affiliate.trk4.com

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain affiliate.trk4.com is registered by proxy through NAME.COM, INC. and was originally registered in July of 2009. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Remove Malware from affiliate.trk4.com - Powered by Reason Core Security
Registrar:
NAME.COM, INC.

Server location:
Quebec, Canada (CA)

Create date:
Tuesday, July 14, 2009

Expires date:
Thursday, July 14, 2016

Updated date:
Monday, June 22, 2015

ASN:
AS16276 OVH OVH SAS,FR

Root domain:

Scanner detections:
Detections  (87% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.FullSpectrumInteractive.Y, PUP.Installer.Groovecom.Y, DownloadManager.AirSoftware.F, PUP.Installer.InstallManager.F, PUP.Adknowledge.Bundler, PUP.DownloadAdmin.FullSpectrumInteractive.Installer (M)
100.00%

VIPRE Antivirus
DownloadAdmin, Iminent, Threat.4783369, Threat.4784938, Threat.4150696, Trojan.Win32.Generic
85.29%

NANO AntiVirus
Trojan.Win32.Downware.crgjbr, Riskware.Win32.Downware.crgjbr, Riskware.Win32.AirAdInstaller.cwbkcs, Riskware.Win32.AirAdInstaller.dafqnz
79.41%

Sophos
Download Admin, PUA 'Download Admin', AirInstaller, PUA 'AirInstaller'
73.53%

Dr.Web
Adware.Downware.2220, Trojan.Vittalia.81, Adware.Downware.2035, Trojan.SMSSend.4979, Trojan.SMSSend.5095, Adware.DownloadAdmin.1
73.53%

AVG
MalSign.InstallC, Generic_r, Adware BundleApp.CP, Skodna.Downloader, Adware Generic5.AVSL
52.94%

ESET NOD32
Win32/DownloadAdmin, Win32/AirAdInstaller (variant)
47.06%

Avira AntiVirus
W32/Virut.Gen, ADWARE/Adware.Gen, Adware/DownloadAdmin.AL.6, Adware/DownloadAdmin.AJ.5
47.06%

avast!
Win32:Installer-L [PUP], PUP-gen [PUP], Adware-OH [Adw], Win32:Adware-gen [Adw], Adware-SJ [PUP], Win32:Adware-BZI [PUP]
47.06%

Malwarebytes
PUP.Optional.BundleInstaller.A, PUP.Optional.FullSpectrumAdmin, PUP.Optional.AirInstaller, PUP.Optional.AirAdInstaller
44.12%

Rising Antivirus
PE:Malware.XPACK/RDM!5.1, PE:PUF.Airinstall!1.9C4C
44.12%

K7 AntiVirus
Unwanted-Program
38.24%

K7 Gateway Antivirus
Unwanted-Program
38.24%

ESET NOD32
Win32/DownloadAdmin.G potentially unwanted application, Win32/AirAdInstaller.A potentially unwanted application
38.24%

F-Secure
Application.Bundler.L, Adware:W32/WebInstallBundle
26.47%

The domain affiliate.trk4.com has been seen to resolve to the following 4 IP addresses.

May 3, 2015

cloudproxy72.sucuri.net
April 14, 2014

cloudproxy132.sucuri.net
April 14, 2014

cloudproxy131.sucuri.net
April 14, 2014

File downloads found at URLs served by affiliate.trk4.com.

 
Latest 30 of 47 download URLs

The following 2 files have been seen to comunicate with affiliate.trk4.com in live environments.

URL:
http://affiliate.trk4.com/

Title:
“W4”

SSL certificate subject:
CN=*.trk4.com

SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:
Sucuri/Cloudproxy

Remove Malware from affiliate.trk4.com - Powered by Reason Core Security