home

haobangshou.b0.upaiyun.com

Hangzhou Weiju Network Ltd.

Domain Information

The domain haobangshou.b0.upaiyun.com registered by Hangzhou Weiju Network Ltd. was initially registered in May of 2011 through GODADDY.COM, LLC. The hosted servers are located in Ashburn, Virginia within the United States which resides on the NTT America, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Wednesday, May 18, 2011

Expires date:
Thursday, May 18, 2017

Updated date:
Sunday, April 26, 2015

ASN:
AS2914 NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US

Root domain:
upaiyun.com

Whois:
1 upaiyun.com record

The domain haobangshou.b0.upaiyun.com has been seen to resolve to the following 2 IP addresses.

165.254.60.146
firewall.systemarts.com
July 4, 2016

205.177.113.34
205-177-113-34.static.pccwglobal.net
June 27, 2016

File downloads found at URLs served by haobangshou.b0.upaiyun.com.

1 / 68      (inconclusive)
http://haobangshou.b0.upaiyun.com/.../polesdf.exe  (6cc4159003e2f33df8320cd73bcb5e3e)

8 / 68      (Malware)
http://haobangshou.b0.upaiyun.com/.../hjsdew.exe  (erf-cabgafbj-3454.exe)

The following 8 files have been seen to comunicate with haobangshou.b0.upaiyun.com in live environments.

TCP » 165.254.60.146:80
jingling.exe

TCP » 165.254.60.146:80
ContentFinder.exe (ContentFinder by ContentFinder Software)

TCP » 165.254.60.146:443
jingling.exe

TCP » 165.254.60.146:443
jingling.exe

TCP » 165.254.60.146:80
jingling.exe

TCP » 165.254.60.146:80
jingling.exe

TCP » 165.254.60.146:80
-¸-+¦ª-¸-+¦µ.exe (liuliangbao by www.liuliangbao.cn)

TCP » 165.254.60.146:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 165.254.60.146:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

URL:
http://haobangshou.b0.upaiyun.com/

SSL certificate subject:
CN=*.b0.upaiyun.com, O=Hangzhou Weiju Network Ltd., L=Hangzhou, S=Zhejiang, C=CN

SSL certificate issuer:
CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US

Web server:
marco/0.14.0

3c-automation.com.cn

5ewin.com

cmaxgrc.com

finereport.com

jxsjixie.com

ksbao.com

pcsoftdown.com

yunzhuan.com

2144.cn

ad-safe.com

bingyan.asia

doswf.com

hx7987.com

meituan.net

nvjay.com

yupoo.com

zs0597.com

zuimc.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.