home

zn.tybests.com

wen ben zhou

Domain Information

The domain zn.tybests.com registered by wen ben zhou was initially registered in May of 2014 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chengdu, Sichuan within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Sichuan, China (CN)

Create date:
Saturday, May 24, 2014

Expires date:
Sunday, May 24, 2015

Updated date:
Saturday, May 24, 2014

ASN:
AS4134 CHINANET-BACKBONE No.31,Jin-rong Street,CN

Root domain:
tybests.com

Whois:
1 tybests.com record

Google Safe Browsing:
malware

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/RSoftware (variant), Win32/Induc
85.71%

AVG
Generic
85.71%

Reason Heuristics
PUP.TanQilin.J, PUP.TanQilin.K, PUP.TanQilin.Installer (M)
85.71%

MicroWorld eScan
Gen:Variant.Graftor.55465, Win32.Induc.A
71.43%

Lavasoft Ad-Aware
Gen:Variant.Graftor.55465, Win32.Induc.A
71.43%

F-Secure
Gen:Variant.Graftor.55465, Win32.Induc.A
71.43%

Bitdefender
Gen:Variant.Graftor.55465, Win32.Induc.A
57.14%

Emsisoft Anti-Malware
Gen:Variant.Graftor.55465, Win32.Induc
57.14%

G Data
Gen:Variant.Graftor.55465, Win32.Induc
57.14%

McAfee
Artemis!61CF03D0E1CF, Artemis!A60F16A3D871, Artemis!0E7BFD9D303A, Artemis!7502E0A8BF28
57.14%

Baidu Antivirus
PUA.Win32.RSoftware, Adware.Win32.ZnPlayer
57.14%

Agnitum Outpost
Win32.Induc
42.86%

avast!
Win32:Induc
42.86%

NANO AntiVirus
Virus.Win32.Induc.dffkeg
42.86%

Sophos
W32/Induc-A
42.86%

The domain zn.tybests.com has been seen to resolve to the following IP address.

118.122.37.107
August 17, 2014

File downloads found at URLs served by zn.tybests.com.

1 / 68      (Adware)
http://zn.tybests.com/down/.../pplayer_40_12733_.exe  (7d32ed8d6008cdf9ea301b63cb8ec4ce)

1 / 68      (Adware)
http://zn.tybests.com/down/.../?QVOD???_6_8_.exe  (pplayer_2_7718_.exe)

1 / 68      (Adware)
http://zn.tybests.com/down/.../???????_6_1_.exe  (pplayer_2_7718_.exe)

6 / 68      (Adware)
http://zn.tybests.com/down/.../ G(>h_116_901_.exe  (_80_1028_.exe)

18 / 68    (Adware)
http://zn.tybests.com/down/.../_119_1032_.exe  (0e7bfd9d303a5cb10a23ccba69ef63b7)

18 / 68    (Adware)
http://zn.tybests.com/down/.../_119_1032_.exe  (a60f16a3d871a3aa8249ce01448e7a40)

20 / 68    (Adware)
http://zn.tybests.com/down/.../_80_1160_.exe  (61cf03d0e1cf101178173937f5a62cf7)

14 / 68    (Adware)
http://zn.tybests.com/down/.../pplayer_64_2331_.exe  (803420b5028a9f286b41c029f78bc24a)

URL:
http://zn.tybests.com/

Web server:
nginx/1.0.15

hongyuetextile.com

shzgjx88.com

xzzxjly.com

zuowangzhanla.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.