www.girlwurina.com

YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service)

Domain Information

The domain www.girlwurina.com registered by YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service) was initially registered in June of 2014 through HICHINA ZHICHENG TECHNOLOGY LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dallas, Texas within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
HICHINA ZHICHENG TECHNOLOGY LTD.

Server location:
Texas, United States (US)

Create date:
Tuesday, June 17, 2014

Expires date:
Friday, June 17, 2016

Updated date:
Friday, June 19, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Extension.ChromePlugin, PUP.XiaoqingLiu.O, PUP.MaLin.O, PUP.MaLin.R, PUP.ShulanHou.Q, PUP.ShulanHou.R, PUP.ShulanHou.O, PUP.XiaoqingLiu.Q, PUP.XiaoqingLiu.H, PUP.Ma Lin.ShulanHou, PUP.Li Mo, PUP.MyStartSearch.Meta (M), PUP.FuyuanZhou (M), PUP.ELEX.ShulanHou (M), PUP.ELEX.XiaoqingLiu (M), PUP.ELEX.MaLin (M), PUP.ELEX.Xiaoqing (M), PUP.ELEX.ShulanHo (M)
100.00%

Sophos
Elex, PUA 'Elex' (of type Adware)
51.06%

G Data
Gen:Application.Elex, Win32.Application.Limo
46.81%

AVG
Generic
38.30%

VIPRE Antivirus
Trojan.Win32.Generic, BehavesLike.Win32.Malware.sfd (mx-v)
36.17%

Baidu Antivirus
PUA.Win32.LiMo, Adware.Win32.ELEX, PUA.Win32.ELEX
31.91%

MicroWorld eScan
Gen:Application.Elex.1
29.79%

Bitdefender
Gen:Application.Elex.1
29.79%

ESET NOD32
Win32/ELEX.BG, Win32/LiMo (variant), Win32/ELEX.BJ, Win32/LiMo.C potentially unwanted (variant), Win32/ELEX.BG (variant)
27.66%

Qihoo 360 Security
Win32/Application.33e, HEUR/QVM10.1.Malware.Gen, HEUR/QVM41.1.Malware.Gen
25.53%

F-Secure
Gen:Application.Elex.1
21.28%

Trend Micro House Call
Suspicious_GEN.F47V1231, Suspicious_GEN.F47V0107, Suspicious_GEN.F47V0111, Suspicious_GEN.F47V0119, Suspicious_GEN.F47V0128
21.28%

McAfee
Artemis!08F6C6D610D9, Trojan.Artemis!C146C9594F73, Artemis!8EDA3333DF72, Artemis!BEDC1E3FDCE9, Artemis!B8C5A70B4877, Artemis!7E1C97945F58
19.15%

Lavasoft Ad-Aware
Gen:Application.Elex.1
19.15%

Dr.Web
Adware.Mutabaha.84, Adware.Mutabaha.91, Adware.Mutabaha.98, Adware.Mutabaha.111
17.02%

The domain www.girlwurina.com has been seen to resolve to the following 4 IP addresses.

c8.a8.c1ad.ip4.static.sl-reverse.com
February 3, 2016

108.168.149.0-static.reverse.softlayer.com
February 3, 2016

60.e6.2bd0.ip4.static.sl-reverse.com
February 3, 2016

30.d5.24ae.ip4.static.sl-reverse.com
February 3, 2016

File downloads found at URLs served by www.girlwurina.com.

0 / 68
http://www.girlwurina.com/.../face_omiga-plus.exe  (fa0cba6201492e683b78fd7ed7cdf773)

1 / 68      (Adware)
http://www.girlwurina.com/.../uni_webssearches.exe  (fdc5af35b6c8c82165ba330bffaf39ed)

9 / 68      (Adware)
http://www.girlwurina.com/.../lly_omiga-plus.exe  (7d6827604dbe7669783161743ac4bdaa)

7 / 68      (Adware)

1 / 68      (Adware)
http://www.girlwurina.com/.../scl_webssearches.exe  (d090af559bd032a8367a4550396aff0c)

7 / 68      (Adware)
http://www.girlwurina.com/.../con_omiga-plus.exe  (cb370f223eef4b284eeb6ecbd95d6caa)

1 / 68      (Adware)
http://www.girlwurina.com/.../lly_mystartsearch.exe  (ba42346904de0eb151d7100e60e1408f)

4 / 68      (Adware)

5 / 68      (Adware)
http://www.girlwurina.com/.../pjr_webssearches.exe  (474d0951cb741a08be82931c32c148c0)

1 / 68      (Adware)
http://www.girlwurina.com/.../obw_omiga-plus.exe  (8f4cefce34956bb93feccf8c47cb3ab0)

1 / 68      (Adware)
http://www.girlwurina.com/.../sfpsnew3_mystartsearch.exe  (6d287535e7d619ba7d392c559ddd80c3)

13 / 68    (Adware)
http://www.girlwurina.com/.../kmp_webssearches.exe  (177face2beaf851767a9a55dab525d07)

4 / 68      (Adware)
http://www.girlwurina.com/.../adks_omiga-plus.exe  (faba816e13a44882b277e64d0e92b8f5)

9 / 68      (Adware)
http://www.girlwurina.com/.../wpc_mystartsearch.exe  (3d38eb69dd4e70c25052dd1a7a98e364)

5 / 68      (Adware)

6 / 68      (Adware)
http://www.girlwurina.com/.../nsbuk_v9.exe  (bedc1e3fdce9a2c82eb71bb6572927cb)

The following file have been seen to comunicate with www.girlwurina.com in live environments.

URL:
http://www.girlwurina.com/

Google Analytics:
UA-40570956

Title:
“Free Video Player, AVI/MKV/MP4/CD Player, Media Player Download”

Description:
“GoPlayer is a free & powerful video player which can help you enjoy various video files such as Flash, MKV, AVI, MP4 on PC.”

Web server:
nginx