home

xiazai.zol.com.cn

Domain Information

Server location:
Beijing, China (CN)

ASN:
AS38361 CNNIC-CNET-AP CNET Networks LTD.,CN

Root domain:
zol.com.cn

Scanner detections:
Detections  (54% detected)

Scan engine
Details
Detections

Dr.Web
Adware.Downware.11005, Adware.Qjwmonkey.18, Adware.Qjwmonkey.28, Adware.Downware.10663, Adware.Qjwmonkey.34, Adware.Qjwmonkey.47
55.17%

avast!
Win32:Malware-gen, Win32:Adware-gen [Adw], Win32:Evo-gen [Susp]
51.72%

G Data
Win32.Trojan.Agent.EJ6EF3, Application.Generic.1438389, Win32.Trojan.Agent.AU7HNT, Win32.Adware.Qjwmonkey, Gen:Variant.Application.Bundler.84
48.28%

ESET NOD32
Win32/Adware.Qjwmonkey (variant), Win32/Packed.NSISmod.O suspicious (variant)
48.28%

IKARUS anti.virus
not-a-virus:Downloader.BindEx, PUA.Qjwmonkey, Trojan.Taranis, PUA.Softcnapp
44.83%

Avira AntiVirus
APPL/Qjwmonkey.tdz, ADWARE/Qjwmonkey.B, APPL/Qjwmonkey.uzfd, APPL/Qjwmonkey.cfk, TR/Taranis.2828
41.38%

Panda Antivirus
Trj/Genetic.gen
37.93%

AVG
Generic6, Generic7, Adware Generic7.RAL, Adware Generic7.ADRL, Adware Generic7.YUD
37.93%

K7 AntiVirus
Adware
34.48%

Rising Antivirus
PE:Trojan.Win32.Generic.18F7D0C5!418894021, PE:Adware.Qjwmonkey!1.A299 [F], PE:Malware.Generic/QRS!1.9E2D [F], PE:Malware.Generic(Thunder)!1.A1C4 [F]
31.03%

Zillya! Antivirus
Adware.Qjwmonkey.Win32.11, Adware.Qjwmonkey.Win32.17, Adware.BrowseFox.Win32.162316, Adware.Qjwmonkey.Win32.120, Adware.Qjwmonkey.Win32.125
27.59%

VIPRE Antivirus
Trojan.Win32.Generic
27.59%

Sophos
Generic PUA OH, Generic PUA OG (PUA), Generic PUA LE (PUA), QjMonkey (PUA), Xiazai (PUA)
27.59%

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.GreenCreaturesEnvironmentProtectionScienceEndTechnologyCo (M), Adware.Generic.AT (M)
27.59%

AhnLab V3 Security
PUP/Win32.MultiPlug, PUP/Win32.Downloader, PUP/Win32.Agent, PUP/Win32.Generic
24.14%

The domain xiazai.zol.com.cn has been seen to resolve to the following 2 IP addresses.

123.103.57.124
123.103.57.124-BJ-CNC
August 13, 2015

118.67.120.124
c25-zol-xiazai-web-80.cnet.com.cn
June 9, 2014

File downloads found at URLs served by xiazai.zol.com.cn.

0 / 68
http://xiazai.zol.com.cn/down.php?nn=34a15be00fd255971&softid=425189&subcateid=279&site=10b&server=10&rand=8172486  (w.p.s.4885.20.2394.exe)

1 / 68      (inconclusive)
http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10&server=10&rand=4849365  (thunder_dl_7.9.43.5054@81_135373.exe)

1 / 68      (Malware)
http://xiazai.zol.com.cn/down.php?softid=427184&subcateid=1266&site=10&checkStr=c9e0b1db43ebdc7e3  (adobe+cc+2015+激活补丁@135_50325.exe)

30 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?nn=cf369a8b062619e15&softid=131571&subcateid=56&site=10&server=10&rand=6121852  (xpvistawin7-ommoo11018@81_375493.exe)

0 / 68
http://xiazai.zol.com.cn/down.php?softid=50000&subcateid=34&site=10&checkStr=72cf0c046c2d06ff8&pos=downloader_main&rand=bad16c  (lotusnotes�Ⱥ�lotusnotesv8.5@92_148021.exe)

1 / 68      (PUP)
http://xiazai.zol.com.cn/down.php?nn=1ad6c58365f25c70f&softid=113160&subcateid=130&site=10&server=10&rand=2612297  (kuwo2015_8.0.1.5@81_190512.exe)

11 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?nn=b793eb0135b2b61f0&softid=109667&subcateid=56&site=10&server=10&rand=4204205  (sshsecureshellclient3.2.9@145_372685.exe)

