Help RSS API Feed Maltego Contact                        

Domain > ys168.com

This indicator is referenced in AlienVault OTX pulse ""

Is this malicious?
Most users have voted this as MALICIOUS

Reports
http://blog.trendmicro.com/trendlabs-security-inte...    
http://documents.trendmicro.com/assets/pdf/operati...    
http://www.trendmicro.com/cloud-content/us/pdfs/se...    
https://otx.alienvault.com/pulse/55f9910967db8c6fb...    

Files that talk to ys168.com
MD5A/V
29e14763554e7d5d96ff02848a215721[TR/Spy.16384.1288] [Riskware/Qhost] [Win32.SuspectCrc] [win32/Siscos.O] [BScope.HackTool.Sniffer.WpePro]
fbb113ba8b63202db4f8ddc94379670b[Win.Trojan.6418318] [Trojan.MulDrop3.24586] [W32/SfEngine.A!tr] [Trojan.Win32.Siscos] [Spyware.Password] [Trojan-FDFO!FBB113BA8B63]
985ee5615d35013cd81ad99d71db7864[HW32.CDB.3d3f] [Artemis!985EE5615D35] [Packed/PECompact] [Trojan.Win32.S.VkHost.23552.F] [UnclassifiedMalware] [Heuristic.LooksLike.Win32.Suspicious.C!83] [PE:Trojan.Friet!1.9DB0]
b3f5bfab2406de6c3762ecd0cf387119[W32/Trojan.YMEJ-2464] [BDS/Zegost.AF.507] [Trojan.Jorik.r3] [Trojan.DownLoader7.51214] [Win32/Farfli.GZ] [W32/Farfli.AOU!tr] [SHeur4.AXUQ] [Trojan.Win32.KillAV] [Trojan.Win32.Jorik.Zegost.kdd] [Backdoor.Farfli] [Backdoor*Win32/Farfli.AF] [W32.IRCBot.NG] [Trojan.Jorik.Zegost]
6dac0becd0f9ef93699704995f9dec53[W32/Trojan.METN-3991] [BDS/Tenpeq.C.148] [Trojan.Black.d] [Win32/Hupigon] [W32/Black.D] [Backdoor.Win32.Tenpeq] [Packed.Win32.Black.d*Backdoor.Win32.Hupigon.sixm] [VirTool*Win32/Obfuscator.XY*Backdoor*Win32/Tenpeq.C] [Mal/Behav-270] [MalwareScope.Trojan-PSW.Game.16]
1b1a2e0c2497a035cea0693bd09b7c53[WIN.Trojan.Yoddos-57] [Trojan*Win32/Yoddos.C] [BackDoor.Delf] [Downloader-AZV]
fc972365be40cee00551a99d7077f078
e85f0a10b13b8751e27f83f317675696[Win32/Oflwr.A!crypt] [Trojan.Rootkitdrv] [Win.Trojan.Rootkit-6084] [Riskware/Qhost] [Hider.TMU] [Trojan-PWS.Win32.QQPass] [VirTool*WinNT/Rootkitdrv] [win32*winpe/Siscos.O] [TROJ_SPNR.27BE13]
fb69a8aa3b48bcbc79ddb294204ce20d[Win32/Oflwr.A!crypt] [Win.Trojan.Rootkit-6084] [Riskware/Qhost] [Hider.VWK] [VirTool.Winnt.Rootkitdrv] [0x5583fa6b] [BScope.HackTool.Sniffer.WpePro]
1ac1ddeefa9449a4d5c0c2f0cdcb05a9[Win32/Oflwr.A!crypt] [Trojan.Comisproc] [Win.Trojan.Rootkit-6084] [Trojan.NtRootKit.15314] [Riskware/Qhost] [Win32.SuspectCrc] [Trojan*Win32/Comisproc!gmb] [TROJ_SPNV.03A214]
017f00b71e33f435b011f21ce2e43a76[Win32/Zegost.UHOGJP] [Backdoor.Zegost.BW5] [Trojan.DownLoader9.8143] [Win32/Farfli.PZ] [Win32/PEPatch] [Virus.Win32.PePatch] [Backdoor.Farfli] [Backdoor*Win32/Zegost.BW] [0x56ee7a16] [Cryp_Xin2] [BScope.Trojan.SvcHorse.01643]
034fefe4be9082e963ff64515da7c6cc[Packed/PECompact] [Heuristic.LooksLike.Win32.Suspicious.C!83] [Mal/Behav-160] [PE:Trojan.Friet!1.9DB0]
7d55b1a4d39ec24793ef958cd9bc1176[Trojan.Gamethief.Magania.Dsfy] [BDS/Zegost.ukva] [Trojan.Aksula.A] [Trojan.Inject1.33104] [Win32/Farfli.QW] [W32/Backdoor.T!tr] [Backdoor.Win32.Inject] [Backdoor*Win32/Hupigon.FK] [win32*winpe/Swisyn.CB] [Backdoor.Farfli!4858] [Mal/Behav-170] [BScope.Trojan.SvcHorse.01643]
3a526cb2a216b26b8eae3f2eb616733b[Riskware/FlyStudio] [Trojan*W32/DelfInject.R]
f7a3a3ed5b690c8874ac678c49f8b2cc[W32/Qqpass.A!tr] [Trojan*W32/DelfInject.R]
f597b290087ce01257f4903a80f50c0f[Win32/Oflwr.A!crypt] [Riskware/Qhost]
20d852e43ad1b01ab4671cdf406e49af[Trojan.Jorik.Zegost.szt] [W32/Trojan.OHSU-2115] [Backdoor.Zegost.AF3] [Win32/Farfli.AAV] [W32/Farfli.AAV!tr] [Backdoor.Win32.Zegost] [Trojan.Win32.Jorik.Zegost.szt] [BackDoor-FASW!20D852E43AD1] [Backdoor*Win32/Zegost.AF] [SScope.Trojan.EIC.22207]
c183c04f36e14d4f04ff755498a9985e[Backdoor*Win32/Zegost.AF]
0035c0be2214ae991783fedc67a0cfc9[Trojan*W32/DelfInject.R]
8f1e81ac9f1eea28d2ea511537b36ae4[BDS/Zegost.Q.1495]

