The domain affiliate.trk4.com is registered by proxy through NAME.COM, INC. and was originally registered in July of 2009. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Registrant:
Whois Privacy Protection Service, Inc.
Server location:
Quebec, Canada (CA)
Create date:
Tuesday, July 14, 2009
Expires date:
Thursday, July 14, 2016
Updated date:
Monday, June 22, 2015
ASN:
AS16276 OVH OVH SAS,FR
Scanner detections:
Detections (91% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.FullSpectrumInteractive.Y, PUP.Adknowledge.Bundler, PUP.DownloadAdmin.FullSpectrumInteractive.Installer (M), PUP.Air Software.AirSoftware.Bundler (M), PUP.Bundlore.Wishapp.Bundler (M), PUP.Adknowledge.InstallM.Installer (M), PUP.DownloadAdmin.FullSpec.Installer (M), PUP.DownloadAdmin.Grooveco.Installer (M), PUP.Systweak.TUNEUPPR.Installer.Meta (L), PUP.Air Software.AirSoftw.Bundler (M), PUP.DownloadAdmin (M), PUP.Tightrope (M)
100.00%
VIPRE Antivirus
Threat.4783369, DownloadAdmin, Threat.4150696, Trojan.Win32.Generic, Iminent
39.53%
Sophos
Download Admin, PUA 'Download Admin', PUA 'AirInstaller'
39.53%
Dr.Web
Adware.Downware.2220, Adware.DownloadAdmin.1, Adware.Downware.11259, Adware.Downware.2035, riskware program Program.Unwanted.1489
37.21%
NANO AntiVirus
Riskware.Win32.Downware.crgjbr, Trojan.Win32.Downware.crgjbr, Riskware.Win32.AirAdInstaller.deojhu, Riskware.Win32.AirAdInstaller.cwbkcs
32.56%
ESET NOD32
Win32/DownloadAdmin, Win32/AirAdInstaller (variant)
30.23%
Avira AntiVirus
Adware/DownloadAdmin.AL.6, Adware/DownloadAdmin.AJ.5, ADWARE/Adware.Gen
25.58%
Rising Antivirus
PE:Malware.XPACK/RDM!5.1, PE:PUF.Airinstall!1.9C4C
25.58%
avast!
Adware-OH [Adw], Win32:Adware-BZI [PUP], NSIS:Adware-OH [Adw], Win32:Installer-L [PUP]
20.93%
AVG
InstallC, Generic, Generic_r
20.93%
Malwarebytes
PUP.Optional.FullSpectrumAdmin, PUP.Optional.AirInstaller, PUP.Optional.AirAdInstaller
20.93%
K7 AntiVirus
Unwanted-Program
18.60%
herdProtect (fuzzy)
a variant of 8cc78823db2bf1f1a497642ec5299230f6be17f3, a variant of 826ef148d2f34b4be1519911fb7b422ae6c50ac9
11.63%
ESET NOD32
Win32/DownloadAdmin.G potentially unwanted application, Win32/AirAdInstaller.A potentially unwanted application
9.30%
F-Secure
Adware:W32/WebInstallBundle
9.30%
The domain affiliate.trk4.com has been seen to resolve to the following 4 IP addresses.
cloudproxy72.sucuri.net
April 14, 2014
cloudproxy132.sucuri.net
April 14, 2014
cloudproxy131.sucuri.net
April 14, 2014
File downloads found at URLs served by affiliate.trk4.com.
Latest 30 of 82 download URLs
The following 2 files have been seen to comunicate with affiliate.trk4.com in live environments.
URL:
http://affiliate.trk4.com/
SSL certificate subject:
CN=*.trk4.com
SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US
Web server:
Sucuri/Cloudproxy