www.po114.us

xianlin xie

Domain Information

The domain www.po114.us registered by xianlin xie was initially registered in October of 2013 through GODADDY.COM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Washington, District of Columbia within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
GoDaddy.com, Inc.

Server location:
District of Columbia, United States (US)

Create date:
Thursday, October 24, 2013

Expires date:
Tuesday, October 23, 2018

Updated date:
Friday, December 19, 2014

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SkytouchTechnologyCoLimited.T, PUP.SkytouchTechnologyCoLimited.P, PUP.SkytouchTechnologyCoLimited.O, PUP.SkytouchTechnologyCoLimited.K, PUP.HefeiZhimingxingtongSoftwareTechnologyCo.T, PUP.BeijingELEXTechnologyCoLtd.G, PUP.HefeiZhimingxingtongSoftwareTechnologyCo.Q, PUP.ELEX.SkytouchTechnologyCo (M), PUP.ELEX.Skytouch (M)
100.00%

Dr.Web
Adware.Mutabaha.42, Adware.Mutabaha.41, Adware.Mutabaha.44, Adware.Downware.1605, Adware.Mutabaha.50, Adware.Mutabaha.53
73.08%

Baidu Antivirus
Trojan.Win32.Elex, Adware.Win32.ELEX
73.08%

Trend Micro House Call
TROJ_GEN.F47V1227, TROJ_GEN.F47V1214, TROJ_GEN.F47V0223, TROJ_GEN.F47V0227, TROJ_GEN.F47V0306, TROJ_GEN.F47V0225, TROJ_GEN.F47V1109
69.23%

Malwarebytes
PUP.Optional.SkyTech.A
61.54%

ESET NOD32
Win32/ELEX, Win32/ELEX (variant), Win32/ELEX.AF (variant), Win32/ELEX.AJ (variant)
61.54%

Agnitum Outpost
Riskware.Agent
61.54%

Fortinet FortiGate
Riskware/Elex
57.69%

McAfee
Artemis!BFCAFDAC7317, Artemis!B5B6B59BE79E, Artemis!9CDEAD920A06, Artemis!D1012EE216F9, Artemis!E371C455F13C, Artemis!1AD1E86E65F5, Artemis!1A9C6012CF54
46.15%

McAfee Web Gateway
Artemis!BFCAFDAC7317, Artemis!B5B6B59BE79E, Artemis!9CDEAD920A06, Artemis!D1012EE216F9, Artemis!E371C455F13C, Artemis!1AD1E86E65F5
46.15%

Emsisoft Anti-Malware
Adware.Win32.AppInstall, Adware.DealPly, Trojan.Iframe.CGB, Application.Downloader.SV
34.62%

Avira AntiVirus
ADWARE/Adware.Gen2
30.77%

avast!
Win32:Malware-gen, Win32:Adware-gen [Adw]
26.92%

IKARUS anti.virus
Win32.Malware
19.23%

AhnLab V3 Security
PUP/Win32.Amonetiz
19.23%

The domain www.po114.us has been seen to resolve to the following 4 IP addresses.

173.193.180.132-static.reverse.softlayer.com
January 25, 2014

208.43.232.116-static.reverse.softlayer.com
January 25, 2014

208.43.232.118-static.reverse.softlayer.com
January 25, 2014

173.193.180.130-static.reverse.softlayer.com
January 25, 2014

File downloads found at URLs served by www.po114.us.

13 / 68    (Adware)
http://www.po114.us/hpnt/.../adks_awesomehp.exe  (1a9c6012cf54d2d3d5f698add6ebd19d)

1 / 68      (Adware)
http://www.po114.us/hpnt/.../sfpsnew1_dosearches.exe  (22f5d38b9e985654a2822192f4e91175)

10 / 68    (PUP)
http://www.po114.us/hpnt/.../lly_webssearches.exe  (397166c1de345749d2d81dd2d7370c8c)

3 / 68      (Adware)
http://www.po114.us/hpnt/.../adks_qone8.exe  (690d4520abfb8e9a8facf48eceb2fb92)

4 / 68      (Adware)
http://www.po114.us/hpnt/.../wpc_sweet-page.exe  (24d8c6f9942809ccd20ea16cacd24c7f)

10 / 68    (PUP)
http://www.po114.us/hpnt/.../lly_v9.exe  (927760265c231d131d0585fdca94c15f)

4 / 68      (Adware)
http://www.po114.us/hpnt/.../adks_awesomehp.exe  (2c2d1f5ea8d55159c5964aebbf48f013)

1 / 68      (Adware)
http://www.po114.us/hpnt/.../sfpsnew1_nationzoom.exe  (7bf5c3a997c07c74754bb2ea41b472ab)

1 / 68      (Adware)
http://www.po114.us/hpnt/.../sfpsnew1_omiga-plus.exe  (8e74a49c37b36fafe581af2171911df6)

13 / 68    (Adware)
http://www.po114.us/hpnt/.../sfpsnew1_qone8.exe  (4bea9a13f8eb002aa1ee0510c707b2c4)

7 / 68      (Adware)
http://www.po114.us/hpnt/.../adks_awesomehp.exe  (417940a3171af6a0e1e321f073872c41)

3 / 68      (PUP)
http://www.po114.us/hpnt/.../llynew_webssearches.exe  (5c1e3725667a48d319bab7a305df013c)

10 / 68    (PUP)
http://www.po114.us/hpnt/.../adks_sweet-page.exe  (2c65b6b3bc766404718a6ab7e98676f6)

14 / 68    (Adware)
http://www.po114.us/hpnt/.../wpc_sweet-page.exe  (a80f63186a1414870c0cbad62faab942)

1 / 68      (Adware)
http://www.po114.us/hpnt/.../sfpsnew1_awesomehp.exe  (d0eb0bbdf828eb960bf36a285e8f4a7e)

11 / 68    (Adware)
http://www.po114.us/hpnt/.../adks_awesomehp.exe  (d1012ee216f9640c3531d407c668daf8)

13 / 68    (PUP)
http://www.po114.us/hpnt/.../lly_webssearches.exe  (1ad1e86e65f52337cd8376761dfb4d78)

8 / 68      (Adware)
http://www.po114.us/hpnt/.../adks_nationzoom.exe  (f24d03db0a3faa8688b55211bfb67854)

14 / 68    (Adware)
http://www.po114.us/hpnt/.../wpc_sweet-page.exe  (390ea85cc79fd6c37361b120dc8d324d)

15 / 68    (Adware)
http://www.po114.us/hpnt/.../wpc_sweet-page.exe  (f9af7229398fa61d76eca2186b5769b7)

15 / 68    (Adware)
http://www.po114.us/hpnt/.../wpc_sweet-page.exe  (18cc8a0e9e32496a467d065e1783b941)

12 / 68    (PUP)
http://www.po114.us/hpnt/.../lly_webssearches.exe  (a9cbcc92443360e4a0493b15d6b51a86)

11 / 68    (Adware)

20 / 68    (Adware)
http://www.po114.us/hpnt/.../tugs_qone8.exe  (c3731247baaa29d326b442691240ae80)

14 / 68    (Adware)
http://www.po114.us/hpnt/.../amt_nationzoom.exe  (489dfc673dd1ba9c1c2f42af5a4c7471)

17 / 68    (Adware)
http://www.po114.us/hpnt/.../tugs_awesomehp.exe  (bfcafdac7317f0174554134696093812)

The following 13 files have been seen to comunicate with www.po114.us in live environments.