Whois
PropertyValue
Email 1498699897@qq.com
NameServer DNS8.HICHINA.COM
Created 2001-02-20 00:00:00
Changed 2014-07-16 00:00:00
Expires 2020-02-20 00:00:00
Registrar HICHINA ZHICHENG TEC

DNS Resolutions
DateIP Address
2011-02-03222.73.205.165 (ClassC)
2012-02-0561.147.80.122 (ClassC)
2012-03-1461.147.125.116 (ClassC)
2012-04-02222.73.15.59 (ClassC)
2012-04-0261.147.125.103 (ClassC)
2012-10-0761.147.125.126 (ClassC)
2013-02-1661.147.80.111 (ClassC)
2013-03-2861.147.125.121 (ClassC)
2013-05-2961.147.117.249 (ClassC)
2013-07-2861.147.125.117 (ClassC)
2013-09-2461.147.80.120 (ClassC)
2013-10-2361.147.125.113 (ClassC)
2013-10-2461.147.80.121 (ClassC)
2014-02-10222.73.15.115 (ClassC)
2015-01-1461.147.125.115 (ClassC)
2015-01-2261.147.117.250 (ClassC)
2021-02-27162.159.237.196 (ClassC)
2023-12-2636.99.50.35 (ClassC)
2024-04-0442.81.98.35 (ClassC)
2024-04-07124.239.243.35 (ClassC)
2024-05-09218.98.12.35 (ClassC)
2024-05-18113.219.142.35 (ClassC)
2024-05-27118.180.40.35 (ClassC)
2024-06-0160.188.66.35 (ClassC)
2025-03-08183.240.240.35 (ClassC)
2025-03-24120.233.47.193 (ClassC)
2025-04-05183.240.238.35 (ClassC)
2025-08-10111.20.254.35 (ClassC)

