affiliate.trk4.com

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain affiliate.trk4.com is registered by proxy through NAME.COM, INC. and was originally registered in July of 2009. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Registrar:
NAME.COM, INC.

Server location:
Quebec, Canada (CA)

Create date:
Tuesday, July 14, 2009

Expires date:
Thursday, July 14, 2016

Updated date:
Monday, June 22, 2015

ASN:
AS16276 OVH OVH SAS,FR

Root domain:

Scanner detections:
Detections  (91% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.FullSpectrumInteractive.Y, PUP.Adknowledge.Bundler, PUP.DownloadAdmin.FullSpectrumInteractive.Installer (M), PUP.Air Software.AirSoftware.Bundler (M), PUP.Bundlore.Wishapp.Bundler (M), PUP.Adknowledge.InstallM.Installer (M), PUP.DownloadAdmin.FullSpec.Installer (M), PUP.DownloadAdmin.Grooveco.Installer (M), PUP.Systweak.TUNEUPPR.Installer.Meta (L), PUP.Air Software.AirSoftw.Bundler (M), PUP.DownloadAdmin (M), PUP.Tightrope (M)
100.00%

VIPRE Antivirus
Threat.4783369, DownloadAdmin, Threat.4150696, Trojan.Win32.Generic, Iminent
39.53%

Sophos
Download Admin, PUA 'Download Admin', PUA 'AirInstaller'
39.53%

Dr.Web
Adware.Downware.2220, Adware.DownloadAdmin.1, Adware.Downware.11259, Adware.Downware.2035, riskware program Program.Unwanted.1489
37.21%

NANO AntiVirus
Riskware.Win32.Downware.crgjbr, Trojan.Win32.Downware.crgjbr, Riskware.Win32.AirAdInstaller.deojhu, Riskware.Win32.AirAdInstaller.cwbkcs
32.56%

ESET NOD32
Win32/DownloadAdmin, Win32/AirAdInstaller (variant)
30.23%

Avira AntiVirus
Adware/DownloadAdmin.AL.6, Adware/DownloadAdmin.AJ.5, ADWARE/Adware.Gen
25.58%

Rising Antivirus
PE:Malware.XPACK/RDM!5.1, PE:PUF.Airinstall!1.9C4C
25.58%

avast!
Adware-OH [Adw], Win32:Adware-BZI [PUP], NSIS:Adware-OH [Adw], Win32:Installer-L [PUP]
20.93%

AVG
InstallC, Generic, Generic_r
20.93%

Malwarebytes
PUP.Optional.FullSpectrumAdmin, PUP.Optional.AirInstaller, PUP.Optional.AirAdInstaller
20.93%

K7 Gateway Antivirus
Unwanted-Program
18.60%

K7 AntiVirus
Unwanted-Program
18.60%

McAfee Web Gateway
Artemis!A0A07A0783A8, Artemis!C035D6A95738, BehavesLike.Win32.Downloader.hc, BehavesLike.Win32.Downloader.dc, Artemis!A1ACDC24CC9B
13.95%

Kingsoft AntiVirus
Win32.Troj.AirAdInstall.fv.(kcloud), Win32.Troj.Generic.a.(kcloud), Win32.Troj.AirAdInstall.bb.(kcloud)
13.95%

The domain affiliate.trk4.com has been seen to resolve to the following 4 IP addresses.

May 3, 2015

cloudproxy72.sucuri.net
April 14, 2014

cloudproxy132.sucuri.net
April 14, 2014

cloudproxy131.sucuri.net
April 14, 2014

File downloads found at URLs served by affiliate.trk4.com.

1 / 68      (Adware)

1 / 68      (PUP)

1 / 68      (Adware)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

 
Latest 30 of 82 download URLs

The following 2 files have been seen to comunicate with affiliate.trk4.com in live environments.

URL:
http://affiliate.trk4.com/

Title:
“W4”

SSL certificate subject:
CN=*.trk4.com

SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:
Sucuri/Cloudproxy