home

d.xiazai18.com

zhuyan

Domain Information

The domain d.xiazai18.com registered by zhuyan was initially registered in May of 2014 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Beaumaris, Victoria within Australia which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Victoria, Australia (AU)

Create date:
Thursday, May 22, 2014

Expires date:
Friday, May 22, 2015

Updated date:
Thursday, May 22, 2014

ASN:
AS133618 TRELLIAN-AS-AP Trellian Pty. Limited,AU

Root domain:
xiazai18.com

Whois:
1 xiazai18.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Quick Heal
(Suspicious) - DNAScan
100.00%

McAfee
Artemis!A93C146C26EE
100.00%

Norman
DLoader.AOCCN
100.00%

Trend Micro House Call
TROJ_GEN.F47V0327
100.00%

Dr.Web
Adware.Downware.2447
100.00%

Vba32 AntiVirus
BScope.Lipler.045
100.00%

The domain d.xiazai18.com has been seen to resolve to the following 3 IP addresses.

103.224.182.223
July 3, 2016

218.77.77.17
September 2, 2014

61.147.111.51
September 2, 2014

File downloads found at URLs served by d.xiazai18.com.

6 / 68      (PUP)
http://d.xiazai18.com/setupp_d.exe  (setupp_b.exe)

6 / 68      (PUP)
http://d.xiazai18.com/setupp_c.exe  (setupp_b.exe)

The following 3 files have been seen to comunicate with d.xiazai18.com in live environments.

TCP » 103.224.182.223:7777
yam.exe

TCP » 103.224.182.223:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.223:7777
EpicScale64.exe (EpicScale by EpicScale)

TCP » 103.224.182.223:7778
yam.exe

TCP » 103.224.182.223:7778
EpicScale64.exe (EpicScale by EpicScale)

URL:
http://d.xiazai18.com/

Web server:
Microsoft-IIS/7.5

aijeiixquick.org

digit-services.org

iebahstarpix.org

ierietelio.org

loadyyz.com

mvmfd.net

newcheck4updates.com

red-3-small-button.com

rielikumpara.org

sohxiugto.org

soophsakeena.com

srcfrgfilesdeliver.com

update4free.org

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.