www.girlzhangwei.com

YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service)

Domain Information

The domain www.girlzhangwei.com registered by YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service) was initially registered in June of 2014 through HICHINA ZHICHENG TECHNOLOGY LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dallas, Texas within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
HICHINA ZHICHENG TECHNOLOGY LTD.

Server location:
Texas, United States (US)

Create date:
Tuesday, June 17, 2014

Expires date:
Friday, June 17, 2016

Updated date:
Friday, June 19, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ShulanHou.O, PUP.ShulanHou.R, PUP.Ma Lin.ShulanHou, PUP.ELEX.ShulanHo (M)
100.00%

Dr.Web
Adware.Mutabaha.98, Adware.Mutabaha.122, Adware.Mutabaha.220, Adware.Mutabaha.306
50.00%

Malwarebytes
PUP.Optional.MyStartSearch.A, PUP.Optional.ELEX, PUP.Optional.Omniboxes.A, PUP.Optional.IStartSurf.A
41.67%

Sophos
Elex, PUA 'Elex' (of type Adware)
41.67%

ESET NOD32
Win32/ELEX.CF potentially unwanted application
33.33%

K7 AntiVirus
Unwanted-Program , Trojan
33.33%

herdProtect (fuzzy)
a variant of b7e30d885fe7c642fdd6378c210da0ac77f1099c, a variant of 57531a3ae92b775106b5b5e3ffa5322e0cf55415, a variant of 4dab043bed36c817f0c7674040ee126aa65cebd8
33.33%

MicroWorld eScan
Gen:Application.Elex.1
25.00%

Bitdefender
Gen:Application.Elex.1
25.00%

VIPRE Antivirus
BehavesLike.Win32.Malware.sfd (mx-v), Threat.4726263
25.00%

G Data
Gen:Application.Elex
25.00%

AhnLab V3 Security
PUP/Win32.SearchHijacker
25.00%

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen, Win32/Application.33e, HEUR/QVM10.1.Malware.Gen
25.00%

Baidu Antivirus
Adware.Win32.ELEX, PUA.Win32.LiMo
25.00%

Fortinet FortiGate
W32/ELEX.CF, Riskware/Elex
25.00%

The domain www.girlzhangwei.com has been seen to resolve to the following 4 IP addresses.

c9.a8.c1ad.ip4.static.sl-reverse.com
February 1, 2016

1.95.a86c.ip4.static.sl-reverse.com
February 1, 2016

61.e6.2bd0.ip4.static.sl-reverse.com
February 1, 2016

31.d5.24ae.ip4.static.sl-reverse.com
February 1, 2016

File downloads found at URLs served by www.girlzhangwei.com.

11 / 68    (Adware)
http://www.girlzhangwei.com/.../smt_mystartsearch.exe  (f12590e29768a63cb1b81c8726168647)

1 / 68      (Adware)
http://www.girlzhangwei.com/.../lly_omiga-plus.exe  (ce3c72aafcc3bfd6a611fbbdfeb96e7f)

1 / 68      (Adware)
http://www.girlzhangwei.com/.../lly_mystartsearch.exe  (6fc34c5199da6f2cb74df88d64861cd8)

12 / 68    (Adware)
http://www.girlzhangwei.com/.../smt_mystartsearch.exe  (73190278bdf62930d9479d5366f8fa87)

4 / 68      (Adware)
http://www.girlzhangwei.com/.../smt_mystartsearch.exe  (31f8d1cffb02dff93646f81d8ce3dd75)

6 / 68      (Adware)
http://www.girlzhangwei.com/.../smt_mystartsearch.exe  (012c1faf295e8906315f065f583d3432)

8 / 68      (Adware)
http://www.girlzhangwei.com/.../lly_omiga-plus.exe  (01724e222704a8f1b0d1379988301309)

12 / 68    (Adware)
http://www.girlzhangwei.com/.../smt_mystartsearch.exe  (18fa79b97a2312d97e6ba7ffb52a1be0)

4 / 68      (Adware)
http://www.girlzhangwei.com/.../lly_omiga-plus.exe  (ff939b6929a6472f97d47d2dab4a24e2)

13 / 68    (Adware)
http://www.girlzhangwei.com/.../lly_omiga-plus.exe  (85ca472ca490dbd5d5a76b51a635fa5c)

2 / 68      (Adware)
http://www.girlzhangwei.com/.../lly_mystartsearch.exe  (67588ca097bcc574fbb8001b8c6e42ff)

11 / 68    (Adware)
http://www.girlzhangwei.com/.../lly_omiga-plus.exe  (38e5681c35e70c50c305b0a47a451636)

URL:
http://www.girlzhangwei.com/

Google Analytics:
UA-40570956

Title:
“Free Video Player, AVI/MKV/MP4/CD Player, Media Player Download”

Description:
“GoPlayer is a free & powerful video player which can help you enjoy various video files such as Flash, MKV, AVI, MP4 on PC.”

Web server:
nginx