0 / 68
http://xiazai.zol.com.cn/down.php?nn=af6d20480fb018304&softid=352846&subcateid=1016&site=10&server=10&rand=4374279  (cad2007)

19 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?nn=da651c232de9d9270&softid=115442&subcateid=279&site=10&server=10&rand=7332866  (qt4.6.22.17784@81_212101.exe)

19 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?nn=50ccd974e72abf443&softid=428463&subcateid=103&site=10&server=10&rand=5729901&action=downloader  (qq8.2@81_428274.exe)

19 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?nn=35d98452812c5a894&softid=428046&subcateid=726&site=10&server=10&rand=6407621  (w.p.s.4885.20.2394@81_420641.exe)

1 / 68      (Malware)
http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10&server=10&rand=8287759  (pdf@34_148369.exe)

25 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?softid=430239&subcateid=69&site=10&checkStr=5e8126d7ab0751e5e&pos=downloader_main&rand=e2ece1  (夫妻成长日记下载@2119_1005710.exe)

1 / 68
http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10&server=10&rand=8303527  (102377@102377@.exe)

0 / 68
http://xiazai.zol.com.cn/down.php?nn=23001e1729afe594e&softid=406930&subcateid=1444&site=10&server=10&rand=9290456  (kuaiwansetup_3.5.6.5.exe)

22 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?nn=d3f0a6baa51f1e87c&softid=379536&subcateid=25&site=10&server=10&rand=8920704  (《性感海灘4》+剣闘士存檔@55_50747.exe)

2 / 68      (inconclusive)
http://xiazai.zol.com.cn/down.php?nn=5d56a9f687fb016b5&softid=358176&subcateid=74&site=10&server=10&rand=4680348  (ppt_2010.03@400099@.exe)

1 / 68
http://xiazai.zol.com.cn/down.php?nn=16410870a7e32f26c&softid=26465&subcateid=325&site=10b&server=10&rand=5160298  (directxruntimes201006x64.exe)

6 / 68      (PUP)
http://xiazai.zol.com.cn/down.php?softid=135373&subcateid=327&site=10&checkStr=bc29f4c14ea51514c&pos=downloader_0&rand=f4cce6  (thunder_dl_7.9.43.5054@81_135373.exe)

4 / 68      (PUP)
http://xiazai.zol.com.cn/down.php?nn=0ad70be0b91c9be8b&softid=196587&subcateid=279&site=10&server=10&rand=3345068  (w.p.s.4885.20.2394@81_196587.exe)

1 / 68
http://xiazai.zol.com.cn/down.php?nn=0fcbd7a34c6576703&softid=55225&subcateid=76&site=10b&server=10&rand=6836968  (2013-12-23_funshioninstall2.8.9.7@6@.exe)

1 / 68      (Malware)
http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10&server=10&rand=7334038  (pdf@34_148369.exe)

1 / 68      (Malware)
http://xiazai.zol.com.cn/down.php?softid=394552&subcateid=322&site=10&checkStr=7b20b9f0effb5dad4&pos=dxgs1&rand=210017  (视频转换快手@83_65.exe)

0 / 68
http://xiazai.zol.com.cn/down.php?softid=333561&subcateid=322&site=10&checkStr=1ecdded63f3ceea7c&pos=dxxz1&rand=515217  (typeeasy.12012.0.exe)

11 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?nn=23001e1729afe594e&softid=406930&subcateid=1444&site=10&server=10&rand=439567  (w.p.s.4885.20.2394@81_145524.exe)

10 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?softid=135373&subcateid=327&site=10&checkStr=bc29f4c14ea51514c&pos=downloader_main&rand=ab206b  (openalinstallerforwindowsv@2283_45929.exe)

30 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10&server=10&rand=1030058  (xpvistawin7-ommoo11018@81_375493.exe)

10 / 68    (PUP)
http://xiazai.zol.com.cn/down.php?softid=135373&subcateid=327&site=10&checkStr=bc29f4c14ea51514c&pos=downloader_main&rand=4ba1cf  (openalinstallerforwindowsv@2283_45929.exe)

0 / 68
http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10&server=10&rand=6571437  (thunder_dl_7.9.40.5006review.exe)

2 / 68      (inconclusive)
http://xiazai.zol.com.cn/down.php?nn=4843ee9ed9a63b04d&softid=108817&subcateid=345&site=10&server=10&rand=7818483  (formatfactory_3.6.1.0@325408@.exe)

 
Latest 30 of 177 download URLs

The following 2 files have been seen to comunicate with xiazai.zol.com.cn in live environments.

TCP » 123.103.57.124:80
UCBrowser.exe (by UCWeb)

TCP » 123.103.57.124:80
UCBrowser.exe (by UCWeb)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.