down.job391.com

zenglingbai

Domain Information

The domain down.job391.com registered by zenglingbai was initially registered in October of 2013 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Zhuhai, Guangdong within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Guangdong, China (CN)

Create date:
Tuesday, October 15, 2013

Expires date:
Saturday, October 15, 2016

Updated date:
Wednesday, September 16, 2015

ASN:
AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone,CN

Root domain:

Scanner detections:
Detections  (90% detected)

Scan engine
Details
Detections

Vba32 AntiVirus
Malware-Cryptor.Inject.gen, suspected of Trojan.Downloader.gen.h
100.00%

Clam AntiVirus
Win.Trojan.691128
90.00%

Kaspersky
HEUR:Trojan.Win32.Invader
90.00%

NANO AntiVirus
Riskware.Win32.ShouQu.dmnfjx
90.00%

McAfee
Artemis!75BCAA7F6A9D, Artemis!97FC48B62EE0, Artemis!2EC54109AED8, Artemis!EBF252815313, Artemis!7E184AAA7402, Artemis!F2E95AA54DCC
90.00%

Fortinet FortiGate
W32/Generic.AC.18053
90.00%

Baidu Antivirus
Trojan.Win32.Invader, Hacktool.Win32.NSISmod
60.00%

ESET NOD32
Win32/Packed.NSISmod.A suspicious (variant)
60.00%

avast!
Win32:Malware-gen
50.00%

Dr.Web
Trojan.KillFiles.28526
40.00%

IKARUS anti.virus
PUA.NSISmod, Trojan.Win32.FlyStudio
40.00%

VIPRE Antivirus
Trojan.Win32.Generic
40.00%

Sophos
Generic PUA LK (PUA), Generic PUA CO (PUA), Generic PUA JL (PUA)
40.00%

Trend Micro House Call
Suspicious_GEN.F47V0509, Suspicious_GEN.F47V0424, Suspicious_GEN.F47V0521
30.00%

Comodo Security
TrojWare.Win32.Agent.OSCF, UnclassifiedMalware
30.00%

The domain down.job391.com has been seen to resolve to the following 18 IP addresses.

August 12, 2015

August 12, 2015

July 1, 2015

July 1, 2015

July 1, 2015

July 1, 2015

42.171.204.221.adsl-pool.sx.cn
July 1, 2015

18.23.204.221.adsl-pool.sx.cn
July 1, 2015

16.23.204.221.adsl-pool.sx.cn
July 1, 2015

56.198.163.222.adsl-pool.jlccptt.net.cn
June 18, 2015

June 18, 2015

June 18, 2015

June 18, 2015

cncln.online.ln.cn
June 18, 2015

June 18, 2015

relaymail.org
June 18, 2015

25.224.161.222.adsl-pool.jlccptt.net.cn
May 15, 2015

May 15, 2015

File downloads found at URLs served by down.job391.com.

12 / 68    (PUP)

7 / 68      (PUP)

8 / 68      (PUP)

The following 22 files have been seen to comunicate with down.job391.com in live environments.

 
Latest 20 of 26 files

URL:
http://down.job391.com/

Title:
“Welcome to nginx!”

Web server:
nginx/1.4.1

30 of 40 related domains