Subdomains
DateDomainIP
0.ys168.com2024-04-07124.239.243.35
511000.ys168.com2025-08-07110.80.133.24
122749094100.ys168.com2024-09-02183.240.238.35
2200.ys168.com2024-09-09120.233.47.193
z-1396233200.ys168.com2014-12-16222.73.47.229
4400.ys168.com2024-07-09183.240.238.35
332170500.ys168.com2024-09-02183.240.238.35
051600.ys168.com2024-06-23183.240.238.35
48381700.ys168.com2014-04-17222.73.15.115
295944800.ys168.com2024-08-18183.240.238.35
31900.ys168.com2024-09-16120.233.47.193
20010.ys168.com2024-08-14183.240.238.35
497452110.ys168.com2014-04-06222.73.15.115
492227110.ys168.com2013-10-19222.73.15.115
3129110.ys168.com2024-09-09183.240.238.35
wq110.ys168.com2013-04-01222.73.47.229
1571310.ys168.com2024-09-02183.240.240.35
xyx3310.ys168.com2013-08-14222.73.47.229
1556690510.ys168.com2024-08-31183.240.238.35
928394710.ys168.com2024-09-09120.233.47.193
223269710.ys168.com2024-09-02120.233.47.193
1009088910.ys168.com2024-09-02183.240.240.35
tming10.ys168.com2014-05-10222.73.15.115
20.ys168.com2024-09-02183.240.240.35
740084020.ys168.com2024-09-02183.240.238.35
153332120.ys168.com2024-09-02120.233.47.193
220.ys168.com2024-08-07183.240.238.35
www.min220.ys168.com2013-11-01222.73.15.115
a7737420.ys168.com2024-09-02183.240.238.35
1520.ys168.com2024-09-09120.233.47.193
341520.ys168.com2013-07-11222.73.15.115
mazi520.ys168.com2015-03-17222.73.47.229
sshack520.ys168.com2013-05-13222.73.47.229
xinwen520.ys168.com2015-06-09222.73.47.229
15211601620.ys168.com2024-09-16183.240.240.35
a77131920.ys168.com2024-07-11120.233.47.193
4920.ys168.com2024-09-02183.240.240.35
42724920.ys168.com2024-09-02183.240.240.35
42724920.ys168.com2724920.ys168.com2024-08-15120.233.47.193
42724920.ys168.com24920.ys168.com2024-08-18120.233.47.193
284820130.ys168.com2024-09-02183.240.240.35
10219330.ys168.com2024-09-02183.240.240.35
010219330.ys168.com2024-08-20120.233.47.193
1010219330.ys168.com2024-08-28183.240.238.35
cjx82630.ys168.com2015-04-18183.61.164.124
2452473040.ys168.com2013-10-22222.73.15.115
cc574910250.ys168.com2015-01-19222.73.47.229
1156437650.ys168.com2024-05-1861.170.103.35
1098971850.ys168.com2024-09-02183.240.240.35
8867260.ys168.com2024-09-02183.240.240.35
131460.ys168.com2024-05-26111.170.27.1
578547460.ys168.com2014-04-21222.73.15.115
1109037760.ys168.com2024-09-09183.240.240.35
bbt6849760.ys168.com2014-02-20222.73.15.115
1860.ys168.com2024-09-09183.240.238.35
499386860.ys168.com2025-07-12110.80.133.24
070.ys168.com2024-08-23120.233.47.193
2370.ys168.com2024-09-02120.233.47.193
820957570.ys168.com2024-08-22120.233.47.193
28868770.ys168.com2024-09-02120.233.47.193
1355383870.ys168.com2024-08-23183.240.238.35
qq1039159180.ys168.com2013-05-02222.73.47.229
1436294280.ys168.com2024-09-02120.233.47.193
47741880.ys168.com2024-08-31183.240.238.35
147741880.ys168.com2024-07-08183.240.238.35
a147741880.ys168.com2024-07-20183.240.240.35
376924090.ys168.com2014-07-09222.73.15.115
10024190.ys168.com2024-09-01183.240.238.35
1424557590.ys168.com2024-09-21120.233.47.193
0q0.ys168.com2024-09-09183.240.240.35
82787556-1.ys168.com2024-08-26120.233.47.193
dqh001.ys168.com2015-04-21222.73.47.229
263449601.ys168.com2024-09-02120.233.47.193
0701.ys168.com2024-09-09183.240.240.35
1253545701.ys168.com2024-09-02183.240.238.35
130112801.ys168.com2024-09-02183.240.240.35
korea01.ys168.com2014-04-04222.73.15.115
gaibian01.ys168.com2015-01-21222.73.47.229
293573411.ys168.com2024-09-02120.233.47.193
760680911.ys168.com2025-08-05110.80.133.24
1140281911.ys168.com2024-09-02183.240.238.35
460275911.ys168.com2025-08-01110.80.133.24
tming11.ys168.com2014-05-10222.73.15.115
133377321.ys168.com2024-09-02183.240.240.35
1256058421.ys168.com2024-09-09183.240.238.35
031.ys168.com2024-07-30180.97.198.35
1457219031.ys168.com2024-07-23183.240.238.35
