dls.mplayerdownloader.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dls.mplayerdownloader.com is registered by proxy through GODADDY.COM, LLC and was originally registered in March of 2016. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Monday, March 7, 2016

Expires date:
Tuesday, March 7, 2017

Updated date:
Saturday, March 12, 2016

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Comodo Security
UnclassifiedMalware, Application.Win32.Downloader.Agent.WA, Application.Win32.DolmaIQ.~zq, ApplicUnwnt, Application.Win32.AdWare.Agent.~A
100.00%

Dr.Web
Adware.W3i.29, Adware.W3i.20
100.00%

VIPRE Antivirus
DomaIQ
100.00%

Avira AntiVirus
APPL/DomaIQ.Gen, APPL/DomalQ.C, APPL/DomaIQ.Gen7
100.00%

ESET NOD32
Win32/DomaIQ
100.00%

AVG
MalSign.Skodna, Skodna.Bundle, Skodna.Generic_c, Suspicion: unknown virus, Agent.L, DomaIQ
100.00%

Reason Heuristics
PUP.Awimba.W, PUP.TUGUUSL.X, PUP.Tuguu, PUP.Installer.Awimba
100.00%

Malwarebytes
Adware.DomaIQ, PUP.FakeFlash.Domaiq
93.33%

avast!
Win32:DomaIQ-AI [PUP], MSIL:DomaIQ-F [PUP], NSIS:DomaIQ-C [PUP], Win32:PUP-gen [PUP], Win32:DomaIQ-M [PUP], Win32:DomaIQ-E [PUP]
93.33%

Sophos
DomainIQ pay-per install, Generic PUA CF
93.33%

McAfee
Artemis!FBC01F93E69E, Artemis!7332FD7290B2, Artemis!F96E65950B8B, RDN/Generic PUP.z!dj, Artemis!C2E09F9C9792, Artemis!463CF1466177, Artemis!3D819D469A1D, Artemis!70C4DD31956B, Artemis!AC6761AD0568, Artemis!8A9F19603E8B
86.67%

Trend Micro House Call
TROJ_GE.8A30F985, TROJ_GEN.RCBOHCV, TROJ_GEN.R2SCPET13, TROJ_SPNR.03HA13, TROJ_GEN.R0CBC0PHU13, TROJ_GEN.R0JB1EG, TROJ_GEN.R47CPF2
86.67%

G Data
NSIS.Application.DomalQ, Adware.Downloadware.AK, NSIS.Application.DomaIQ, Adware.Generic.623971, Adware.Agent.NPO, Adware.Generic.581938
86.67%

Fortinet FortiGate
W32/DomaIQ.C, Riskware/DomaIQ.C!tr, Adware/DomainIQ, Adware/Fam.NB, W32/DomaIQ.I, W32/Agent.HUUT!tr, W32/DomaIQ.D
86.67%

IKARUS anti.virus
APPL, AdWare.Win32.InstallIQ, AdWare.DomaIQ, Trojan-Ransom.Win32.Blocker, AdWare.Agent, Win32.SuspectCrc, Trojan.Win32.Ceatrg
80.00%

The domain dls.mplayerdownloader.com has been seen to resolve to the following 13 IP addresses.

June 4, 2016

April 19, 2016

April 13, 2016

April 7, 2016

unallocated.barefruit.co.uk
May 3, 2015

September 5, 2014

September 3, 2014

August 13, 2014

August 13, 2014

July 7, 2014

May 30, 2014

May 30, 2014

May 1, 2014

File downloads found at URLs served by dls.mplayerdownloader.com.

23 / 68    (Adware)

23 / 68    (Adware)

20 / 68    (Adware)

24 / 68    (Adware)

27 / 68    (Adware)

20 / 68    (Adware)

24 / 68    (Adware)

22 / 68    (Adware)

24 / 68    (Adware)

24 / 68    (Adware)

19 / 68    (Adware)

19 / 68    (Adware)

16 / 68    (Adware)

22 / 68    (Adware)

22 / 68    (Adware)

22 / 68    (Adware)

24 / 68    (Adware)

24 / 68    (Adware)

24 / 68    (Adware)

22 / 68    (Adware)

24 / 68    (Adware)

20 / 68    (Adware)

24 / 68    (Adware)

28 / 68    (Adware)

15 / 68    (Adware)

16 / 68    (Adware)

24 / 68    (Adware)

24 / 68    (Adware)

24 / 68    (Adware)

 
Latest 30 of 57 download URLs

The following 230 files have been seen to comunicate with dls.mplayerdownloader.com in live environments.

 
Latest 20 of 230 files

URL:
http://dls.mplayerdownloader.com/

Title:
“The checkered past of Groupon’s chairman - Fortune”

Description:
“Groupon's largest shareholder and chairman, Eric Lefkofsky, has a back story investors might want to know.”

Web server:
nginx