x.co

Go Daddy Operating Company, LLC

Domain Information

The domain x.co registered by Go Daddy Operating Company, LLC was initially registered in April of 2010 through GODADDY.COM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, INC.

Server location:
Arizona, United States (US)

Create date:
Friday, April 23, 2010

Expires date:
Saturday, April 22, 2017

Updated date:
Wednesday, November 20, 2013

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Firseria.M, PUP.Installer.KOMPANIYAR.?, PUP.Installer.Wilmaonline.?, PUP.Installer.Wilmaonline.EE, PUP.Installer.Wilmaonline.p, PUP.Solimba.Firseria.Bundler (M)
90.00%

Avira AntiVirus
TR/Dropper.A.27868, DR/AutoIt.Gen, APPL/Bundler.Firseria.3, ADWARE/Adware.Gen2, APPL/Amonetize.htzw, Adware/Amonetize.tzv
80.00%

Malwarebytes
Spyware.ZeuS.AI, Trojan.Dropper.SFXAI, PUP.Optional.Firseria, PUP.Optional.Amonetize
75.00%

ESET NOD32
Win32/Injector.Autoit.AMY, Win32/Amonetize.AW (variant), Win32/Amonetize.BK (variant), Win32/Amonetize.BM (variant), Win32/Amonetize.BN (variant)
70.00%

AVG
Autoit_c, Solimba, Generic, Generic_r, Downloader.Generic14, BundleApp
70.00%

AhnLab V3 Security
Trojan/Win32.AutoIt, PUP/Win32.Firseria, PUP/Win32.Amonetiz, PUP/Win32.Amonetize
70.00%

Sophos
Mal/Generic-S, Mal/MalitRar-B, Solimba Installer, Amonetize, Generic PUA PF, Generic PUA OL, Generic PUA KE, Generic PUA MO
65.00%

Baidu Antivirus
Trojan.Win32.Inject, Adware.Win32.Amonetize, Adware.Win32.FirseriaInstaller
65.00%

G Data
Trojan.Agent.BDIY, Gen:Variant.Application.Bundler.Firseria, Win32.Application.Amonetize, Gen:Variant.Application.Bundler.Amonetize.12
65.00%

Kaspersky
Trojan.Win32.Inject, not-a-virus:HEUR:AdWare.Win32.Amonetize, not-a-virus:AdWare.Win32.Amonetize, Virus.Win32.Virut, not-a-virus:AdWare.NSIS.Agent
60.00%

McAfee
Artemis!334A79332CD5, Artemis!A8A8E445C438, Artemis!3DA32A72F2B6, Artemis!9513D0DD420F, Artemis!64A1F1E3030A, W32/Virut.n.gen
55.00%

Dr.Web
Trojan.DownLoader9.40808, infected with Trojan.MulDrop5.8889, Adware.Downware.4802, Adware.Downware.8012, Adware.Downware.8331
55.00%

McAfee Web Gateway
Artemis!334A79332CD5, Artemis!A8A8E445C438, Artemis!3DA32A72F2B6, Artemis!64A1F1E3030A, W32/Virut.n.gen, BehavesLike.Win32.CryptDoma.fc
55.00%

Qihoo 360 Security
HEUR/Malware.QVM06.Gen, Win32/Virus.Adware.932, Win32/Application.c7d, Virus.Win32.Virut.O, Win32/Virus.Adware.e09, HEUR/QVM10.1.Malware.Gen
55.00%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud), Win32.Troj.Amonetize.c.(kcloud)
55.00%

The domain x.co has been seen to resolve to the following 2 IP addresses.

ip-184-168-131-241.ip.secureserver.net
April 11, 2016

ip-97-74-42-81.ip.secureserver.net
June 9, 2014

File downloads found at URLs served by x.co.

1 / 68      (Adware)
http://x.co/tvfree2014  (freetvstream.exe)

1 / 68      (Adware)
http://x.co/tvfree2014  (freetvstream.exe)

19 / 68    (Adware)
http://x.co/tvfree2014  (freetvstream.exe)

1 / 68
http://x.co/ZKJc  (team.exe)

1 / 68      (Adware)
http://x.co/tvfree2014  (freetvstream.exe)

1 / 68      (Adware)
http://x.co/tvfree2014  (freetvstream.exe)

32 / 68    (Adware)
http://x.co/tvfree2014  (freetvstream.exe)

31 / 68    (Adware)
http://x.co/tvfree2014  (freetvstream.exe)

29 / 68    (Adware)
http://x.co/5DAm9  (font__7226_il2403.exe)

20 / 68    (Adware)
http://x.co/592Iq  (windows 7 loader__7629_il324.exe)

52 / 68    (Adware)
http://x.co/5ElT2  (vuze plus activation code gene downloader__3687_i1323485018_il1935718.exe)

15 / 68    (Adware)
http://x.co/57nnj  (windows loader 2.2.2__8173_il407.exe)

29 / 68    (Adware)
http://x.co/5Ad27  (3dsmax2014ckv214__5542_i1288877181_il10669.exe)

17 / 68    (PUP)
http://x.co/58z4r  (herdprotect__2309_il21601.exe)

21 / 68    (Adware)
http://x.co/5B6EZ  (windows loader 2.3.0__8173_il471.exe)

23 / 68    (Adware)
http://x.co/5Hsau  (hackshield.kapatma.(bloklama).100.cozum__7214_il332.exe)

27 / 68    (Adware)
http://x.co/5Acd9  (the walking dead the complet downloader__3687_i1106098502_il1266346.exe)

7 / 68      (Adware)
http://x.co/57wWo  (download wat fix for windows 7 downloader__3687_i1128841215_il577376.exe)

16 / 68    (Malware)
http://x.co/4kSUv  (crypted rat.exe)

15 / 68    (PUP)
http://x.co/4kC86  (driver.exe)

The following 3 files have been seen to comunicate with x.co in live environments.

URL:
http://x.co/

Title:
“URL Shortener”

Description:
“Use the shortest URL possible with X.co URL Shortening service! Access statistics and customize your links with a free account.”

SSL certificate subject:
CN=x.co, OU=Domain Control Validated

SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:
Apache/2.2.15 (CentOS)

Facebook:
Likes:  12
Shares:  114
Comments:  2

Statistics above are for the previous month of April 2017.