home

www.mp3rocketranchcapital.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
mp3rocketranchcapital.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/OpenCandy.E potentially unsafe (variant)
100.00%

Dr.Web
Adware.OpenCandy.171
100.00%

McAfee
Artemis!BDD0ECAADCE1
100.00%

Baidu Antivirus
Adware.Win32.OpenCandy
100.00%

Fortinet FortiGate
Riskware/OpenCandy
100.00%

Reason Heuristics
Win32.Generic.SCCE.Installer.Meta
100.00%

K7 AntiVirus
Unwanted-Program
100.00%

Zillya! Antivirus
Downloader.Agent.Win32.260269
100.00%

Qihoo 360 Security
HEUR/QVM41.2.Malware.Gen
100.00%

Bkav FE
W32.HfsAdware
100.00%

Kaspersky
not-a-virus:Downloader.Win32.Agent
100.00%

Agnitum Outpost
Riskware.Agent
100.00%

Sophos
Generic PUA JB
100.00%

VIPRE Antivirus
Opencandy
100.00%

G Data
Win32.Trojan.Agent.95WKEY
100.00%

The domain www.mp3rocketranchcapital.com has been seen to resolve to the following 10 IP addresses.

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
June 5, 2016

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
June 5, 2016

52.33.165.25
ec2-52-33-165-25.us-west-2.compute.amazonaws.com
June 5, 2016

52.32.12.104
ec2-52-32-12-104.us-west-2.compute.amazonaws.com
June 5, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 21, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 21, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 21, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 21, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 21, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 21, 2016

File downloads found at URLs served by www.mp3rocketranchcapital.com.

20 / 68    (PUP)
http://www.mp3rocketranchcapital.com/c?x=/437lMccayih3RTseZCqgjgPO 6tZwcnya28o74/FX8=&c=rYXq9CnDJgdpUGIdDmjVvKYHKOXnfTQrweSaPq2e92 fOjo1OFPc/jwLt7VraD5cycdXei6LyO49Fi t1mJ3EoOszbAsT6jg2nKOvXEEy3uiPA9Bb07aWCBhnUsNIrOjVBwhZn2uHWud Ht0sSELEFa5H6sRKZvuAdawyjN62 Y=&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.imusicsearch.com/.../mp3rocket.exe  (bdd0ecaadce1d7418a78ecd492de1f77)

20 / 68    (PUP)
http://www.mp3rocketranchcapital.com/c?x=1MolFrdP/r00TTsdMeSlmwxulPzHr/cQyzu83QfFIxU=&c=hD9IfOg6hwjNinn6VZg9prEOx2kwyRotoHlCa0kW8ZF tVjEVmUGIKOlWfXtxANvWGzAzrpQCNB5ndu8In22u2/YQWozqDOtBDTjZRYPSFqRRHmcPRt5kOCqpmnl7ToTzCtEfnTAeuJ/8nt8TXTc6DvoDYyedqMNbYE7T 6GmMU=&downloadAs=MP3Rocket_Setup.exe&fallback_url=http://www.safefiles.net/.../mp3rocket.exe  (bdd0ecaadce1d7418a78ecd492de1f77)

The following 18 files have been seen to comunicate with www.mp3rocketranchcapital.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.38.209.219:80
3.9.0.128_20140916045038.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
e5be.tmp

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

TCP » 52.38.209.219:80
client.exe

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.38.209.219:80
kmplayer 3.8.0.117 -[www.patoghu.com].exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
KMPlayer_3.9.0.126.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
3.9.0.125_20140702035547.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.38.209.219:80
online-guardian-v2.0.9.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.