home

download.upscool.com

YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service)

Domain Information

The domain download.upscool.com registered by YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service) was initially registered in March of 2014 through HICHINA ZHICHENG TECHNOLOGY LTD.. The hosted servers are located in Newport Beach, California within the United States which resides on the Staminus Communications network.
Registrar:
HICHINA ZHICHENG TECHNOLOGY LTD.

Server location:
California, United States (US)

Create date:
Wednesday, March 19, 2014

Expires date:
Saturday, March 19, 2016

Updated date:
Friday, March 13, 2015

ASN:
AS25761 STAMINUS-COMM - Staminus Communications,US

Root domain:
upscool.com

Whois:
2 upscool.com records

Google Safe Browsing:
unwanted

Scan engine
Details
Detections

NANO AntiVirus
Trojan.Win32.Stanit.daydnz
100.00%

Dr.Web
STPAGE.Trojan
100.00%

The domain download.upscool.com has been seen to resolve to the following 12 IP addresses.

165.254.60.148
October 29, 2015

72.20.58.53
October 29, 2015

199.192.75.63
.
October 29, 2015

199.192.75.23
.
October 29, 2015

165.254.60.151
October 29, 2015

165.254.60.149
October 29, 2015

108.186.7.130
October 20, 2014

108.186.7.129
October 20, 2014

72.8.188.98
.
October 20, 2014

72.8.188.94
xxxstagxxx.camfrog.com
October 20, 2014

72.8.188.90
.
October 20, 2014

108.186.7.131
October 20, 2014

File downloads found at URLs served by download.upscool.com.

2 / 68      (inconclusive)
http://download.upscool.com/setup_005.exe  (setup_003.exe)

2 / 68      (inconclusive)
http://download.upscool.com/setup_006.exe  (setup_003.exe)

2 / 68      (inconclusive)
http://download.upscool.com/setup_014.exe  (setup_003.exe)

The following file have been seen to comunicate with download.upscool.com in live environments.

TCP » 199.192.75.23:80
t1elhnfevxxxxsspjx.crx

URL:
http://download.upscool.com/

Web server:
marco/0.9

012led.org

acpline.com

upaiyun.com

51talk.com

okjee.com

ehob.org

uibia.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.