home

ttb.mediaplayertotal.com

China Capital Investment Limited

Domain Information

The domain ttb.mediaplayertotal.com registered by China Capital Investment Limited was initially registered in December of 2015 through SOLUCIONES CORPORATIVAS IP,SLU. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
INTERWEB ADVERTISING D.B.A. PROFILE BUILDER

Server location:
Oregon, United States (US)

Create date:
Tuesday, December 8, 2015

Expires date:
Thursday, December 8, 2016

Updated date:
Tuesday, December 8, 2015

Root domain:
mediaplayertotal.com

Whois:
3 mediaplayertotal.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.tuguusl.M, PUP.Installer.TuguuSL.F, Threat.Tuguu.Bundler, PUP.Tuguu.TuguuSL.Bundler (M), PUP.Air Software.AirSoftware.Bundler (M), PUP.Tuguu.Bundler (M), PUP.Tuguu.TuguuIsrael.Bundler (M), PUP.Tuguu.TuguuU.Bundler (M), PUP.Tuguu.TuguuIsr.Bundler (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Softpulse (M)
94.44%

Dr.Web
Adware.Downware.1823, Adware.Downware.2035, Trojan.PackedENT.24553
16.67%

VIPRE Antivirus
Threat.4150696, Iminent, Threat.4657539
16.67%

McAfee
Adware-DomaIQ, Program.Adware-DomaIQ
11.11%

avast!
Win32:DomaIQ-CM [PUP], Win32:Installer-L [PUP]
11.11%

ESET NOD32
Win32/DomaIQ.AS potentially unwanted application, MSIL/DomaIQ.B potentially unwanted application
11.11%

AVG
Adware Skodna.Generic_r
11.11%

Kaspersky
not-a-virus:AdWare.Win32.Lollipop, not-a-virus:AdWare.Win32.AirAdInstaller
11.11%

Malwarebytes
PUP.Optional.BundleInstaller.A, PUP.Optional.AirAdInstaller
11.11%

K7 AntiVirus
Unwanted-Program
11.11%

Comodo Security
Application.Win32.Agent.D, Application.Win32.AirAdInstaller.A
11.11%

Sophos
PUA 'DomainIQ pay-per install', AirInstaller
11.11%

Vba32 AntiVirus
BScope.Downware.DomaIQ, AdWare.AirAdInstaller.ajov
11.11%

Rising Antivirus
PE:PUF.DomaIQ!1.9EEB, PE:PUF.Airinstall!1.9C4C
11.11%

IKARUS anti.virus
PUA.Tuguu, Win32.Malware
11.11%

The domain ttb.mediaplayertotal.com has been seen to resolve to the following 7 IP addresses.

192.230.92.93
192.230.92.93.ip.incapdns.net
September 15, 2016

199.83.132.93
199.83.132.93.ip.incapdns.net
July 21, 2016

104.130.124.96
April 9, 2016

50.56.218.189
50-56-218-189.static.cloud-ips.com
February 13, 2016

54.149.159.30
ec2-54-149-159-30.us-west-2.compute.amazonaws.com
May 5, 2015

52.10.156.255
ec2-52-10-156-255.us-west-2.compute.amazonaws.com
May 5, 2015

54.218.45.67
ec2-54-218-45-67.us-west-2.compute.amazonaws.com
January 6, 2014

File downloads found at URLs served by ttb.mediaplayertotal.com.

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=10_82509407_05c4bb42-528b-4ac8-bafb-670bf457f4a8&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=10_57646489_638f1f4a-03b0-4d6a-8118-a6ccdf0cf229&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=12_25453587_bfe58fd1-2232-45fe-a380-c78b5b709cf2&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../tNPSOu8k?ClickID=12_82854873_828ccca9-b8da-441a-94e3-c61b2d5331b1&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=11_96176842_0b8a5cc9-3ce1-4230-9e73-962decdc4995&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=10_83377639_91a8f5a8-7e4c-44bd-a414-804270bcd642&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=10_83377639_91a8f5a8-7e4c-44bd-a414-804270bcd642&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=12_49939155_d1c340a4-0798-486a-96b6-1abdf557b261&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=12_67514725_af0d5424-7f17-491a-8247-c9d363b97023&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=10_38184132_9d0dc58f-33ef-43a0-884d-7ad768f78b3b&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../tNPSOu8k?ClickID=12_88295690_67510ec7-02da-4d69-9a31-d1c395fb2330&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=10_65153749_4f1a5dc2-ab9e-4ef5-8cda-a820d2a69e12&PubID=178884  (setup.exe)

20 / 68    (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=11_85903569_ae5c7a4f-d933-4db8-81cd-8c48f30c4f5d&PubID=178884  (setup.exe)

4 / 68      (PUP)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=10_65153749_4f1a5dc2-ab9e-4ef5-8cda-a820d2a69e12&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=10_69507993_e264d205-b96b-4a17-b2ca-15200d1e6daa&PubID=178884  (setup.exe)

29 / 68    (Adware)
http://ttb.mediaplayertotal.com/download/request/.../tNPSOu8k?ClickID=12_92201380_a42d67d1-6099-42a8-9d27-53f53b51fc52&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../kPoaL1M0?ClickID=10_88479474_c0585b2b-700e-4238-b48c-564e265b7aee&PubID=178884  (setup.exe)

1 / 68      (Adware)
http://ttb.mediaplayertotal.com/download/request/.../CWqfrWk9?ClickID=kqR-Mva1MmHEQW3FjTFsu2YlnbzD65q4WJb82_ohhnijb5kPR1buSaZZohqmzzQBeWozOudye8lq_2xWgL3WReVX47m-QsKZww3kE-F-dYrd6eokkKnI_MpW0TqKZJ07RpYOwsF6QIjc22PCOV2q3SOxx0vA7dmpFIxOVL77iflvzlAKdb7c22BI5PuHUwh3NRgzRXKBIaV_86h63EahVxCMnkr1XTHR4SYjAQfjj_R8oanncTT6wyn1v-ZJRV_f6nCogCQPZKvWf0_mMzcI2IB7DRCGxI4-U8OoIF0hDnO5eHnqMWiyt24bDvvzU5JnU-cSM9Lc7batWsxfUGlGArAKNI0lUSkRvr8MqwsAFkqq7n8nJS898aI2LJhJKBjGq5X8fzUcdPPg  (player_setup.exe)

The following 64 files have been seen to comunicate with ttb.mediaplayertotal.com in live environments.

TCP » 54.149.159.30:80
HostSecure.exe (ExtFirefox by Microsoft)

TCP » 52.10.156.255:80
HostSecure.exe (ExtFirefox by Microsoft)

TCP » 54.149.159.30:80
browser.exe (speed browser by Smart Applications)

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

TCP » 50.56.218.189:443
translategenius.crx

 
Latest 20 of 67 files

URL:
http://ttb.mediaplayertotal.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.8.1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.