xz.51jetso.com

zenglingbai

Domain Information

The domain xz.51jetso.com registered by zenglingbai was initially registered in October of 2013 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Guangzhou, Guangdong within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Guangdong, China (CN)

Create date:
Tuesday, October 15, 2013

Expires date:
Saturday, October 15, 2016

Updated date:
Wednesday, June 4, 2014

ASN:
AS58466 CT-GUANGZHOU-IDC CHINANET Guangdong province network,CN

Root domain:

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (87% detected)

Scan engine
Details
Detections

VIPRE Antivirus
Trojan.Win32.Generic
71.43%

K7 AntiVirus
Unwanted-Program
71.43%

NANO AntiVirus
Riskware.Win32.ShouQu.dmnfjx
71.43%

Clam AntiVirus
Win.Trojan.691128
71.43%

Dr.Web
Trojan.KillFiles.28526
71.43%

Vba32 AntiVirus
Malware-Cryptor.Inject.gen, suspected of Trojan.Downloader.gen.h
71.43%

Fortinet FortiGate
W32/Generic.AC.18053
71.43%

McAfee
Artemis!04A580FAC74B, Artemis!12A56BBDA305, Artemis!911556E36CED, Artemis!ED2D9733002C, Artemis!4571940E816A, Artemis!D0C14B5D6AE7, Artemis!9F4BD9BA7B75, Artemis!89DD2D90E617
64.29%

avast!
Win32:Malware-gen, Win32:Rootkit-gen [Rtk]
64.29%

AhnLab V3 Security
PUP/Win32.Downloader
64.29%

AVG
Generic36
64.29%

ESET NOD32
Win32/Packed.NSISmod.A suspicious (variant)
57.14%

Kaspersky
UDS:DangerousObject.Multi.Generic, HEUR:Trojan.Win32.Invader
57.14%

Baidu Antivirus
Hacktool.Win32.NSISmod
57.14%

Sophos
Generic PUA OC (PUA), Generic PUA BE (PUA), Generic PUA OF (PUA), Generic PUA CJ (PUA), Generic PUA HJ (PUA), Generic PUA IP (PUA)
50.00%

The domain xz.51jetso.com has been seen to resolve to the following 2 IP addresses.

November 18, 2015

November 18, 2015

File downloads found at URLs served by xz.51jetso.com.

1 / 68      (PUP)
http://xz.51jetso.com/Setup_xp85.com.exe  (150b582e079077165fe295ac3c81a533)

1 / 68      (PUP)
http://xz.51jetso.com/Setup_kuaikan.exe  (e832efa9f04f2978ae837f953f1265cf)

18 / 68    (PUP)

15 / 68    (PUP)

14 / 68    (PUP)
http://xz.51jetso.com/Setup_77vcd.com.exe  (29d84c1b4717b1320524b55e465bc83a)

17 / 68    (PUP)

18 / 68    (false positives)
http://xz.51jetso.com/Setup_ali213.net.exe  (81afd9d08eb8ce284b2552c0516473aa)

13 / 68    (PUP)
http://xz.51jetso.com/Setup_vcd1.exe  (setup_4edy.com.exe)

The following 12 files have been seen to comunicate with xz.51jetso.com in live environments.

URL:
http://xz.51jetso.com/

Title:
“Welcome to nginx !”

Web server:
nginx/1.4.1