)
http://go.xetcom.com/.../index.php  (kdwin.exe)

1 / 68      (PUP)
http://go.xetcom.com/.../index.php  (b8xovyefk8gd.exe)

0 / 68
http://go.xetcom.com/.../index.php  (mpc-hc.1.7.8.x86.exe)

14 / 68    (PUP)
http://go.xetcom.com/.../index.php  (mediaget_id2582134ids1s.exe)

0 / 68
http://go.xetcom.com/.../index.php  (free.video.dub.exe)

9 / 68      (PUP)
http://go.xetcom.com/.../index.php?title=Zona  (mediaget_id2355365ids2s.exe)

0 / 68
http://go.xetcom.com/.../index.php  (database.net.exe)

0 / 68
http://go.xetcom.com/.../index.php  (exportizer.setup.exe)

The following file have been seen to comunicate with go.xetcom.com in live environments.

TCP » 62.212.73.98:443
67b1f028_stp.exe (Mail.Ru Switcher by Mail.Ru)

URL:
http://go.xetcom.com/

Web server:
nginx (PHP/5.3.3-7+squeeze28)

xetapp.com

xetbox.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.