down.job391.com
zenglingbai
Domain Information
The domain down.job391.com registered by zenglingbai was initially registered in October of 2013 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Zhuhai, Guangdong within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.
Server location:
Guangdong, China (CN)
Create date:
Tuesday, October 15, 2013
Expires date:
Saturday, October 15, 2016
Updated date:
Wednesday, September 16, 2015
ASN:
AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
Scanner detections:
Detections (90% detected)
Scan engine
Details
Detections
Vba32 AntiVirus
Malware-Cryptor.Inject.gen, suspected of Trojan.Downloader.gen.h
100.00%
Clam AntiVirus
Win.Trojan.691128
90.00%
Kaspersky
HEUR:Trojan.Win32.Invader
90.00%
NANO AntiVirus
Riskware.Win32.ShouQu.dmnfjx
90.00%
McAfee
Artemis!75BCAA7F6A9D, Artemis!97FC48B62EE0, Artemis!2EC54109AED8, Artemis!EBF252815313, Artemis!7E184AAA7402, Artemis!F2E95AA54DCC
90.00%
Fortinet FortiGate
W32/Generic.AC.18053
90.00%
Baidu Antivirus
Trojan.Win32.Invader, Hacktool.Win32.NSISmod
60.00%
ESET NOD32
Win32/Packed.NSISmod.A suspicious (variant)
60.00%
avast!
Win32:Malware-gen
50.00%
Dr.Web
Trojan.KillFiles.28526
40.00%
IKARUS anti.virus
PUA.NSISmod, Trojan.Win32.FlyStudio
40.00%
VIPRE Antivirus
Trojan.Win32.Generic
40.00%
Sophos
Generic PUA LK (PUA), Generic PUA CO (PUA), Generic PUA JL (PUA)
40.00%
Trend Micro House Call
Suspicious_GEN.F47V0509, Suspicious_GEN.F47V0424, Suspicious_GEN.F47V0521
30.00%
Comodo Security
TrojWare.Win32.Agent.OSCF, UnclassifiedMalware
30.00%
The domain down.job391.com has been seen to resolve to the following 18 IP addresses.
42.171.204.221.adsl-pool.sx.cn
July 1, 2015
18.23.204.221.adsl-pool.sx.cn
July 1, 2015
16.23.204.221.adsl-pool.sx.cn
July 1, 2015
56.198.163.222.adsl-pool.jlccptt.net.cn
June 18, 2015
cncln.online.ln.cn
June 18, 2015
relaymail.org
June 18, 2015
25.224.161.222.adsl-pool.jlccptt.net.cn
May 15, 2015
File downloads found at URLs served by down.job391.com.
The following 22 files have been seen to comunicate with down.job391.com in live environments.
URL:
http://down.job391.com/
Title:
“Welcome to nginx!”
Related Domains