clkmon.com

INTANGO

Domain Information

The domain clkmon.com registered by INTANGO was initially registered in December of 2012 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Adair, Illinois within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
ENOM, INC.

Server location:
Illinois, United States (US)

Create date:
Sunday, December 09, 2012

Expires date:
Friday, December 09, 2016

Updated date:
Thursday, November 26, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.AstroDeliveryFriedCookie.e, PUP.Tightrope.Bundler, PUP.FreeSoftware.e, Threat.Amonetize.Bundler, PUP.Outbrowse.ClickYes.Bundler (M), Threat.Win.Reputation.IMP, PUP.Air Software.Installe.Installer (M), PUP.Softpulse (M), PUP.DownloadAdmin.Bundler (M), PUP.Outbrowse (M), PUP.Vittalia (M), PUP.Tightrope (M), PUP.Air Software (M)
97.96%

Malwarebytes
PUP.Optional.Amonetize.A, PUP.Optional.FriedCookie, PUP.Optional.DownloadAdmin, PUP.Optional.BundleInstaller, PUP.Optional.InstallCore, PUP.Optional.OutBrowse
18.37%

Dr.Web
Adware.Downware.2467, Trojan.InstallCore.15, Adware.Downware.2220, Trojan.OutBrowse.6
18.37%

ESET NOD32
Win32/Amonetize.AJ (variant), Win32/InstallCore.RO (variant), Win32/DownloadAdmin (variant), Win32/InstallCore.RZ (variant)
18.37%

AVG
Generic_r, Potentially harmful program Downloader
18.37%

VIPRE Antivirus
InstallCore, DownloadAdmin, Trojan.Win32.Generic, Vittalia Installer, Amonetize, Threat.4784459
18.37%

Sophos
Amonetize, Generic PUA NP, Generic PUA FK, Generic PUA ML, Generic PUA DB, Generic PUA HA, OutBrowse
16.33%

Avira AntiVirus
ADWARE/Adware.Gen2, ADWARE/InstallCore.Gen7, ADWARE/InstallCore.Gen9
16.33%

Qihoo 360 Security
Win32/Virus.Adware.94c, HEUR/QVM42.0.Malware.Gen, Win32/Virus.Adware.f22, Win32/Trojan.Adware.37e
14.29%

Baidu Antivirus
Adware.Win32.Amonetize, Adware.Win32.InstallCore, PUA.Win32.OutBrowse
12.24%

Trend Micro House Call
Suspicious_GEN.F47V1120, Suspicious_GEN.F47V1122, TROJ_GEN.F0C2H00KM14, Suspicious_GEN.F47V1126, Suspicious_GEN.F47V1204
12.24%

Fortinet FortiGate
Riskware/InstallCore, Riskware/DownloadAdmin
10.20%

McAfee
Artemis!950E4FBCE159, Artemis!1A455B562FF2, Artemis!B4C52E5A26CA, Artemis!9F8DA35475A9, Adware-OutBrowse.c
10.20%

K7 AntiVirus
Unwanted-Program
10.20%

K7 Gateway Antivirus
Unwanted-Program
10.20%

The domain clkmon.com has been seen to resolve to the following 3 IP addresses.

108.168.157.203-static.reverse.softlayer.com
May 2, 2015

108.168.157.127-static.reverse.softlayer.com
August 1, 2014

108.168.157.82-static.reverse.softlayer.com
April 20, 2014

File downloads found at URLs served by clkmon.com.

1 / 68      (Adware)
http://clkmon.com/.../sa?cid=NBALIVEPOP&pid=&q=stream  (installer_adobe_flash_player_english.exe)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)
http://clkmon.com/.../banners?pid=15867&cid=SU1&action=r  (installer_adobe_flash_player_english.exe)

1 / 68      (Adware)

1 / 68      (Adware)
http://clkmon.com/.../sa?cid=11021-200080523921000000&pid=11021&q=93  (installer_adobe_flash_player_english.exe)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

 
Latest 30 of 1,191 download URLs

The following 11 files have been seen to comunicate with clkmon.com in live environments.

November 1, 2014

URL:
http://clkmon.com/

Title:
“Contact Us”

SSL certificate subject:
CN=clkmon.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)15, OU=GT24193224

SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:
nginx

Facebook:
Likes:  6
Shares:  37
Comments:  3

Statistics above are for the previous month of August 2017.