products.mgyun.com

ShenZhen Xinyi Network Ltd

Domain Information

The domain products.mgyun.com registered by ShenZhen Xinyi Network Ltd was initially registered in August of 2011 through SHANGHAI MEICHENG TECHNOLOGY INFORMATION DEVELOPMENT CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Tianjin, Tianjin within China which resides on the Asia Pacific Network Information Centre network.
Remove Malware from products.mgyun.com - Powered by Reason Core Security
Registrar:
SHANGHAI MEICHENG TECHNOLOGY INFORMATION DEVELOPMENT CO., LTD.

Server location:
Tianjin, China (CN)

Create date:
Sunday, August 14, 2011

Expires date:
Sunday, August 14, 2016

Updated date:
Monday, August 03, 2015

ASN:
AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone,CN

Root domain:

Scanner detections:
Detections  (65% detected)

Scan engine
Details
Detections

ESET NOD32
Android/Spy.Agent.BN (variant), Android/KingRoot, Android/KingRoot.C potentially unsafe (variant), Android/DroidRooter.AC potentially unsafe (variant)
86.11%

avast!
Win32:AgentDropper-A [PUP], Android:Agent-CTH [PUP], PUP-gen [PUP], ELF:KingRoot-A [PUP], Android:Agent-CRI [PUP], Android:Agent-FUC [PUP], Android:Agent-GYN [PUP]
83.33%

NANO AntiVirus
Trojan.Win32.Agent.cvzxic, Trojan.Dex.Rooter.daolwi, Trojan.Dex.Agent.cwzglj, Trojan.Android.Rooter.daolwi, Trojan.Android.Agent.cwzglj
69.44%

McAfee
Artemis!CDAB97A24E5E, Artemis!10ACBB856B16, Artemis!A14999CEA050, Artemis!5E753A38CD14, Artemis!9F5A153527F3, Artemis!CAB7AA7144A0, Artemis!1A74F80213F6, Artemis!780B71754FAF, Artemis!2806C4C1848A, Artemis!7A4E069F5F7C, Artemis!89944F602C21, Artemis!9241BD3E6097, Artemis!E8AE4EB27F2C, Artemis!F0499B8FD1E6, Artemis!58C2F8AD1563
58.33%

Avira AntiVirus
Android/Spy.Agent.U.Gen, Android/Spy.Agent.Y.Gen, SPR/ANDR.Rooter.18.5, Android/Spy.Agent.BD.Gen, Android/Spy.Agent.GJ.Gen
58.33%

McAfee Web Gateway
Artemis!CDAB97A24E5E, Artemis!10ACBB856B16, Artemis!A14999CEA050, Artemis!5E753A38CD14, Artemis!9F5A153527F3, Artemis!CAB7AA7144A0
50.00%

Lavasoft Ad-Aware
Android.Riskware.Agent.gXWSX, Android.Riskware.Agent.gVHW, Android.Hacktool.Mgyun.B, Android.Hacktool.Mgyun.A, Android.Riskware.Kingroot.C
47.22%

Trend Micro House Call
TROJ_GEN.F47V1102, TROJ_GEN.F47V0310, TROJ_GEN.F47V0425, TROJ_GEN.F47V0512, TROJ_GEN.F47V0520, TROJ_GEN.F47V0526, Suspicious_GEN.F47V0619
44.44%

Fortinet FortiGate
Android/Agent.BN!tr.spy, Adware/KingRoot
44.44%

AVG
PSW.Agent, Android/Deng, Android/KingRoot, Android/G2P.I.0D128937F2B9
41.67%

Comodo Security
UnclassifiedMalware
38.89%

K7 AntiVirus
Spyware , Trojan
36.11%

K7 Gateway Antivirus
Spyware , Trojan
36.11%

IKARUS anti.virus
Trojan.AndroidOS.Agent
27.78%

Dr.Web
Android.Spy.82.origin, infected with Android.Spy.82.origin, Tool.Rooter.43.origin
25.00%

The domain products.mgyun.com has been seen to resolve to the following 88 IP addresses.

February 9, 2016

February 9, 2016

February 9, 2016

February 1, 2016

January 4, 2016

January 3, 2016

January 3, 2016

January 3, 2016

January 3, 2016

January 3, 2016

January 3, 2016

January 3, 2016

January 3, 2016

December 25, 2015

December 25, 2015

December 25, 2015

December 25, 2015

December 25, 2015

no-data
December 25, 2015

December 25, 2015

hn.kd.ny.adsl
December 25, 2015

hn.kd.ny.adsl
December 25, 2015

December 25, 2015

December 25, 2015

December 25, 2015

hn.kd.ny.adsl
November 7, 2015

hn.kd.ny.adsl
November 7, 2015

hn.kd.ny.adsl
November 7, 2015

hn.kd.ny.adsl
November 7, 2015

15.78.8.221.adsl-pool.jlccptt.net.cn
November 7, 2015

 
Showing 30 of 88 IP Addresses

File downloads found at URLs served by products.mgyun.com.

6 / 68      (PUP)
http://products.mgyun.com/.../downjump?id=4686  (romaster_67175427_cid1000_7ba70783.exe)

8 / 68      (PUP)
http://products.mgyun.com/.../downjump?id=3614  (vroot_1.8.5.15288_setup.exe)

0 / 68

7 / 68      (PUP)

0 / 68
http://products.mgyun.com/.../downjump?id=3685  (romaster_4.1.2.15288_setup.exe)

2 / 68      (inconclusive)

0 / 68
http://products.mgyun.com/.../downjump?id=2233  (vroot_1.8.0.12451_setup.exe)

14 / 68    (PUP)
http://products.mgyun.com/.../downjump?id=846  (vroot_1896286464_cid1000_7ba70783.exe)

14 / 68    (PUP)
http://products.mgyun.com/.../downjump?id=2501  (romaster_67110912_cid1000_7ba70783.exe)

13 / 68    (PUP)
http://products.mgyun.com/.../downjump?id=2521  (vroot_1896350208_cid1000_7ba70783.exe)

8 / 68      (Malware)

12 / 68    (PUP)

8 / 68      (PUP)
http://products.mgyun.com/.../downjump?id=918  (romaster_3.4.9.9512_setup.exe)

9 / 68      (PUP)

1 / 68

4 / 68      (PUP)
http://products.mgyun.com/.../downjump?id=483  (romaster_3.4.6.8285_setup.exe)

6 / 68      (PUP)
http://products.mgyun.com/.../downjump?id=121  (vroot_1.7.3.4388_setup.exe)

9 / 68      (PUP)
http://products.mgyun.com/.../downjump?id=305  (vroot_1.7.7.7592_setup.exe)

0 / 68

0 / 68

0 / 68

0 / 68

URL:
http://products.mgyun.com/

Web server:
nginx

Facebook:
Likes:  1
Shares:  1

Statistics are for the previous month.

Remove Malware from products.mgyun.com - Powered by Reason Core Security