88492131.ys168.com2024-09-16183.240.238.35
zxc8853131.ys168.com2013-09-17222.73.15.115
0731.ys168.com2024-07-28180.97.198.35
2466175041.ys168.com2024-08-21120.233.47.193
1195633341.ys168.com2024-07-28183.240.238.35
14537341.ys168.com2024-09-02183.240.238.35
1135446541.ys168.com2024-09-09183.240.240.35
514590841.ys168.com2024-09-02183.240.240.35
1051.ys168.com2024-09-09183.240.238.35
502714151.ys168.com2024-08-27183.240.240.35
290411251.ys168.com2024-09-02120.233.47.193
361884651.ys168.com2024-09-09183.240.240.35
15728350951.ys168.com2024-08-26183.240.240.35
331751951.ys168.com2024-08-24120.233.47.193
357525161.ys168.com2024-09-02183.240.240.35
741071261.ys168.com2024-09-09183.240.240.35
1152028461.ys168.com2024-05-1860.188.66.35
508561.ys168.com2024-08-24183.240.238.35
445679761.ys168.com2025-08-05110.80.133.24
188006071.ys168.com2024-08-0258.222.20.35
204144871.ys168.com2025-08-04110.80.133.24
363000181.ys168.com2024-09-10183.240.240.35
2991425581.ys168.com2024-08-31183.240.238.35
1888888881.ys168.com2024-09-09120.233.47.193
2445919191.ys168.com2024-09-01183.240.240.35
327177691.ys168.com2024-07-19122.192.189.35
www.54089691.ys168.com2015-02-03222.73.47.229
272985791.ys168.com2024-09-07120.233.47.193
pc1.ys168.com2013-11-05222.73.15.115
tming1.ys168.com2014-06-09222.73.15.115
ball1.ys168.com2014-03-21222.73.15.115
1xiaojian1.ys168.com2024-09-02183.240.238.35
lpet1.ys168.com2014-07-11222.73.15.115
lzzzkey1.ys168.com2014-02-13222.73.15.115
zy1.ys168.com2019-08-21162.159.230.253
157171102.ys168.com2024-09-02183.240.238.35
1072755302.ys168.com2024-09-02120.233.47.193
zaocai02.ys168.com2014-03-22222.73.15.115
351616012.ys168.com2024-09-09183.240.238.35
294169012.ys168.com2024-08-24183.240.238.35
13941851112.ys168.com2025-08-07110.80.133.24
adam1212.ys168.com2014-02-27222.73.15.115
qqiu212.ys168.com2014-04-03222.73.15.115
3333312.ys168.com2014-04-06222.73.15.115
mywork312.ys168.com2015-04-22222.73.47.229
1051496412.ys168.com2024-09-09120.233.47.193
244125812.ys168.com2024-09-02183.240.238.35
1303040912.ys168.com2014-02-11222.73.15.115
cwx9912.ys168.com2015-05-07222.73.47.229
aiqing12.ys168.com2014-04-15222.73.15.115
249586022.ys168.com2024-09-02183.240.238.35
475520222.ys168.com2025-07-29110.80.133.24
221222.ys168.com2024-09-09183.240.240.35
qwqw1222.ys168.com2024-03-31113.219.142.35
2222.ys168.com2024-09-09120.233.47.193
qq76779222.ys168.com2013-05-22222.73.47.229
120910422.ys168.com2013-10-11222.73.15.115
270040422.ys168.com2024-08-28183.240.238.35
2795722.ys168.com2024-09-02120.233.47.193
451306722.ys168.com2013-10-28222.73.15.115
qq451306722.ys168.com2013-06-21222.73.47.229
1245663822.ys168.com2024-09-09183.240.238.35
28632.ys168.com2024-09-02183.240.238.35
946547732.ys168.com2024-07-31120.233.47.193
122047832.ys168.com2024-07-17180.97.198.35
hz932.ys168.com2014-05-10222.73.15.115
389991242.ys168.com2024-09-02120.233.47.193
200640542.ys168.com2024-09-09183.240.238.35
30093252.ys168.com2024-09-02183.240.240.35
2642046352.ys168.com2024-08-11183.240.238.35
1020432062.ys168.com2024-09-09183.240.238.35
1428175072.ys168.com2024-09-02183.240.238.35
2534189072.ys168.com2024-09-09183.240.238.35
15517113372.ys168.com2024-09-09183.240.238.35
768747782.ys168.com2024-09-09120.233.47.193
a741015292.ys168.com2024-08-27183.240.238.35
513045292.ys168.com2024-07-26183.240.240.35
13883895692.ys168.com2024-07-19122.192.189.35
14730792.ys168.com2024-09-09120.233.47.193
114730792.ys168.com2024-08-31120.233.47.193
1114730792.ys168.com2024-05-1860.188.66.35
79154992.ys168.com2024-08-17120.233.47.193
www.eplan-eb2.ys168.com2013-10-14222.73.15.115
View on OTX | View on ThreatMiner








Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]



� Copyright 2019 AlienVault, Inc. | Legal| Status| Do Not Sell My Personal Information