The domain global.ymtrack.com is registered by proxy through GODADDY.COM, LLC and was originally registered in June of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrant:
Domains By Proxy, LLC
Registrar:
GODADDY.COM, LLC
Server location:
Virginia, United States (US)
Create date:
Friday, June 3, 2011
Expires date:
Friday, June 3, 2016
Updated date:
Saturday, April 27, 2013
ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US
Scanner detections:
Detections (96% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.XianDianyiInfoTechCoLtd.N, PUP.Installer.NanningweiwuTechnologycoltd.F, PUP.PluginUpdateSL.O, PUP.Installer.GuangzhouShibeiInformationTechnologyCo, Threat.XianDianyiInfoTech, PUP.Solimba.AppsInstaller.Installer (M), PUP.Solimba.Firseria.Bundler (M), PUP.Solimba.PopelerSystemsl.Bundler (M), PUP.GuangzhouShibeiInformationTechnologyCo.Bundler (M), PUP.Guangzho.Installer (M), PUP.SquareNe (M), PUP.Softpulse.PluginUp.Bundler (M), PUP (M)
100.00%
Comodo Security
Application.Win32.VOPackage.AGEE, Application.Win32.SoftPulse.W, Application.Win32.SquareNet.C, Application.Win32.Firseria.MAP
33.33%
Sophos
Square Network Installer, SoftPulse, PUA 'Solimba Installer'
33.33%
VIPRE Antivirus
Threat.4150696, Threat.4783235, Threat.4782980
33.33%
avast!
Win32:Malware-gen, Win32:SoftPulse-AH [PUP], Win32:Rootkit-gen [Rtk], Win32:PUP-gen [PUP], Win32:Firseria-C [PUP]
33.33%
AVG
Generic, Adware BundleApp_r
33.33%
Dr.Web
Adware.Conduit.47, Trojan.DownLoader11.24441, Trojan.Starter.3337, Adware.Downware.9416, Trojan.MulDrop5.34679
29.17%
IKARUS anti.virus
PUA.SquareNet, PUA.SoftPulse, AdWare.BundleApp
29.17%
Panda Antivirus
Trj/Genetic.gen, Adware/Solimba
29.17%
Agnitum Outpost
Riskware.Agent, PUA.Firseria
29.17%
MicroWorld eScan
Gen:Variant.Graftor.141303, Gen:Variant.Adware.Zusy.107390, Trojan.Generic.12468388, Gen:Variant.Application.Bundler.Kazy.132995
25.00%
Bitdefender
Gen:Variant.Graftor.141303, Gen:Variant.Adware.Zusy.107390, Trojan.Generic.12468388, Gen:Variant.Application.Bundler.Kazy.132995
25.00%
G Data
Gen:Variant.Graftor.141303, Gen:Variant.Adware.Zusy.107390, Trojan.Generic.12468388, Gen:Variant.Application.Bundler, Application.Bundler.Firseria
25.00%
Microsoft Security Essentials
Threat.Undefined, SoftwareBundler:Win32/SquareNet
25.00%
ESET NOD32
Win32/SquareNet.C potentially unwanted application, Win32/SquareNet.A potentially unwanted application, Win32/FirseriaInstaller.S potentially unwanted application
25.00%
The domain global.ymtrack.com has been seen to resolve to the following 6 IP addresses.
ec2-54-88-182-182.compute-1.amazonaws.com
February 23, 2016
ec2-54-172-34-43.compute-1.amazonaws.com
March 31, 2015
ec2-54-172-94-246.compute-1.amazonaws.com
March 31, 2015
ec2-54-85-6-99.compute-1.amazonaws.com
September 15, 2014
ec2-54-84-169-27.compute-1.amazonaws.com
July 10, 2014
ec2-54-85-179-72.compute-1.amazonaws.com
July 10, 2014
File downloads found at URLs served by global.ymtrack.com.
The following 3 files have been seen to comunicate with global.ymtrack.com in live environments.
URL:
http://global.ymtrack.com/
Title:
“Redirector of YeahMobi”
Network:
Amazon Web Services (AWS), running an EC2 instance