home

dl.qxiazai.com

xiao jie

Domain Information

The domain dl.qxiazai.com registered by xiao jie was initially registered in June of 2011 through ENAME TECHNOLOGY CO., LTD.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Shanghai, Shanghai within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Shanghai, China (CN)

Create date:
Tuesday, June 28, 2011

Expires date:
Thursday, June 28, 2018

Updated date:
Sunday, May 17, 2015

ASN:
AS4812 CHINANET-SH-AP China Telecom (Group),CN

Root domain:
qxiazai.com

Whois:
2 qxiazai.com records

Scanner detections:
Malware distribution  (67% detected)

Scan engine
Details
Detections

Reason Heuristics
Unnamed.Threat.11
33.33%

Malwarebytes
PUP.Optional.ChinAd
33.33%

Trend Micro House Call
TROJ_GEN.F47V1224
33.33%

Comodo Security
TrojWare.Win32.Injector.JQFR
33.33%

Rising Antivirus
NS:Malware.Install!1.9F21
33.33%

McAfee
Artemis!E317C48AD6FC
33.33%

NANO AntiVirus
Riskware.Win32.InstallCore.dcnbqv
33.33%

F-Prot
W32/SelfStarterInternetTrojan!M
33.33%

Clam AntiVirus
Win.Trojan.11350378
33.33%

Dr.Web
Adware.InstallCore.238
33.33%

VIPRE Antivirus
Trojan.Win32.Generic
33.33%

Sophos
Mal/Agent-AOM
33.33%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
33.33%

Fortinet FortiGate
W32/Agent.NPS!tr.dldr
33.33%

The domain dl.qxiazai.com has been seen to resolve to the following 12 IP addresses.

122.225.96.132
December 7, 2015

58.218.211.250
December 7, 2015

122.225.107.66
December 7, 2015

122.225.98.197
December 7, 2015

116.11.254.249
September 3, 2014

183.57.148.247
September 3, 2014

101.226.200.152
April 26, 2014

101.226.200.134
April 26, 2014

101.226.200.132
April 26, 2014

101.226.200.130
April 26, 2014

218.6.23.37
April 26, 2014

218.6.23.36
April 26, 2014

File downloads found at URLs served by dl.qxiazai.com.

9 / 68      (PUP)
http://dl.qxiazai.com/down.php?sid=121  (setup_121.exe)

1 / 68      (Malware)
http://dl.qxiazai.com/down.php?sid=112  (setup_52.exe)

4 / 68      (inconclusive)
http://dl.qxiazai.com/down.php?sid=70  (setup_62.exe)

4 / 68      (inconclusive)
http://dl.qxiazai.com/down.php?sid=68  (setup_62.exe)

The following 2 files have been seen to comunicate with dl.qxiazai.com in live environments.

TCP » 183.57.148.247:80
wifi_1.0.1.1002.crx

TCP » 183.57.148.247:80
365guard.crx

URL:
http://dl.qxiazai.com/

Title:
“dl”

Web server:
nginx

869v.com

ke8u.com

it376.com

sh5y.com

7r7z.com

09p9.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.