www.getmplayer.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain www.getmplayer.com is registered by proxy through GODADDY.COM, LLC and was originally registered in October of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Remove Malware from www.getmplayer.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Dublin City, Ireland (IE)

Create date:
Monday, October 26, 2015

Expires date:
Wednesday, October 26, 2016

Updated date:
Monday, October 26, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:

Scanner detections:
Detections  (89% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.TUGUUSL.F, PUP.Installer.TuguuSL.F, PUP.Installer.DIGITALPLUGINSL.F, PUP.Tuguu.Bundler (M), PUP.Tuguu.TuguuSL.Bundler (M)
100.00%

McAfee
Adware-DomaIQ!0BB7ACB81211, PUP-FJP!A7B6F2064873, CryptDomaIQ
37.50%

K7 Gateway Antivirus
Unwanted-Program
37.50%

K7 AntiVirus
Unwanted-Program
37.50%

Agnitum Outpost
PUA.Lollipop, PUA.DomaIQ, PUA.Downloader
37.50%

avast!
Win32:DomaIQ-T [PUP], DomaIQ-CC [PUP], Win32:SoftPulse-R [PUP]
37.50%

Dr.Web
Adware.Downware.2479, Adware.Downware.3952, Trojan.Packed.26956
37.50%

VIPRE Antivirus
DomaIQ, Threat.4783235, Threat.4150696
37.50%

Avira AntiVirus
APPL/DomaIQ.A.10, APPL/DomaIQ.Gen, APPL/Downloader.Gen
37.50%

Sophos
DomainIQ pay-per install, SoftPulse
37.50%

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/Win32.Lollipop, GrayWare[AdWare:not-a-virus]/MSIL.DomaIQ, RiskWare[Downloader:not-a-virus]/Win32.Agent
37.50%

AVG
DomaIQ, Generic
37.50%

Panda Antivirus
PUP/MultiToolbar.A, Trj/Genetic.gen
37.50%

Malwarebytes
PUP.Optional.DomalQ, PUP.Optional.DomaIQ
25.00%

Kaspersky
not-a-virus:AdWare.Win32.Lollipop, not-a-virus:AdWare.MSIL.DomaIQ
25.00%

The domain www.getmplayer.com has been seen to resolve to the following 9 IP addresses.

February 9, 2016

ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
January 6, 2016

ec2-54-186-83-158.us-west-2.compute.amazonaws.com
August 28, 2014

ec2-54-244-30-115.us-west-2.compute.amazonaws.com
August 28, 2014

ec2-54-201-9-67.us-west-2.compute.amazonaws.com
April 14, 2014

ec2-54-201-153-98.us-west-2.compute.amazonaws.com
April 14, 2014

ec2-54-201-189-9.us-west-2.compute.amazonaws.com
April 14, 2014

ec2-54-218-30-251.us-west-2.compute.amazonaws.com
April 14, 2014

ec2-54-200-4-93.us-west-2.compute.amazonaws.com
April 14, 2014

File downloads found at URLs served by www.getmplayer.com.

1 / 68      (Adware)
http://www.getmplayer.com/.../Setup.exe  (37f3edaeafa6bccdd23749936c49baab)

1 / 68      (Adware)
http://www.getmplayer.com/.../Setup.exe  (fdff49e47dbd657eb9df066ddfbf2cec)

1 / 68      (Adware)
http://www.getmplayer.com/.../Setup.exe  (fb8fcd64eb615c7baa5aa7df91945294)

1 / 68      (Adware)
http://www.getmplayer.com/.../Setup.exe  (08eddc34eaaed6b6f5e7e491acc89fc9)

0 / 68
http://www.getmplayer.com/.../Setup.exe  (d88462e6d8cfc3c297e0072880b00337)

29 / 68    (Adware)
http://www.getmplayer.com/.../Setup.exe  (a7999f9f3034e1423adb979e95a263b8)

24 / 68    (Adware)
http://www.getmplayer.com/.../Setup.exe  (aeed0ae6d320b94b7834199c56725943)

1 / 68      (Adware)
http://www.getmplayer.com/.../Setup.exe  (9af9f2fe5179ec3ca770de7cb5b9c555)

20 / 68    (Adware)
http://www.getmplayer.com/.../Setup.exe  (0bb7acb81211cbaa22899f056111860b)

The following 10 files have been seen to comunicate with www.getmplayer.com in live environments.

URL:
http://www.getmplayer.com/

Title:
“Loading”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.8.0

Facebook:
Likes:  1
Shares:  3

Statistics are for the previous month.

Remove Malware from www.getmplayer.com - Powered by Reason Core Security