» xz.51jetso.com
Overview
Analysis
IPs Addresses (2)
Downloads (16)
Network (12)
Website Detail
Related Domains (12)

xz.51jetso.com

zenglingbai

Domain Information

The domain xz.51jetso.com registered by zenglingbai was initially registered in October of 2013 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Guangzhou, Guangdong within China which resides on the Asia Pacific Network Information Centre network.

Registrant:

zenglingbai

Registrar:

ENAME TECHNOLOGY CO., LTD.

Server location:

Guangdong, China (CN)

Create date:

Tuesday, October 15, 2013

Expires date:

Saturday, October 15, 2016

Updated date:

Wednesday, June 4, 2014

ASN:

AS58466 CT-GUANGZHOU-IDC CHINANET Guangdong province network,CN

Root domain:

51jetso.com

Whois:

1 51jetso.com record

Google Safe Browsing:

unwanted

Scanner detections:

Detections (87% detected)

Scan engine

Details

Detections

VIPRE Antivirus

Trojan.Win32.Generic

71.43%

K7 AntiVirus

Unwanted-Program

71.43%

NANO AntiVirus

Riskware.Win32.ShouQu.dmnfjx

71.43%

Clam AntiVirus

Win.Trojan.691128

71.43%

Dr.Web

Trojan.KillFiles.28526

71.43%

Vba32 AntiVirus

Malware-Cryptor.Inject.gen, suspected of Trojan.Downloader.gen.h

71.43%

Fortinet FortiGate

W32/Generic.AC.18053

71.43%

McAfee

Artemis!04A580FAC74B, Artemis!12A56BBDA305, Artemis!911556E36CED, Artemis!ED2D9733002C, Artemis!4571940E816A, Artemis!D0C14B5D6AE7, Artemis!9F4BD9BA7B75, Artemis!89DD2D90E617

64.29%

avast!

Win32:Malware-gen, Win32:Rootkit-gen [Rtk]

64.29%

AhnLab V3 Security

PUP/Win32.Downloader

64.29%

AVG

Generic36

64.29%

ESET NOD32

Win32/Packed.NSISmod.A suspicious (variant)

57.14%

Kaspersky

UDS:DangerousObject.Multi.Generic, HEUR:Trojan.Win32.Invader

57.14%

Baidu Antivirus

Hacktool.Win32.NSISmod

57.14%

Sophos

Generic PUA OC (PUA), Generic PUA BE (PUA), Generic PUA OF (PUA), Generic PUA CJ (PUA), Generic PUA HJ (PUA), Generic PUA IP (PUA)

50.00%

The domain xz.51jetso.com has been seen to resolve to the following 2 IP addresses.

183.57.148.246

November 18, 2015

125.88.65.249

November 18, 2015

File downloads found at URLs served by xz.51jetso.com.

1 / 68 (PUP)

http://xz.51jetso.com/Setup_xp85.com.exe (150b582e079077165fe295ac3c81a533)

1 / 68 (PUP)

http://xz.51jetso.com/m.php?url=aHR0cDovL3h6LjUxamV0c28uY29tL1NldHVwX2R5ZGgudHYuZXhl (setup_dydh.tv.exe)

1 / 68 (PUP)

http://xz.51jetso.com/Setup_kuaikan.exe (e832efa9f04f2978ae837f953f1265cf)

18 / 68 (PUP)

http://xz.51jetso.com/Setup_qitete.com.exe (setup_newasp.net.exe)

15 / 68 (PUP)

http://xz.51jetso.com/Setup_qitete.com.exe (setup_yingshi6.exe)

14 / 68 (PUP)

http://xz.51jetso.com/Setup_77vcd.com.exe (29d84c1b4717b1320524b55e465bc83a)

13 / 68 (PUP)

http://xz.51jetso.com/m.php?url=aHR0cDovL3h6LjUxamV0c28uY29tL1NldHVwX2cwNy5leGU= (setup_rayfile.com.exe)

15 / 68 (PUP)

http://xz.51jetso.com/m.php?url=aHR0cDovL3h6LjUxamV0c28uY29tL1NldHVwX3hpZ3VhMTEwLmNvbS5leGU= (setup_jijihd.com.exe)

17 / 68 (PUP)

http://xz.51jetso.com/Setup_77vcd.com.exe (setup_qvod2.exe)

13 / 68 (PUP)

http://xz.51jetso.com/m.php?url=aHR0cDovL3h6LjUxamV0c28uY29tL1NldHVwX2piZG93bi5jb20uZXhl (setup_jbdown.com.exe)

18 / 68 (false positives)

http://xz.51jetso.com/Setup_ali213.net.exe (81afd9d08eb8ce284b2552c0516473aa)

13 / 68 (PUP)

http://xz.51jetso.com/Setup_vcd1.exe (setup_4edy.com.exe)

1 / 68 (PUP)

http://xz.51jetso.com/m.php? url=aHR0cDovL3h6LjUxamV0c28uY29tL1NldHVwX2hlaXllLmNjLmV4ZQ= (setup_xigua110.com.exe)

15 / 68 (PUP)

http://xz.51jetso.com/m.php?url=aHR0cDovL3h6LjUxamV0c28uY29tL1NldHVwX2E2Ny5jb20uZXhl (setup_yingshi6.exe)

0 / 68

http://xz.51jetso.com/m.php?url=aHR0cDovL3h6LjUxamV0c28uY29tL1NldHVwX3hpZ3VhMTEwLmNvbS5leGU= (setup_xigua110.com.exe)

18 / 68 (PUP)

http://xz.51jetso.com/m.php? url=aHR0cDovL3h6LjUxamV0c28uY29tL1NldHVwX2hlaXllLmNjLmV4ZQ= (setup_heiye.cc.exe)

The following 12 files have been seen to comunicate with xz.51jetso.com in live environments.

TCP » 125.88.65.249:80

piao_5.2.0.50.crx

TCP » 125.88.65.249:80

piao.crx

TCP » 183.57.148.246:80

365guard.crx

TCP » 183.57.148.246:80

shitu.crx

TCP » 183.57.148.246:80

shitu.crx

TCP » 183.57.148.246:80

weibo_plus.crx

TCP » 183.57.148.246:80

ebank.crx

TCP » 183.57.148.246:80

npgame.crx

TCP » 183.57.148.246:80

screen_capture.crx

TCP » 183.57.148.246:80

mail_check.crx

TCP » 183.57.148.246:80

fvddownloader_2.1.2.crx

TCP » 183.57.148.246:80

shoucangjiance.crx

URL:

http://xz.51jetso.com/

Title:

“Welcome to nginx !”

Web server:

nginx/1.4.1

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.