tr.im

Domain Information

Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Scanner detections:
Detections  (67% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.OOOSoftMedia.R, PUP.Installer.iDatixCorporation.U, Threat.Win.Reputation.IMP, Threat.InstallMonster.DIREKTTUR, PUP.OOOSoftM (M), PUP.InstallCore.RE11 (M), PUP.NewMedia.NMH.Bundler (M), PUP.Softpulse (M), PUP.InstallCore.AC (M)
60.00%

Dr.Web
Adware.Downware.1666, Trojan.DownLoader12.990, Trojan.InstallMonster, Detection.Undefined, Trojan.InstallMonster.146
33.33%

avast!
Win32:Adware-gen [Adw], Win32:GenMalicious-BCZ [Trj], Win32:Malware-gen
26.67%

ESET NOD32
Win32/RiskWare.Chindo.S application, Win32/InstallMonstr.EI potentially unwanted application, BAT/HostsChanger.A potentially unsafe application
26.67%

VIPRE Antivirus
Threat.4150696, Win32.Malware!Drop, Threat.5064197
20.00%

Sophos
WebAlta Toolbar, Mal/Generic-S, PUA 'Install Monster'
20.00%

Avira AntiVirus
ADWARE/Adware.Gen, TR/Kazy.766976.1, ADWARE/InstaMon.enif
20.00%

ESET NOD32
Win32/AdWare.Toolbar.Webalta.GN, Win32/TrojanDownloader.Cicevre (variant), Win32/InstallMonstr.JM potentially unwanted (variant)
20.00%

McAfee
RDN/Generic.dx!d2b, Artemis!4FE693290E41, Trojan.Artemis!32859ED92FE5
20.00%

Emsisoft Anti-Malware
Gen:Variant.Kazy.526584, Trojan.GenericKD.2574206, Trojan.Generic.12491497
20.00%

McAfee Web Gateway
RDN/Generic.dx!d2b, BehavesLike.Win32.Backdoor.gc, BehavesLike.Win32.PWSZbot.wc
20.00%

Qihoo 360 Security
Win32/Trojan.51e, HEUR/QVM03.0.Malware.Gen, QVM10.1.Malware.Gen
20.00%

Kaspersky
Trojan-Downloader.Win32.Agent, UDS:DangerousObject.Multi.Generic, Trojan.Win32.Inject
20.00%

Vba32 AntiVirus
Downware.iDatix.gen, Trojan.KillAV
13.33%

AVG
Win.Threat.Medium, Generic
13.33%

The domain tr.im has been seen to resolve to the following 6 IP addresses.

79.31.211.130.bc.googleusercontent.com
July 6, 2016

ec2-52-3-16-164.compute-1.amazonaws.com
June 30, 2016

ec2-52-5-193-106.compute-1.amazonaws.com
June 30, 2016

ec2-54-165-60-202.compute-1.amazonaws.com
May 21, 2015

ec2-54-243-183-205.compute-1.amazonaws.com
August 12, 2014

ec2-54-243-112-104.compute-1.amazonaws.com
June 5, 2014

File downloads found at URLs served by tr.im.

0 / 68
https://tr.im/lxKw9  (setup.exe)

1 / 68      (Adware)
https://tr.im/zgI0z  (setup.exe)

1 / 68      (Adware)
https://tr.im/lxKw9  (setup.exe)

1 / 68      (Adware)
https://tr.im/10lVg  (setup.exe)

1 / 68      (inconclusive)
https://tr.im/10lVg  (setup.exe)

1 / 68      (inconclusive)
https://tr.im/10lVg  (setup.exe)

0 / 68
https://tr.im/lxKw9  (ic-0.31164398477c7.exe)

6 / 68      (PUP)
http://tr.im/55g67  (finereader_11_crack.exe)

1 / 68      (PUP)
https://tr.im/lxKw9  (setup [downloaded with 1stbrowser].exe)

25 / 68    (Malware)
https://tr.im/c213c  (facebook_watch_video_x6.exe)

7 / 68      (Malware)
https://tr.im/zgI0z  (setup.exe)

1 / 68      (inconclusive)
https://tr.im/zgI0z  (setup.exe)

1 / 68      (Adware)
http://tr.im/52qjk  (driverscanner_2014_4.0.12.4_ru.exe)

0 / 68
https://tr.im/downloadi  (GraboidVideoInstaller-5.2.1.0.exe)

0 / 68
https://tr.im/startdownloadmovieidpinlardoctypehdmoviejiku  (GraboidVideoInstaller-5.2.1.0.exe)

0 / 68
https://tr.im/startwatchingmovieidpintumiaisagolalkumra  (GraboidVideoInstaller-5.2.1.0.exe)

0 / 68
https://tr.im/DirectFreeDownloadPC  (GraboidVideoInstaller-5.2.1.0.exe)

0 / 68
https://tr.im/watchonlinei  (GraboidVideoInstaller-5.2.1.0.exe)

14 / 68    (Malware)
http://tr.im/.../IMG_0410.jpg  (img_0410.jpg.exe)

11 / 68    (Adware)
http://tr.im/o21  (kerish doctor 2015 4.exe)

13 / 68    (PUP)
http://tr.im/o44  (registrycleanersetup.exe)

1 / 68      (Adware)
http://tr.im/4t2dz  (sdformatter3_1.rar.exe)

The following 5 files have been seen to comunicate with tr.im in live environments.