home

software.yaknow.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain software.yaknow.com is registered by proxy through WILD WEST DOMAINS, LLC and was originally registered in May of 2003. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network.
Registrar:
WILD WEST DOMAINS, LLC

Server location:
New York, United States (US)

Create date:
Tuesday, May 27, 2003

Expires date:
Sunday, May 27, 2018

Updated date:
Friday, February 14, 2014

ASN:
AS393406 DIGITALOCEAN-ASN-NY3 - Digital Ocean, Inc.,US

Root domain:
yaknow.com

Whois:
1 yaknow.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Bundler.Vittalia, PUP.InstallCore.Installer.Installer (M), PUP.Air Software.DownloadAssistant.Bundler (M)
100.00%

avast!
Win32:Adware-CKN [PUP]
33.33%

ESET NOD32
Win32/DownloadAssistant.A potentially unwanted application
33.33%

Avira AntiVirus
TR/Crypt.XPACK.Gen
33.33%

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
33.33%

IKARUS anti.virus
Trojan.Win32.Rimecud
33.33%

AVG
Generic
33.33%

The domain software.yaknow.com has been seen to resolve to the following 2 IP addresses.

159.203.107.180
fd-03-do-e-ny-3.gtdlrfwd.com
November 13, 2015

104.131.2.201
useast.gtdlrfwd.com
March 20, 2015

File downloads found at URLs served by software.yaknow.com.

1 / 68      (Adware)
http://software.yaknow.com/v2/click/adfbd400/?d=http://www.yaknow.com/Download/.../InstallWizard101.exe&key=ae1cc759f098faf8d839e59437c654680250a2a6fc232c039684525fde3ba6dd&sid=Wizard101&uid=&affiliate_image=http://www.yaknow.com/Download/.../Wizard1011.png&product_image=http://www.yaknow.com/Download/.../Wizard1012.png&n=Wizard101&filename=Wizard101  (67545df883b9355cb9179a908cae9bc6)

1 / 68      (Adware)
http://software.yaknow.com/v2/click/dff4d1eb/?d=http://www.yaknow.com/Download/.../Minecraft.exe&key=8a79fcf4f66d3174d945f47d3f22cda5f47b8598a414047edfbad274c6c98e9a&sid=MinecraftG&uid=&affiliate_image=http://www.yaknow.com/Download/.../Minecraft1.png&product_image=http://www.yaknow.com/Download/.../Minecraft.png&n=Minecraft&filename=Minecraft  (f_000bba)

7 / 68      (Adware)
http://software.yaknow.com/v2/click/8d328571/?d=http://www.yaknow.com/Download/.../InstallWizard101.exe&key=ae1cc759f098faf8d839e59437c654680250a2a6fc232c039684525fde3ba6dd&sid=Wizard101UK&uid=&affiliate_image=http://www.yaknow.com/Download/.../Wizard1011.png&product_image=http://www.yaknow.com/Download/.../Wizard1012.png&n=Wizard101&filename=Wizard101  (ad9ea7c2b50d4c279d6155cd8ccf513b)

The following 14 files have been seen to comunicate with software.yaknow.com in live environments.

TCP » 104.131.2.201:80
setup.exe (Google Chrome by Download Assistant)

TCP » 104.131.2.201:80
setup.exe (DVD Shrink by Download Publisher)

TCP » 104.131.2.201:80
setup.exe (Java Runtime by Download Assistant)

TCP » 104.131.2.201:80
setup.exe (WinZip by Download Assistant)

TCP » 104.131.2.201:80
Microsoft_Security_Essentials_Setup.exe (Microsoft Security Essentials by Download Assistant)

TCP » 104.131.2.201:80
Setup.exe (Java Runtime by Download Manager)

TCP » 104.131.2.201:80
Avast_Setup_2015.exe (Avast by Download Assistant)

TCP » 104.131.2.201:80
googlechromeupdatesetup.exe (Google Chrome by Install Helper)

TCP » 104.131.2.201:80
setup_adobe_reader.exe (Adobe Reader by Install Helper)

TCP » 104.131.2.201:80
AdobeReaderSetup-22796854.exe (Adobe Reader by Install Helper)

TCP » 104.131.2.201:80
chrome_installer.exe (Google Chrome Browser by DownloadAsst_New)

TCP » 104.131.2.201:80
microsoftsilverlightupdatesetup.exe (Microsoft Silverlight by Download Assistant)

TCP » 104.131.2.201:80
Firefox Setup.exe (Firefox by Install Assistant)

TCP » 104.131.2.201:80
malwarebytes anti-malware setup.exe (Malwarebytes Anti-Malware by Download Assistant)

URL:
http://software.yaknow.com/

Title:
“Welcome to nginx!”

Web server:
nginx/1.4.6 (Ubuntu)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.