home

nustrk.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain nustrk.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in September of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Austin, Texas within the United States which resides on the YHC Corporation network.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Texas, United States (US)

Create date:
Friday, September 20, 2013

Expires date:
Sunday, September 20, 2015

Updated date:
Sunday, September 21, 2014

ASN:
AS40034 CONFLUENCE-NETWORK-INC - Confluence Networks Inc,VG

Whois:
3 nustrk.com records

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.WARPINSTALLER.F, PUP.Installer.SystemApplet.S, PUP.Installer.WARPINSTALLER.O, PUP.INSTALLMYSOFTWARE.N, PUP.Installer.ClickAccept.N, PUP.Installer.SafeDown.M, PUP.Installer.SOFTWAREINSTALLER.S, PUP.Installer.SafeDown.R, PUP.Installer.Fileangels.F, PUP.Installer.SafeDown.Q, PUP.Installer.Fileprotected.F, PUP.Installer.FileFalcon.V, PUP.Installer.Fileadventure, PUP.Bundler.Adknowledge, PUP.Adknowledge.Bundler, PUP.Adknowledge.Installer, PUP.Adknowledge.TINYINSTALLER.Installer (M), PUP.Adknowledge.Bundler (M), PUP.Adknowledge.SafeDown.Bundler (M), PUP.Adknowledge.FusionInstall.Installer (M), PUP.Adknowledge.INSTALLDOTEXE.Installer (M), PUP.Adknowledge.Dashboot.Installer (M), PUP.Adknowledge.Fileadventure.Bundler (M), PUP.Adknowledge.SETUPDOTEXE.Bundler (M), PUP.Adknowledge.INSTALLD.Installer (M), PUP.Adknowledge.Fileange.Bundler (M), PUP.Adknowledge.Fileadve.Bundler (M), PUP.Adknowledge.Installer (M), PUP.Adknowledge.TINYINST.Bundler (M), PUP.Adknowledge.SETUPDOT.Bundler (M), PUP.Adknowledge.WARPINST.Bundler (M), PUP.Adknowledge.FusionIn.Bundler (M), PUP.Adknowledge (M)
100.00%

Malwarebytes
PUP.Optional.OptimumInstaller.A, PUP.Optional.OptimunInstaller, PUP.Optional.iBryte, PUP.Optional.Ibryte, PUP.Optional.IBryte
44.90%

Dr.Web
Trojan.Packed.26508, Trojan.Packed.27655, Adware.Downware.6099, Trojan.DownLoader11.32333, Trojan.DownLoader11.34291, Trojan.DownLoader11.26958
44.90%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696, Optimum Installer, Threat.4778314, Threat.4798837, Threat.5064731
44.90%

AVG
Adware AdPlugin.JE, Win.Threat.Medium, Adware AdPlugin.AIV, Adware AdPlugin.AKC, Adware AdPlugin.ZC, Adware AdPlugin.BRI
44.90%

Avira AntiVirus
ADWARE/Adware.Gen7, ADWARE/iBryte.Gen7, Adware/iBryte.bxou, Adware/iBryte.bxor, ADWARE/iBryte.Gen4, Adware/iBryte.bxpg, Adware/iBryte.zline
42.86%

NANO AntiVirus
Trojan.Win32.Badur.cxnrwx, Trojan.Win32.Agent.cxjjsz, Trojan.Win32.DownLoader11.dfedxj, Trojan.Win32.Buzus.dffyza, Riskware.Win32.IBryte.ddthor
42.86%

F-Prot
W32/DomaIQ.G2.gen, W32/A-85132f45, W32/A-c255719d, W32/A-34fffba4, W32/A-8041faaf, W32/A-512ed8f8, W32/A-cb5bb8f6, W32/A-2b3be3da
42.86%

K7 AntiVirus
Unwanted-Program , Adware , Riskware
40.82%

Comodo Security
Application.Win32.iBryte.WRP, Application.Win32.AgentCV.HWYE, Application.Win32.Optimum.DS, Application.Win32.Ibryte.NW
40.82%

G Data
Win32.Adware.Ibryte, Gen:Variant.Adware.iBryte, Win32.Adware.IBryte, Gen:Variant.Application.Bundler.25, Gen:Variant.Adware.Kazy.501097
40.82%

avast!
Win32:IBryte-CY [PUP], Win32:IBryte-DB [PUP], Win32:IBryte-DY [PUP], Win32:Adware-gen [Adw], Win32:IBryte-EE [PUP], Win32:IBryte-GA [PUP]
40.82%

Vba32 AntiVirus
AdWare.iBryte, Trojan.Buzus, suspected of Trojan.Downloader.gen.h, Downloader.Agent
40.82%

Zillya! Antivirus
Adware.iBryte.Win32.864, Adware.iBryte.Win32.854, Trojan.Buzus.Win32.122155, Adware.iBryte.Win32.1495, Adware.iBryte.Win32.2636
38.78%

AhnLab V3 Security
PUP/Win32.IBryte, PUP/Win32.OptimumInstaller, Adware/Win32.IBryte
38.78%

The domain nustrk.com has been seen to resolve to the following 5 IP addresses.

209.99.40.222
209-99-40-222.fwd.datafoundry.com
October 29, 2015

104.28.11.96
August 17, 2014

104.28.10.96
August 17, 2014

141.101.116.237
December 23, 2013

141.101.117.237
December 23, 2013

File downloads found at URLs served by nustrk.com.

1 / 68      (Adware)
http://nustrk.com/base2.php  (adobe-reader.exe)

The following 47 files have been seen to comunicate with nustrk.com in live environments.

TCP » 209.99.40.222:80
UCBrowser.exe (by UCWeb)

TCP » 209.99.40.222:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 209.99.40.222:80
ContentFinder.exe (ContentFinder by ContentFinder Software)

TCP » 209.99.40.222:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 209.99.40.222:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 209.99.40.222:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 209.99.40.222:80
hkcmd.exe (Intel Common User Interface by Intel)

TCP » 209.99.40.222:80
ContentFinder.exe (ContentFinder by DigitalSoftware Group)

TCP » 209.99.40.222:80
jingling.exe

TCP » 209.99.40.222:80
online-guardian-v2.0.9.exe

TCP » 209.99.40.222:80
msn.exe

TCP » 209.99.40.222:80
apptrailers.exe

TCP » 209.99.40.222:80
y03fd24.tmp

TCP » 209.99.40.222:80
lliseconc8.exe

TCP » 209.99.40.222:80
megacubo.exe (Megacubo by www.megacubo.net)

TCP » 209.99.40.222:80
messengertime.exe

TCP » 209.99.40.222:80
ContentSinder.exe (ContentSinder by ContentSinder Company)

TCP » 209.99.40.222:80
jingling.exe

TCP » 209.99.40.222:80
jingling.exe

TCP » 209.99.40.222:80
browser.exe (speed browser by Smart Applications)

 
Latest 20 of 53 files

URL:
http://nustrk.com/

SSL certificate subject:
CN=sni60371.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.