home

tg.ikuaiping.com

zenglingbai

Domain Information

The domain tg.ikuaiping.com registered by zenglingbai was initially registered in March of 2013 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Zhuhai, Guangdong within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Guangdong, China (CN)

Create date:
Tuesday, March 12, 2013

Expires date:
Saturday, March 12, 2016

Updated date:
Wednesday, February 11, 2015

ASN:
AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone,CN

Root domain:
ikuaiping.com

Whois:
1 ikuaiping.com record

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Trend Micro House Call
Suspicious_GEN.F47V0320, Suspicious_GEN.F47V0413, Suspicious_GEN.F47V0401
100.00%

Vba32 AntiVirus
Malware-Cryptor.Inject.gen, Trojan.Pincav
100.00%

IKARUS anti.virus
Trojan.Win32.Pincav
75.00%

Reason Heuristics
Adware.Downloader (M)
50.00%

ESET NOD32
Detection.Undefined
25.00%

Quick Heal
Trojan.Pincav.g5
25.00%

Kaspersky
Trojan.Win32.Pincav
25.00%

McAfee
Artemis!8B60842947F8
25.00%

The domain tg.ikuaiping.com has been seen to resolve to the following 2 IP addresses.

36.250.90.5
May 6, 2015

112.90.148.14
relaymail.org
May 6, 2015

File downloads found at URLs served by tg.ikuaiping.com.

4 / 68      (PUP)
http://tg.ikuaiping.com/m.php?url=aHR0cDovL3RnLmlrdWFpcGluZy5jb20vU2V0dXBfM2Q2Ni5leGU=  (setup_quanji.com.exe)

4 / 68      (inconclusive)
http://tg.ikuaiping.com/m.php?url=aHR0cDovL3RnLmlrdWFpcGluZy5jb20vU2V0dXBfcXVhbmppLmNvbS5leGU=  (setup_sm-zy-1.exe)

4 / 68      (PUP)
http://tg.ikuaiping.com/m.php?url=aHR0cDovL3RnLmlrdWFpcGluZy5jb20vU2V0dXBfcXVhbmppLmNvbS5leGU=  (setup_quanji.com.exe)

6 / 68      (Malware)
http://tg.ikuaiping.com/m.php?url=aHR0cDovL3RnLmlrdWFpcGluZy5jb20vU2V0dXBfbmV3YXNwLm5ldC5leGU=  (setup_newasp.net.exe)

3 / 68      (PUP)
http://tg.ikuaiping.com/m.php?url=aHR0cDovL3RnLmlrdWFpcGluZy5jb20vU2V0dXBfNzdkcy5jb20uZXhl  (setup_77ds.com.exe)

URL:
http://tg.ikuaiping.com/

Title:
“Welcome to nginx!”

Web server:
nginx

2144.cn

cgbchina.com.cn

conew.com

duba.net

hxb.com.cn

job391.com

kwimg.cn

laobanmail.com

letv.com

rising.com.cn

teeqee.com

xunyou.com

ecitic.com

iciba.com

ijinshan.com

miwifi.com

wps.cn

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.