2.track342ut.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain 2.track342ut.com is registered by proxy through GODADDY.COM, LLC and was originally registered in January of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Remove Malware from 2.track342ut.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Tuesday, January 14, 2014

Expires date:
Wednesday, January 14, 2015

Updated date:
Wednesday, January 15, 2014

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Solimba, Threat.Solimba.Bundler, PUP.Solimba.Bundler, PUP.Softpulse.FileSetup.Bundler (M), PUP.Solimba.AppsInstaller.Installer (M), PUP.Solimba.Firseria.Bundler (M), PUP.Adknowledge.InstallManager.Installer (M), PUP.Air Software.InstallerSetup.Installer (M), PUP.AdGazelle.ClickYes.Installer (M), PUP.Solimba.Bechiro.Bundler (M), PUP.Bundlore.Bundler (M)
97.92%

Dr.Web
Adware.Downware.4802, Trojan.MulDrop5.34095, Adware.Downware.10553, Adware.Downware.4802, Trojan.SMSSend.5402, Adware.Downware.10709
81.25%

VIPRE Antivirus
Threat.4782980, Threat.4150696, Threat.4784938, DownloadMR
81.25%

avast!
Win32:Firseria-C [PUP], Adware-gen [Adw], Hoblig [Heur]
81.25%

ESET NOD32
Win32/FirseriaInstaller.K potentially unwanted application, Win32/FirseriaInstaller.L potentially unwanted application, Win32/FirseriaInstaller.M potentially unwanted application
81.25%

Malwarebytes
PUP.Optional.AppsInstaller, PUP.Optional.Firseria, PUP.Optional.Solimba, PUP.Optional.AirAdInstaller, PUP.Optional.Bundle
81.25%

K7 AntiVirus
Unwanted-Program , Trojan
81.25%

K7 Gateway Antivirus
Unwanted-Program , Trojan
81.25%

IKARUS anti.virus
AdWare.BundleApp, PUA.Solimba, PUA.FirseriaInstaller, PUA.AirAdInstaller, PUA.DownloadAssistant
81.25%

AVG
Adware BundleApp.EP, Adware BundleApp.ET, Adware BundleApp.ES, Adware BundleApp.FA, Adware BundleApp.FC, Adware BundleApp.FK
81.25%

MicroWorld eScan
Application.Bundler.Firseria.A, Gen:Variant.Application.Graftor.146451, Gen:Variant.Adware.Strictor.57453, Gen:Variant.Application.Bundler.Firseria.4
79.17%

Agnitum Outpost
PUA.Firseria, PUA.Fiseria, PUA.Agent, PUA.AirAd
79.17%

Bitdefender
Application.Bundler.Firseria.A, Gen:Variant.Application.Graftor.146451, Gen:Variant.Adware.Strictor.57453, Gen:Variant.Application.Bundler.Firseria.4
79.17%

Sophos
PUA 'Solimba Installer', AirInstaller
79.17%

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/NSIS.Agent.bk, GrayWare[AdWare:not-a-virus]/Fiseria.hy, GrayWare[AdWare:not-a-virus]/Fiseria.hv
79.17%

The domain 2.track342ut.com has been seen to resolve to the following 2 IP addresses.

ec2-107-20-149-171.compute-1.amazonaws.com
May 5, 2014

ec2-54-225-148-225.compute-1.amazonaws.com
May 5, 2014

File downloads found at URLs served by 2.track342ut.com.

1 / 68      (Adware)

1 / 68      (Adware)

15 / 68    (Adware)

43 / 68    (Adware)

1 / 68      (inconclusive)

1 / 68      (Adware)

43 / 68    (Adware)

43 / 68    (Adware)

43 / 68    (Adware)

0 / 68
http://2.track342ut.com/d/.../7206674384  (jre-8u25-windows-i586.exe)

43 / 68    (Adware)

39 / 68    (Adware)

 
Latest 30 of 170 download URLs

URL:
http://2.track342ut.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx

Remove Malware from 2.track342ut.com - Powered by Reason Core Security