home

xiazai.job391.com

zenglingbai

Domain Information

The domain xiazai.job391.com registered by zenglingbai was initially registered in October of 2013 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Shanghai, Shanghai within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Shanghai, China (CN)

Create date:
Tuesday, October 15, 2013

Expires date:
Saturday, October 15, 2016

Updated date:
Wednesday, September 16, 2015

ASN:
AS58466 CT-GUANGZHOU-IDC CHINANET Guangdong province network, CN

Root domain:
job391.com

Whois:
1 job391.com record

Scanner detections:
Detections  (80% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Downloader.Shanghai.Installer.Meta (M), Adware.Downloader (M)
64.44%

avast!
Win32:Malware-gen, Win32:Trojan-gen
33.33%

Dr.Web
Trojan.KillFiles.28526
26.67%

Kaspersky
HEUR:Trojan.Win32.Invader, not-a-virus:AdWare.NSIS.Agent
22.22%

ESET NOD32
Win32/Packed.NSISmod.A suspicious (variant)
17.78%

Clam AntiVirus
Win.Trojan.691128-1
17.78%

NANO AntiVirus
Riskware.Win32.ShouQu.dmnfjx
17.78%

AegisLab AV Signature
Troj.Generic, Troj.Generic.mmEX, Dangerousobject.Multi.Generic!c, Troj.W32.Invader!c
17.78%

Vba32 AntiVirus
Malware-Cryptor.Inject.gen
17.78%

IKARUS anti.virus
PUA.RiskWare.Yantai
17.78%

Fortinet FortiGate
W32/Generic.AC.18053
17.78%

AVG
Generic, Generic36, Malware
17.78%

ESET NOD32
Win32/Packed.NSISmod.A suspicious application
17.78%

VIPRE Antivirus
Trojan.Win32.Generic
15.56%

AhnLab V3 Security
PUP/Win32.Downloader, PUP/Win32.Agent, PUP/Win32.Agent.R182507
15.56%

The domain xiazai.job391.com has been seen to resolve to the following 2 IP addresses.

106.75.139.100
May 25, 2016

221.228.75.113
February 10, 2016

File downloads found at URLs served by xiazai.job391.com.

1 / 68      (PUP)
http://xiazai.job391.com/.../?id=20002  (setup_20002.exe)

1 / 68      (PUP)
http://xiazai.job391.com/.../?id=20013  (setup_20013.exe)

1 / 68      (PUP)
http://xiazai.job391.com/.../?id=22008  (setup_22008.exe)

0 / 68
http://xiazai.job391.com/.../?id=118  (setup_118.exe)

1 / 68      (PUP)
http://xiazai.job391.com/.../?id=20008  (setup_20008.exe)

0 / 68
http://xiazai.job391.com/.../?id=120  (setup_120.exe)

1 / 68      (PUP)
http://xiazai.job391.com/.../?id=20011  (setup_20011.exe)

2 / 68      (inconclusive)
http://xiazai.job391.com/.../?id=119  (setup_119.exe)

2 / 68      (inconclusive)
http://xiazai.job391.com/.../?id=121  (setup_121.exe)

1 / 68      (PUP)
http://xiazai.job391.com/.../?id=20001  (setup_20001.exe)

1 / 68      (PUP)
http://xiazai.job391.com/.../?id=20007  (setup_20007.exe)

21 / 68    (PUP)
http://xiazai.job391.com/.../?id=133  (setup_133.exe)

1 / 68      (PUP)
http://xiazai.job391.com/.../?id=21007  (setup_21007.exe)

1 / 68      (PUP)
http://xiazai.job391.com/.../?id=21005  (setup_22002.exe)

1 / 68      (PUP)
http://xiazai.job391.com/.../?id=21006  (setup_21006.exe)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.