clkmon.com

INTANGO

Domain Information

The domain clkmon.com registered by INTANGO was initially registered in December of 2012 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Adair, Illinois within the United States which resides on the SoftLayer Technologies Inc. network.
Remove Malware from clkmon.com - Powered by Reason Core Security
Registrar:
ENOM, INC.

Server location:
Illinois, United States (US)

Create date:
Sunday, December 09, 2012

Expires date:
Friday, December 09, 2016

Updated date:
Thursday, November 26, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Amonetizeltd.h, Threat.Win.Reputation.IMP, PUP.Tightrope.Bundler, PUP.AstroDeliveryFriedCookie.e, PUP.FreeSoftware.e, PUP.Bundler.Outbrowse, PUP.CodeTechno.Installer (M), PUP.OnekitInternet.Bundler (M), PUP.Outbrowse.STARTnow.Bundler (M), PUP.Softpulse.PluginUpdate.Bundler (M), PUP.DownloadAdmin.CodeTechno.Installer (M), PUP.Outbrowse.ClickYes.Bundler (M), PUP.Softpulse.DIGITALPLUGINU.Bundler (M), PUP.Outbrowse.BESTAPP.Bundler (M)
100.00%

VIPRE Antivirus
Amonetize, Trojan.Win32.Generic, InstallCore, DownloadAdmin, Vittalia Installer, Threat.4782551, Threat.4784459, Threat.4783369
43.75%

AVG
Generic_r, Potentially harmful program Downloader.CKH, Win.Threat.High
43.75%

Dr.Web
Adware.Downware.2467, Adware.Downware.3925, Adware.Downware.2220, Trojan.InstallCore.15, Trojan.DownLoad3.35287, Trojan.OutBrowse.6
41.67%

Avira AntiVirus
ADWARE/Adware.Gen2, ADWARE/InstallCore.Gen7, ADWARE/InstallCore.Gen9, APPL/OutBrowse.pao, PUA/InstallCore.Gen, APPL/InstallCo.ewbs
41.67%

Malwarebytes
PUP.Optional.Amonetize.A, PUP.Optional.DownloadAdmin, PUP.Optional.FriedCookie, PUP.Optional.BundleInstaller, PUP.Optional.Monetizer
37.50%

Sophos
Amonetize, Generic PUA JK, Generic PUA OL, Generic PUA NP, Generic PUA DP, Generic PUA FK, Generic PUA DB, OutBrowse Revenyou
37.50%

McAfee
RDN/Generic PUP.x!c2a, Artemis!4AE5FBFAF099, Artemis!152897CDF91D, Artemis!8B5610DF4C56, Artemis!950E4FBCE159, Artemis!B4C52E5A26CA, Artemis!BEB404AD92A9, Artemis!311D5B7138E3
37.50%

Fortinet FortiGate
Riskware/Amonetize, Riskware/DownloadAdmin, Riskware/InstallCore, Riskware/OutBrowse, Adware/SoftPulse.R, W32/Kryptik.BWOY!tr
37.50%

ESET NOD32
Win32/Amonetize.AJ (variant), Win32/Amonetize.AS (variant), Win32/DownloadAdmin (variant), Win32/InstallCore.RG (variant)
35.42%

McAfee Web Gateway
Artemis!8A664A9D128C, BehavesLike.Win32.Downloader.cc, BehavesLike.Win32.AdwareAmonetize.fh, Adware-OutBrowse.c, BehavesLike.Win32.CasOnline.tc
35.42%

Baidu Antivirus
Adware.Win32.Amonetize, Adware.Win32.InstallCore, PUA.Win32.Vittalia, PUA.Win32.OutBrowse, PUA.Win32.SoftPulse
33.33%

Trend Micro House Call
TROJ_GEN.F47V0525, Suspicious_GEN.F47V1118, Suspicious_GEN.F47V1120, Suspicious_GEN.F47V1122, Suspicious_GEN.F47V1126, Suspicious_GEN.F47V1203
31.25%

AhnLab V3 Security
PUP/Win32.Amonetiz, PUP/Win32.Downware, PUP/Win32.DownloadManager, PUP/Win32.SoftPulse, Win-PUP/SoftPulse
29.17%

K7 AntiVirus
Unwanted-Program , Trojan
29.17%

The domain clkmon.com has been seen to resolve to the following 3 IP addresses.

108.168.157.203-static.reverse.softlayer.com
May 2, 2015

108.168.157.127-static.reverse.softlayer.com
August 1, 2014

108.168.157.82-static.reverse.softlayer.com
April 20, 2014

File downloads found at URLs served by clkmon.com.

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Malware)
http://clkmon.com/.../sa?cid=CRSRDR-200093404600000000  (flashplayersetup__2583_i698930742_il9.exe)

10 / 68    (Adware)
http://clkmon.com/.../sa?cid=CRSRDR-200118821000000000  (flashplayersetup__6595_i550259422_il111.exe)

8 / 68      (Adware)

1 / 68      (Malware)
http://clkmon.com/.../sa?cid=CRSRDR-200097121000000000  (flashplayersetup__2583_i689339787_il9.exe)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

10 / 68    (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (PUP)
http://clkmon.com/.../sa?cid=12060-3263570&q=mario racing games  (installer_adobe_flash_player_english.exe)

31 / 68    (PUP)
http://clkmon.com/.../sa?cid=CRSRDR-200068617300000000&q=Biography.com  (flashplayersetup__2583_i701201362_il9.exe)

 
Latest 30 of 238 download URLs

The following 4 files have been seen to comunicate with clkmon.com in live environments.

November 1, 2014

URL:
http://clkmon.com/

Title:
“Contact Us”

SSL certificate subject:
CN=clkmon.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)15, OU=GT24193224

SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:
nginx

Facebook:
Likes:  6
Shares:  37
Comments:  3

Statistics above are for the previous month of November 2016.

Remove Malware from clkmon.com - Powered by Reason Core Security