home

xz.job391.com

zenglingbai

Domain Information

The domain xz.job391.com registered by zenglingbai was initially registered in October of 2013 through ENAME TECHNOLOGY CO., LTD.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Hangzhou, Zhejiang within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Zhejiang, China (CN)

Create date:
Tuesday, October 15, 2013

Expires date:
Saturday, October 15, 2016

Updated date:
Wednesday, September 16, 2015

ASN:
AS4134 CHINANET-BACKBONE No.31,Jin-rong Street, CN

Root domain:
job391.com

Whois:
1 job391.com record

Scanner detections:
Malware distribution  (68% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Downloader.Shanghai.Meta (M)
86.67%

Dr.Web
Trojan.KillFiles.28526, Adware.ShouQu.14
26.67%

AhnLab V3 Security
PUP/Win32.Downloader
26.67%

Vba32 AntiVirus
Malware-Cryptor.Inject.gen, suspected of Trojan.Downloader.gen.h
26.67%

K7 AntiVirus
Unwanted-Program
13.33%

NANO AntiVirus
Riskware.Win32.ShouQu.dmnfjx
13.33%

ESET NOD32
Win32/Packed.NSISmod.A suspicious (variant)
13.33%

Clam AntiVirus
Win.Trojan.691128
13.33%

Kaspersky
HEUR:Trojan.Win32.Invader
13.33%

Fortinet FortiGate
W32/Generic.AC.18053
13.33%

Zillya! Antivirus
Trojan.Llac.Win32.53640, Adware.KhitCRTD.Win32.131
13.33%

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
6.67%

Malwarebytes
Adware.DownWare
6.67%

avast!
Win32:Malware-gen
6.67%

AegisLab AV Signature
Troj.W32.Invader!c
6.67%

The domain xz.job391.com has been seen to resolve to the following 13 IP addresses.

220.243.230.247
August 21, 2016

183.134.11.85
July 29, 2016

122.228.237.175
July 29, 2016

122.228.24.164
July 29, 2016

122.228.22.176
July 29, 2016

117.23.51.73
July 29, 2016

117.23.2.80
July 29, 2016

115.231.22.76
July 29, 2016

220.243.237.153
July 6, 2016

150.138.169.240
June 7, 2016

220.243.194.54
June 5, 2016

220.243.237.152
April 18, 2016

220.243.235.203
April 18, 2016

File downloads found at URLs served by xz.job391.com.

0 / 68
http://xz.job391.com/.../Adobe Flash CS6@89_1_7656.exe  (02aa8fe01f5027b7919784b46b36c79e)

0 / 68
http://xz.job391.com/.../????@89_1_191.exe  (美图秀秀@89_1_191.exe)

0 / 68
http://xz.job391.com/.../????@89_1_23975.exe  (字体管家@89_1_23975.exe)

0 / 68
http://xz.job391.com/.../xbox360?????@89_1_24665.exe  (xbox360手柄模拟器@89_1_24665.exe)

0 / 68
http://xz.job391.com/.../portraiture@89_1_82152.exe  (奇艺qsv视频格式转换器@89_1_5868.exe)

4 / 68      (PUP)
http://xz.job391.com/.../????@89_1_24586.exe  (3dmax2015教育版autodesk 3ds max 2015免费版@89_1_27945.exe)

0 / 68
http://xz.job391.com/.../????@89_1_1008.exe  (奇艺qsv视频格式转换器@89_1_5868.exe)

0 / 68
http://xz.job391.com/.../Microsoft Visual Studio 2012 Ultimate@89_1_7678.exe  (会声会影x7@89_1_25570.exe)

4 / 68      (PUP)
http://xz.job391.com/.../360?????????@83_1_85676.exe  (3dmax2015教育版autodesk 3ds max 2015免费版@89_1_27945.exe)

1 / 68      (Malware)
http://xz.job391.com/.../EasyDivX@89_1_76582.exe  (adobe premiere pro cc@89_1_24957.exe)

0 / 68
http://xz.job391.com/.../?????????@89_1_239.exe  (奇艺qsv视频格式转换器@89_1_5868.exe)

0 / 68
http://xz.job391.com/.../?????@83_1_30969.exe  (快玩游戏盒@83_1_30969&key=71c2dc87c1576d175aaf387fe882ff6d&tmp=1468627285144.exe)

1 / 68      (Malware)
http://xz.job391.com/.../ROOT??@89_1_24064.exe  (root精灵@89_1_24064.exe)

3 / 68      (PUP)
http://xz.job391.com/.../VC2008???@89_1_515.exe  (microsoft office 2007@89_1_105.exe)

1 / 68      (PUP)
http://xz.job391.com/.../????????@89_1_44467.exe  (新标准日本语初级@89_1_50255.exe)

2 / 68      (PUP)
http://xz.job391.com/.../????@89_1_24435.exe  (酷我音乐2016@89_1_64.exe)

1 / 68      (Malware)
http://xz.job391.com/.../SlySoft CloneDVD@89_1_1894.exe  (adobe premiere pro cc@89_1_24957.exe)

1 / 68      (Malware)
http://xz.job391.com/.../KBuilder @89_1_78241.exe  (adobe premiere pro cc@89_1_24957.exe)

1 / 68      (Malware)
http://xz.job391.com/.../iTools@89_1_4190.exe  (adobe premiere pro cc@89_1_24957.exe)

2 / 68      (PUP)
http://xz.job391.com/.../???????@89_1_28885.exe  (酷我音乐2016@89_1_64.exe)

1 / 68      (Malware)
http://xz.job391.com/.../DirectX????@89_1_6081.exe  (directx修复工具@89_1_6081.exe)

20 / 68    (PUP)
http://xz.job391.com/m.php?url=aHR0cDovL3h6LmpvYjM5MS5jb20vU2V0dXBfZHlkaC50di5leGU=  (setup_xigua110.com.exe)

4 / 68      (PUP)
http://xz.job391.com/.../kof97??97@89_1_794.exe  (3dmax2015教育版autodesk 3ds max 2015免费版@89_1_27945.exe)

1 / 68      (PUP)
http://xz.job391.com/.../Microsoft Office 2007@89_1_105.exe  (新标准日本语初级@89_1_50255.exe)

1 / 68      (PUP)
http://xz.job391.com/.../??@89_1_4455.exe  (新标准日本语初级@89_1_50255.exe)

1 / 68      (PUP)
http://xz.job391.com/.../???????@89_1_3601.exe  (新标准日本语初级@89_1_50255.exe)

1 / 68      (PUP)
http://xz.job391.com/.../??7@89_1_3113.exe  (新标准日本语初级@89_1_50255.exe)

1 / 68      (PUP)
http://xz.job391.com/.../????2008???@89_1_786.exe  (新标准日本语初级@89_1_50255.exe)

1 / 68      (Malware)
http://xz.job391.com/.../????2HD@89_1_23996.exe  (adobe premiere pro cc@89_1_24957.exe)

1 / 68      (Malware)
http://xz.job391.com/.../????@89_1_41.exe  (adobe premiere pro cc@89_1_24957.exe)

 
Latest 30 of 52 download URLs

URL:
http://xz.job391.com/

Title:
“Welcome to nginx !”

Web server:
nginx/1.4.1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.