home

staticrr.mixvideoplayer.com

Only contact by email, all postal mail will be rejected  (Proxy Registrant)

Domain Information

The domain staticrr.mixvideoplayer.com is registered by proxy through SOLUCIONES CORPORATIVAS IP, SL and was originally registered in November of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Seattle, Washington within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
SOLUCIONES CORPORATIVAS IP, SL

Server location:
Washington, United States (US)

Create date:
Friday, November 21, 2014

Expires date:
Monday, November 21, 2016

Updated date:
Thursday, December 31, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
mixvideoplayer.com

Whois:
1 mixvideoplayer.com record

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Softpulse.Bundler, PUP.Softpulse.Softforce.Bundler (M), PUP.Win.Reputation
85.71%

Malwarebytes
PUP.Optional.MixVideoPlayer.A
57.14%

K7 AntiVirus
Adware , Trojan
57.14%

Agnitum Outpost
Trojan.Agent, Riskware.Agent
57.14%

NANO AntiVirus
Trojan.Win32.Confuser.dsqmyh, Trojan.Win32.DownLoader12.dtgixm, Riskware.Nsis.Adware.dqabed
57.14%

Dr.Web
Trojan.DownLoader12.43354, Trojan.Domaiq.325
57.14%

VIPRE Antivirus
Trojan.Win32.Generic
57.14%

Trend Micro
TROJ_GE.0CA98D50, TROJ_GE.AC6A92DA
57.14%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
57.14%

ESET NOD32
MSIL/NewPlayer.A potentially unwanted (variant)
57.14%

Baidu Antivirus
PUA.MSIL.NewPlayer, PUA.Win32.SoftPulse
57.14%

MicroWorld eScan
Trojan.GenericKD.2494118, Trojan.GenericKD.2513575, Gen:Variant.Adware.Bawswerps.1
42.86%

McAfee
Artemis!37959B2CB7B8, Artemis!22F7282AC300, Artemis!7FB1E4D23B20
42.86%

Bitdefender
Trojan.GenericKD.2494118, Trojan.GenericKD.2513575, Gen:Variant.Adware.Bawswerps.1
42.86%

Arcabit
Trojan.Strictor.D15BC2, Adware.Agent.PPL, Trojan.Adware.Bawswerps.1
42.86%

The domain staticrr.mixvideoplayer.com has been seen to resolve to the following 9 IP addresses.

52.84.125.196
server-52-84-125-196.iad16.r.cloudfront.net
August 23, 2016

52.84.125.175
server-52-84-125-175.iad16.r.cloudfront.net
August 23, 2016

52.84.125.139
server-52-84-125-139.iad16.r.cloudfront.net
August 23, 2016

52.84.125.116
server-52-84-125-116.iad16.r.cloudfront.net
August 23, 2016

52.84.125.98
server-52-84-125-98.iad16.r.cloudfront.net
August 23, 2016

52.84.125.86
server-52-84-125-86.iad16.r.cloudfront.net
August 23, 2016

52.84.125.62
server-52-84-125-62.iad16.r.cloudfront.net
August 23, 2016

52.84.125.200
server-52-84-125-200.iad16.r.cloudfront.net
August 23, 2016

52.25.133.123
ec2-52-25-133-123.us-west-2.compute.amazonaws.com
January 4, 2016

File downloads found at URLs served by staticrr.mixvideoplayer.com.

0 / 68
http://staticrr.mixvideoplayer.com/sdb/.../MixVideoPlayerSetup.exe  (b43192a03b1c0ff29b8c21ab15d67594)

1 / 68      (Adware)
http://staticrr.mixvideoplayer.com/sdb/.../MixVideoPlayerSetup.exe  (49253c7e066cf6689e9518e19999b314)

1 / 68      (PUP)
http://staticrr.mixvideoplayer.com/sdb/.../MixVideoPlayerSetup.exe  (7bc1394ba5c7a093fef850313efb8b00)

23 / 68    (Adware)
http://staticrr.mixvideoplayer.com/sdb/.../MixVideoPlayerSetup.exe  (6861f86ea1399c09d2c55ccea62516e1)

25 / 68    (PUP)
http://staticrr.mixvideoplayer.com/sdb/.../MixVideoPlayerSetup.exe  (newupdate.exe)

14 / 68    (Adware)
http://staticrr.mixvideoplayer.com/sdb/.../MixVideoPlayerSetup.exe  (e3c3d225d1e1855346064abb983a7664)

1 / 68      (Adware)
http://staticrr.mixvideoplayer.com/sdb/.../MixVideoPlayerSetup.exe  (newupdate.exe)

27 / 68    (Adware)
http://staticrr.mixvideoplayer.com/sdb/.../MixVideoPlayerSetup.exe  (89141b275caa516023f3ee932a1d1ebd)

The following 11 files have been seen to comunicate with staticrr.mixvideoplayer.com in live environments.

TCP » 52.84.125.116:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.116:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.98:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.196:80
browser.exe (speed browser by Smart Applications)

TCP » 52.84.125.98:443
cdhtr.exe

TCP » 52.84.125.98:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.98:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.116:80
browser.exe (Browser)

TCP » 52.84.125.139:80
browser.exe (Browser)

TCP » 52.84.125.62:80
Weather.exe (WeatherBug Desktop by AWS Convergence Technologies)

TCP » 52.84.125.62:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.98:443
stormwatchapp.exe

TCP » 52.25.133.123:80
BrowserWeb.exe (BrowserWeb)

TCP » 52.84.125.116:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.196:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.62:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.98:80
baixaki_recuva.exe (Recuva by Piriform)

URL:
http://staticrr.mixvideoplayer.com/

Network:
Amazon Cloudfront

Web server:
nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.