home

khit.cn

Domain Information

Server location:
Liaoning, China (CN)

ASN:
AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone,CN

Scanner detections:
Detections  (82% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Downloader (M)
81.25%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, Malware-Cryptor.Inject.gen
43.75%

Trend Micro House Call
TROJ_GEN.F47V0319, TROJ_GEN.F47V0518, Suspicious_GEN.F47V0130, Suspicious_GEN.F47V0301, Suspicious_GEN.F47V0826
31.25%

McAfee
Artemis!09C9A9A79E04, Artemis!093F746798DF, Artemis!FD7114559E9D, Trojan.Artemis!1D2464B9FD32
25.00%

K7 AntiVirus
Trojan-Downloader , Unwanted-Program
12.50%

avast!
Win32:Rootkit-gen [Rtk], Win32:Malware-gen
12.50%

Kaspersky
Trojan-Downloader.NSIS.Chindo
12.50%

IKARUS anti.virus
Trojan.Win32.Pincav, Trojan-Downloader.Chindo
12.50%

Dr.Web
Trojan.KillFiles.28526
12.50%

Clam AntiVirus
Win.Trojan.15173305
12.50%

F-Prot
W32/Zlob.AF.gen
6.25%

Qihoo 360 Security
Trojan.Generic
6.25%

Quick Heal
TrojanDownloader.NSIS.g5
6.25%

ESET NOD32
Win32/Packed.NSISmod.A suspicious application
6.25%

Avira AntiVirus
W32/Infector.Gen4
6.25%

The domain khit.cn has been seen to resolve to the following 61 IP addresses.

220.243.230.247
August 27, 2016

122.228.237.175
July 25, 2016

122.228.24.164
July 25, 2016

122.228.22.176
July 25, 2016

117.23.2.80
July 25, 2016

115.231.22.75
July 25, 2016

220.243.237.153
July 25, 2016

183.134.11.85
July 25, 2016

150.138.169.240
June 7, 2016

220.243.194.54
June 6, 2016

220.243.237.152
May 18, 2016

220.243.235.203
May 18, 2016

123.159.202.136
July 7, 2015

112.84.133.81
July 7, 2015

221.204.171.42
42.171.204.221.adsl-pool.sx.cn
July 7, 2015

221.204.23.18
18.23.204.221.adsl-pool.sx.cn
July 7, 2015

218.60.45.42
cncln.online.ln.cn
July 7, 2015

211.90.28.98
July 7, 2015

211.90.28.233
May 5, 2015

221.194.184.166
May 5, 2015

221.204.23.16
16.23.204.221.adsl-pool.sx.cn
May 5, 2015

119.188.138.29
May 5, 2015

113.207.34.199
May 4, 2015

101.69.173.71
May 4, 2015

116.114.22.57
December 2, 2014

61.240.135.145
December 2, 2014

60.6.197.26
December 2, 2014

116.114.22.104
December 2, 2014

221.204.21.26
26.21.204.221.adsl-pool.sx.cn
October 20, 2014

218.59.209.196
October 20, 2014

 
Showing 30 of 61 IP Addresses

File downloads found at URLs served by khit.cn.

1 / 68      (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfMzk4Ny5jb20uZXhl  (f_00554a)

1 / 68      (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfY3IxNzMuY29tLmV4ZQ==  (setup_3dm.com.exe)

1 / 68      (PUP)
http://khit.cn/Setup_3d66.com.exe  (setup_3dm.com.exe)

4 / 68      (PUP)
http://khit.cn/Setup_cncrk.com.exe  (setup_yingshi3.exe)

0 / 68
http://khit.cn/.../RlDateSet.exe  (f8a99c9adb6e068ba08cbbb27ba59cf3)

4 / 68      (inconclusive)
http://khit.cn/Setup_qiqibudy.com.exe  (setup_g007.com.exe)

10 / 68    (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfNTFoYW5odWEuY29tLmV4ZQ==  (setup_51hanhua.com.exe)

7 / 68      (PUP)
http://khit.cn/Setup_ali2131.net.exe  (1d2464b9fd32b2ebe921897750afec15)

2 / 68      (PUP)
http://khit.cn/Setup_qiqibudy.com.exe  (setup_yxdown.com.exe)

1 / 68      (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfeGlndWExMTAuY29tLmV4ZQ==  (f_00f832)

1 / 68      (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfNjZnYW1lLmNuLmV4ZQ==  (setup_66game.cn.exe)

2 / 68      (PUP)
http://khit.cn/Setup_ali213.net.exe  (setup_qindou.net.exe)

2 / 68      (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfYWxpMjEzLm5ldC5leGU=  (setup_qindou.net.exe)

3 / 68      (PUP)
http://khit.cn/Setup_cncrk.com.exe  (尚未確認的 588533.crdownload)

3 / 68      (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfY25jcmsuY29tLmV4ZQ==  (尚未確認的 588533.crdownload)

4 / 68      (inconclusive)
http://khit.cn/Setup_8edy.com.exe  (setup_2tu.cc.exe)

2 / 68      (PUP)
http://khit.cn/Setup_xixi.com.exe  (setup_yxdown.com.exe)

2 / 68      (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfeGl4aS5jb20uZXhl  (setup_yxdown.com.exe)

2 / 68      (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfeXhkb3duLmNvbS5leGU=  (setup_yxdown.com.exe)

1 / 68      (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfY25jcmsuY29tLmV4ZQ==  (setup_xixi.com.exe)

2 / 68      (PUP)
http://khit.cn/Setup_3dm.com.exe  (01a20131256c2f0043f34afb9057a098)

2 / 68      (PUP)
http://khit.cn/m.php?url=aHR0cDovL2toaXQuY24vU2V0dXBfM2RtLmNvbS5leGU=  (setup_3dm.com.exe)

6 / 68      (PUP)
http://khit.cn/Setup_ffdy.cc.exe  (09c9a9a79e047905d99eb13162f668fc)

The following 6 files have been seen to comunicate with khit.cn in live environments.

TCP » 218.60.45.42:443
jingling.exe

TCP » 221.204.171.42:80
dailaymation.exe (by wgj)

TCP » 218.60.45.42:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 221.204.171.42:80
UCBrowser.exe (by UCWeb)

TCP » 221.204.171.42:80
jingling.exe

TCP » 221.204.23.18:80
Client.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.