home

cp.mpalyerfreeware.com

Only contact by email, all postal mail will be rejected  (Proxy Registrant)

Domain Information

The domain cp.mpalyerfreeware.com is registered by proxy through SOLUCIONES CORPORATIVAS IP, SL and was originally registered in February of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
SOLUCIONES CORPORATIVAS IP, SL

Server location:
Oregon, United States (US)

Create date:
Monday, February 18, 2013

Expires date:
Saturday, February 18, 2017

Updated date:
Wednesday, February 17, 2016

Root domain:
mpalyerfreeware.com

Whois:
4 mpalyerfreeware.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.TuguuSL.R, PUP.Installer.Awimba.R, PUP.Installer.TUGUUSL.R, PUP.TUGUUSL.X, PUP.Tuguu.Awimba.Bundler (M), PUP.Tuguu.LunacomI.Bundler (M)
100.00%

avast!
NSIS:DomaIQ-C [PUP]
66.67%

Sophos
DomainIQ pay-per install
66.67%

Dr.Web
Adware.W3i.28, Adware.W3i.37, Adware.W3i.29
66.67%

VIPRE Antivirus
DomaIQ
66.67%

Avira AntiVirus
APPL/DomaIQ.Gen7, APPL/DomalQ.C
66.67%

ESET NOD32
Win32/DomaIQ
66.67%

AVG
Agent.L
66.67%

Malwarebytes
Adware.DomaIQ, PUP.Optional.BundleInstaller.A, PUP.FakeFlash.Domaiq
55.56%

K7 AntiVirus
Trojan
55.56%

Norman
Obfuscated.gen!r, Suspicious_Gen4.ERZRG, Suspicious_Gen4.EFXQK, Suspicious_Gen4.EJHBW
55.56%

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ, not-a-virus:HEUR:AdWare.MSIL.DomaIQ, not-a-virus:AdWare.MSIL.DomaIQ
55.56%

Agnitum Outpost
PUA.DomaIQ
55.56%

Comodo Security
Application.Win32.DomaIQ.T, ApplicUnwnt, UnclassifiedMalware
55.56%

Fortinet FortiGate
Adware/DomaIQ, W32/Agent.HUUT!tr, Adware/Fam.NB, W32/DomaIQ.I
55.56%

The domain cp.mpalyerfreeware.com has been seen to resolve to the following 5 IP addresses.

54.191.227.226
ec2-54-191-227-226.us-west-2.compute.amazonaws.com
December 7, 2015

54.213.219.119
ec2-54-213-219-119.us-west-2.compute.amazonaws.com
December 7, 2015

52.10.139.14
ec2-52-10-139-14.us-west-2.compute.amazonaws.com
May 2, 2015

52.10.43.205
ec2-52-10-43-205.us-west-2.compute.amazonaws.com
May 2, 2015

46.105.231.242
September 3, 2014

File downloads found at URLs served by cp.mpalyerfreeware.com.

11 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1839759Za1594166Zg172Zw30Zm43Zc1856000480,1856000480Zs143Zi0ZZ&PubID=44&__tc=1370793867.35  (setup_v.170871375b.exe)

1 / 68      (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1792901Za1583612Zg49Zw28Zm11Zc1856000451,1856000451Zs130Zi0ZZ&PubID=2&__tc=1373908235.9  (setup_v.179649381c.exe)

1 / 68      (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1781498Za1583507Zg172Zw12Zm6Zc1856000439,1856000439Zs133Zi0ZZ&PubID=5&__tc=1374384599.26  (setup_v.179746067c.exe)

1 / 68      (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1850293Za1610291Zg49Zw1Zm2Zc1856000463,1856000463Zs143Zi3ZZ&PubID=2&__tc=1376784012.2878  (setup.exe)

21 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1792901Za1553703Zg49Zw28Zm11Zc1856000451,1856000451Zs130Zi0ZZ&PubID=2&__tc=1370219726.14  (setup_v.167054232c.exe)

20 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1839759Za1612376Zg172Zw2Zm4095Zc1856000480,1856000480Zs143Zi0ZZ&PubID=99&__tc=1373776191.31  (setup_v.178670845c.exe)

1 / 68      (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1799942Za1621159Zg27Zw4Zm42Zc1856000463,1856000463Zs143Zi0ZZ&PubID=4&__tc=1374186488.79  (setup_v.179746067c.exe)

21 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/doma/dls.mpalyerfreeware.com/p/151/Setup/321/.../825.74.110.0a014a0c  (setup_v.167054232c.exe)

21 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1759754Za1521713Zg27Zw1Zm15Zc1856000419,1856000419Zs135Zi0ZZ&PubID=2&__tc=1370305865.44  (setup_v.167054232c.exe)

26 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/doma/dls.mpalyerfreeware.com/p/151/FlashPlayer/321/.../857.74.110.098491a7  (flashplayer_v.157042809c.exe)

26 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/doma/dls.mpalyerfreeware.com/p/151/FlashPlayer/321/.../857.74.110.09849159  (flashplayer_v.157042809c.exe)

18 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1799942Za1563712Zg27Zw8Zm201Zc1856000463,1856000463Zs143Zi0ZZ&PubID=2&__tc=1369783418.74  (setup_v.163550885b.exe)

11 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1764840Za1540124Zg10Zw2Zm4095Zc1856000415,1856000415Zs138Zi0ZZ&PubID=5&__tc=1370765021.7  (setup_v.170871375b.exe)

25 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1792901Za1553700Zg49Zw46Zm5Zc1856000451,1856000451Zs130Zi0ZZ&PubID=2&__tc=1372541287.63  (setup_v.176877886b.exe)

11 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/doma/dls.mpalyerfreeware.com/p/151/Setup/321/.../825.74.110.0a30edbc  (setup_v.170871375b.exe)

11 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/doma/dls.mpalyerfreeware.com/p/151/Setup/321/.../825.74.110.0a30ed5b  (setup_v.170871375b.exe)

11 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/doma/dls.mpalyerfreeware.com/p/151/Setup/321/.../825.74.110.0a30ed2a  (setup_v.170871375b.exe)

11 / 68    (Adware)
http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1721937Za1491065Zg171Zw1Zm425Zc1856000356,1856000356Zs98Zi0ZZ&PubID=5&__tc=1370779593.91  (setup_v.170871375b.exe)

The following 7 files have been seen to comunicate with cp.mpalyerfreeware.com in live environments.

TCP » 52.10.139.14:80
chromesetup.exe

TCP » 52.10.139.14:80
notepad.exe

TCP » 52.10.139.14:80
google maps.exe

TCP » 52.10.139.14:80
BrowserWeb.exe (BrowserWeb)

TCP » 52.10.43.205:80
chromesetup.exe

TCP » 52.10.43.205:80
chromesetup.exe

TCP » 52.10.43.205:80
facebook.exe

TCP » 54.191.227.226:80
BrowserWeb.exe (BrowserWeb)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.