dlp.123mplayer.com

chen wenjie

Domain Information

The domain dlp.123mplayer.com registered by chen wenjie was initially registered in May of 2015 through SOLUCIONES CORPORATIVAS IP,SLU. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Vitoria-Gasteiz, Pais Vasco within Spain which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Pais Vasco, Spain (ES)

Create date:
Friday, May 29, 2015

Expires date:
Monday, May 29, 2017

Updated date:
Friday, March 18, 2016

ASN:
AS57910 SCIP-AS Soluciones Corporativas IP, SL,ES

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.PaymentsInteractiveSL.F, PUP.LunacomInteractive.F, PUP.Installer.PaymentsInteractiveSL.F, PUP.Installer.LunacomInteractive, PUP.Tuguu.LunacomInteractive.Bundler (M), PUP.Tuguu.Payments.Bundler (M), PUP.Tuguu.LunacomI.Bundler (M), PUP.Tuguu.Bundler (M), PUP.Tuguu (M)
100.00%

K7 AntiVirus
Unwanted-Program
77.14%

K7 Gateway Antivirus
Unwanted-Program
77.14%

avast!
Win32:Installer-AH [PUP], Win32:DomaIQ-T [PUP], Win32:DomaIQ-BO [PUP], Win32:PUP-gen [PUP], DomaIQ-AP [PUP]
77.14%

Comodo Security
Application.Win32.DomaIQ.PUP, Application.Win32.DomaIQ.KAO, Application.Win32.DomaIQ.JIK, Application.Win32.DomaIQ.KR
77.14%

VIPRE Antivirus
DomaIQ, Threat.4150696
77.14%

Sophos
DomainIQ pay-per install, Virus 'Troj/Agent-AENY'
77.14%

AVG
MalSign.Generic, DomaIQ, Trojan horse Downloader.Generic13.CLYK.dropper, Skodna.Generic_c, Adware DomaIQ.BM
77.14%

MicroWorld eScan
Gen:Variant.Adware.Graftor.139070, Trojan.Agent.BEFC, Application.Bundler.DomaIQ.Q
77.14%

Malwarebytes
PUP.Optional.DomaIQ, PUP.Optional.Dropper.BL, PUP.Optional.Domalq, PUP.Optional.BundleInstaller.A
77.14%

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ, not-a-virus:AdWare.Win32.DomaIQ, not-a-virus:Downloader.NSIS.Agent
77.14%

Bitdefender
Gen:Variant.Adware.Graftor.139070, Trojan.Agent.BEFC, Application.Bundler.DomaIQ.Q
77.14%

Dr.Web
Adware.Downware.2630, Trojan.SMSSend.4979, Trojan.Packed.24553
77.14%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious.H, CryptDomaIQ, BehavesLike.Win32.CryptDoma.hc, BehavesLike.Win32.AdwareDoma.fc
77.14%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud), Win32.Troj.Lollipop.u.(kcloud)
77.14%

The domain dlp.123mplayer.com has been seen to resolve to the following 10 IP addresses.

lb-182-207.above.com
May 19, 2016

lb-182-243.above.com
February 11, 2016

unallocated.barefruit.co.uk
May 4, 2015

www.renewyourexpireddomain.com
April 15, 2015

November 2, 2014

April 16, 2014

April 16, 2014

April 13, 2014

April 13, 2014

December 22, 2013

File downloads found at URLs served by dlp.123mplayer.com.

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

35 / 68    (Adware)

37 / 68    (Adware)

35 / 68    (Adware)

26 / 68    (Adware)

26 / 68    (Adware)

26 / 68    (Adware)

26 / 68    (Adware)

26 / 68    (Adware)

26 / 68    (Adware)

26 / 68    (Adware)

26 / 68    (Adware)

26 / 68    (Adware)

26 / 68    (Adware)

26 / 68    (Adware)

25 / 68    (Adware)

25 / 68    (Adware)

25 / 68    (Adware)

25 / 68    (Adware)

25 / 68    (Adware)

25 / 68    (Adware)

25 / 68    (Adware)

25 / 68    (Adware)

 
Latest 30 of 35 download URLs

The following 253 files have been seen to comunicate with dlp.123mplayer.com in live environments.

 
Latest 20 of 267 files

URL:
http://dlp.123mplayer.com/

Title:
“123mplayer.com -&nbsp123mplayer Resources and Information.”

Description:
“123mplayer.com”

Web server:
Apache/2.2.22 (Debian)