home

up.soft365.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain up.soft365.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2004. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Washington, District of Columbia within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
District of Columbia, United States (US)

Create date:
Saturday, July 24, 2004

Expires date:
Tuesday, July 24, 2018

Updated date:
Tuesday, April 28, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc., US

Root domain:
soft365.com

Whois:
2 soft365.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.337TechnologyLimited.AA, PUP.337TechnologyLimited.V, PUP.337TechnologyLimited.U, PUP.TaiwanShuiMuChihChingTechnologyLimited.P
100.00%

Malwarebytes
PUP.Optional.Desk365.A
16.67%

Kaspersky
not-a-virus:AdWare.Win32.D365
16.67%

Dr.Web
Adware.Mutabaha.29
16.67%

Vba32 AntiVirus
AdWare.D365
16.67%

ESET NOD32
Win32/ELEX (variant)
16.67%

IKARUS anti.virus
not-a-virus:AdWare.Win32.D365
16.67%

Fortinet FortiGate
Adware/D365
16.67%

The domain up.soft365.com has been seen to resolve to the following 10 IP addresses.

50.97.47.193
c1.2f.6132.ip4.static.sl-reverse.com
May 21, 2016

108.168.162.169
a9.a2.a86c.ip4.static.sl-reverse.com
May 21, 2016

108.168.160.125
7d.a0.a86c.ip4.static.sl-reverse.com
May 21, 2016

208.43.232.118
208.43.232.118-static.reverse.softlayer.com
February 1, 2016

208.43.232.116
208.43.232.116-static.reverse.softlayer.com
February 1, 2016

174.36.247.67
174.36.247.67-static.reverse.softlayer.com
February 1, 2016

174.36.200.164
174.36.200.164-static.reverse.softlayer.com
February 1, 2016

174.36.200.173
174.36.200.173-static.reverse.softlayer.com
November 16, 2013

173.193.180.131
173.193.180.131-static.reverse.softlayer.com
November 16, 2013

173.192.211.211
173.192.211.211-static.reverse.softlayer.com
November 16, 2013

File downloads found at URLs served by up.soft365.com.

1 / 68      (Adware)
http://up.soft365.com/Public/softs/wz/1.2.8/.../WinZipper_update_v1.2.8.exe  (zip_update_v1.2.8.exe)

1 / 68      (Adware)
http://up.soft365.com/Public/softs/wz/1.1.6/.../WinZipper_update_v1.1.6.exe  (zip_update_v1.1.6.exe)

1 / 68      (Adware)
http://up.soft365.com/Public/softs/dsk/1.7.10/.../Desk365_update_v1.7.10.exe  (5d1df956930b9ce77de429cfd7fe8c70)

1 / 68      (Adware)
http://up.soft365.com/Gdp/download_file/.../23  (desk365_update_v1.12.16.exe)

1 / 68      (Adware)
http://up.soft365.com/Public/softs/dsk/1.12.16/.../Desk365_update_v1.12.16.exe  (783e1226733e49ae984baad59389a4c4)

7 / 68      (Adware)
http://up.soft365.com/Public/softs/dsk/1.11.16/.../Desk365_update_v1.11.16.exe  (271289f5182daf664c58be9e63e0bacf)

2 / 68      (Adware)
http://up.soft365.com/Public/softs/libcef/1.1/.../component_libcef_1.1364.1123.exe  (8e390845a88cb1e0406ce350f570cf4b)

The following 230 files have been seen to comunicate with up.soft365.com in live environments.

TCP » 108.168.160.125:80
gamelogin.exe (gamelogin by 337 Technology Limited)

TCP » 108.168.160.125:80
ihpmserver.exe (RayDl)

TCP » 108.168.162.169:80
ihpmserver.exe (RayDl)

TCP » 108.168.162.169:80
gamelogin.exe (gamelogin by 337 Technology Limited)

TCP » 108.168.160.125:80
Desk365.exe (Desk 365 by 337 Technology Limited)

TCP » 108.168.160.125:80
ihpmserver.exe

TCP » 50.97.47.193:80
ihpmserver.exe (RayDl)

TCP » 108.168.160.125:80
ihpmserver.exe (RayDl)

TCP » 108.168.160.125:80
TSvr.exe (svr.exe by tsvr.com)

TCP » 108.168.160.125:80
ihpmserver.exe (RayDld by Ray you)

TCP » 108.168.162.169:80
wdsmanpro.exe (DTools by DTools LIMITED)

TCP » 108.168.160.125:80
TSvr.exe (svr.exe by tsvr.com)

TCP » 108.168.162.169:80
TSvr.exe (svr.exe by tsvr.com)

TCP » 50.97.47.193:80
everything.exe

TCP » 50.97.47.193:80
gamelogin.exe (gamelogin by 337 Technology Limited)

TCP » 50.97.47.193:80
ihpmserver.exe

TCP » 50.97.47.193:80
wdsmanpro.exe (DTools by DTools LIMITED)

TCP » 108.168.160.125:80
wdsmanpro.exe (DTools by DTools LIMITED)

TCP » 108.168.160.125:80
ihpmserver.exe (RayDl)

TCP » 108.168.162.169:80
ihpmserver.exe (RayDld by Ray you)

 
Latest 20 of 511 files

URL:
http://up.soft365.com/

Title:
“升级系统管理”

Web server:
nginx (ThinkPHP)

goplayer.cc

po114.us

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.