ttb.123mplayer.com

chen wenjie

Domain Information

The domain ttb.123mplayer.com registered by chen wenjie was initially registered in May of 2015 through SOLUCIONES CORPORATIVAS IP,SLU. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Remove Malware from ttb.123mplayer.com - Powered by Reason Core Security
Registrar:
NAMEPAL.COM #8023.

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Friday, May 29, 2015

Expires date:
Sunday, May 29, 2016

Updated date:
Tuesday, June 02, 2015

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.PaymentsInteractiveSL.E, PUP.tuguusl.E, PUP.LunacomInteractive.F, PUP.PaymentsInteractiveSL.F, PUP.LunacomInteractive.E, Threat.Tuguu.Bundler, PUP.Tuguu.PaymentsInteractive.Bundler (M), Threat.Win.Reputation.IMP
100.00%

McAfee
Adware-DomaIQ!0B5CF2AC00F9, Adware-DomaIQ!0CE26E2DB0A6, Adware-DomaIQ!90B3AD7FC5EA, Adware-DomaIQ!6F4631173EEF, Adware-DomaIQ!5FDAA88C82D5
70.97%

Malwarebytes
PUP.Optional.BundleInstaller.A, PUP.Optional.DomaIQ, Trojan.Dropper.FJ, PUP.Optional.Domalq
70.97%

K7 Gateway Antivirus
Unwanted-Program , Trojan
70.97%

Dr.Web
Adware.Downware.1827, Trojan.PayInt.4, Trojan.PayInt.14, Adware.Downware.1828, Trojan.DownLoader11.4884, Adware.Downware.1767
70.97%

VIPRE Antivirus
Trojan.Win32.Generic, DomaIQ, Threat.4150696, Threat.4783235, Threat.4783262, Threat.4665102
70.97%

Avira AntiVirus
APPL/DomaIQ.Gen2, APPL/DomalQ.skd, APPL/DomaIQ.G.2, PUA/DomaIQ.Gen2
70.97%

Sophos
DomainIQ pay-per install, Mal/Generic-S, PUA 'DomainIQ pay-per install'
70.97%

AVG
Skodna.Generic_r, DomaIQ, Adware Skodna.Generic_r.HX, Adware Skodna.Generic_r.HZ, Adware Skodna.Generic_r.IA, Adware Skodna.Bundle_r.O
70.97%

Panda Antivirus
Adware/MultiToolbar, PUP/MultiToolbar.A
70.97%

MicroWorld eScan
Dropped:Adware.Generic.652889, Dropped:Trojan.Generic.10221369, Adware.Generic.677231, Adware.DomaIQ.AO, Dropped:Trojan.Generic.10145988
67.74%

NANO AntiVirus
Riskware.Win32.DomaIQ.crviun, Trojan.Win32.PayInt.csbzzs, Riskware.Win32.PayInt.csfdpx, Riskware.Win32.Downware.cseqrv, Riskware.Win32.DomaIQ.crnuoh
67.74%

Bitdefender
Dropped:Adware.Generic.652889, Dropped:Trojan.Generic.10221369, Adware.Generic.677231, Adware.DomaIQ.AO, Dropped:Trojan.Generic.10145988
67.74%

Comodo Security
Application.Win32.Agent.D, Application.Win32.DMIQ.A, Application.Win32.DomaIQ.D, Application.Win32.DomaIQ.JIK
67.74%

Jiangmin
AdWare/MSIL.acc, AdWare/DomaIQ.cj, AdWare/MSIL.afq, AdWare/DomaIQ.fa, AdWare/DomaIQ.zf, AdWare/Lollipop.fg, AdWare/DomaIQ.bv
67.74%

The domain ttb.123mplayer.com has been seen to resolve to the following 7 IP addresses.

January 3, 2016

lb-182-243.above.com
June 26, 2015

unallocated.barefruit.co.uk
May 6, 2015

ec2-50-112-177-75.us-west-2.compute.amazonaws.com
June 21, 2014

ec2-54-201-201-245.us-west-2.compute.amazonaws.com
June 21, 2014

ec2-54-213-33-153.us-west-2.compute.amazonaws.com
March 28, 2014

ec2-54-213-26-135.us-west-2.compute.amazonaws.com
January 17, 2014

File downloads found at URLs served by ttb.123mplayer.com.

 
Latest 30 of 31 download URLs

The following 137 files have been seen to comunicate with ttb.123mplayer.com in live environments.

 
Latest 20 of 137 files

URL:
http://ttb.123mplayer.com/

Title:
“123mplayer.com - This website is for sale! - 123mplayer Resources and Information.”

Description:
“This website is for sale! 123mplayer.com is your first and best source for information about 123mplayer . Here you will also find topics relating to issues of general interest. We hope you find what you are looking for!”

Web server:
Apache (PHP/5.3.3-7+squeeze28)

Remove Malware from ttb.123mplayer.com - Powered by Reason Core Security