home

track.mobclick.net

zou peter

Domain Information

The domain track.mobclick.net registered by zou peter was initially registered in September of 2013 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Dublin City, Ireland (IE)

Create date:
Wednesday, September 4, 2013

Expires date:
Friday, September 4, 2015

Updated date:
Wednesday, April 16, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
mobclick.net

Whois:
1 mobclick.net record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.XianDianyiInfoTechCoLtd.O, PUP.SquareNetworkTechCoLTD.O, PUP.SquareNetworkTechCoLTD.N, PUP.XianDianyiInfoTechCoLtd.N
100.00%

Dr.Web
Adware.Conduit.47, Threat.Undefined
62.50%

G Data
Win32.Application.Bundler, Gen:Variant.Graftor.141303, Gen:Variant.Graftor.141360
50.00%

VIPRE Antivirus
Threat.4895341
37.50%

ESET NOD32
Win32/SquareNet.A potentially unwanted application
37.50%

K7 AntiVirus
Unwanted-Program
37.50%

Avira AntiVirus
APPL/Downloader.Gen
37.50%

AhnLab V3 Security
Adware/Win32.Clicker
37.50%

IKARUS anti.virus
PUA.SquareNet
37.50%

AVG
Generic
37.50%

Sophos
Square Network Installer
25.00%

MicroWorld eScan
Gen:Variant.Graftor.141303, Gen:Variant.Graftor.141360
25.00%

Bitdefender
Gen:Variant.Graftor.141303, Gen:Variant.Graftor.141360
25.00%

F-Secure
Gen:Variant.Graftor.141303, Gen:Variant.Graftor.141360
25.00%

Emsisoft Anti-Malware
Gen:Variant.Graftor.141303, Gen:Variant.Graftor.141360
25.00%

The domain track.mobclick.net has been seen to resolve to the following 7 IP addresses.

54.231.0.64
s3-1.amazonaws.com
September 5, 2014

54.231.18.128
s3-1.amazonaws.com
September 3, 2014

176.32.97.234
s3-1.amazonaws.com
August 17, 2014

54.231.0.80
s3-1.amazonaws.com
August 16, 2014

176.32.97.250
s3-1.amazonaws.com
June 13, 2014

54.231.1.160
s3-1.amazonaws.com
May 12, 2014

176.32.101.82
May 1, 2014

File downloads found at URLs served by track.mobclick.net.

1 / 68      (Adware)
http://track.mobclick.net/download/java/13232/.../java_installer.exe  (fae4992d0ff69d905e73f6436e1a2e18)

8 / 68      (Adware)
http://track.mobclick.net/download/flv/.../FLV_installer.exe  (a9f6635e3ab925ee1a0772793937b91d)

17 / 68    (Adware)
http://track.mobclick.net/download/flv/custom/.../flv_installer.exe  (b1fa335915e5d2fe303d6b8f1e267ab8)

11 / 68    (Adware)
http://track.mobclick.net/download/flv/custom/.../flv_installer.exe  (f056fdee7f4d41507aad682a05efd842)

1 / 68      (Adware)
http://track.mobclick.net/download/flv/custom/.../flv_installer.exe  (1a8e5591d92b29d034c2ba30d55fe359)

1 / 68      (Adware)
http://track.mobclick.net/download/flv/custom/.../flv_installer.exe  (292b8e1788bd623cb17b5c4a65891523)

11 / 68    (Adware)
http://track.mobclick.net/download/flv/custom/.../flv_installer.exe  (b03c6cf61a8c82d6790ac1603e151089)

3 / 68      (Adware)
http://track.mobclick.net/download/java/13232/.../java_installer.exe  (e981c893e6f14bf4ea4d5166e622e6d9)

The following 2 files have been seen to comunicate with track.mobclick.net in live environments.

TCP » 176.32.97.250:443
javaw.exe (Java Platform SE 7 U51 by Oracle)

TCP » 54.231.18.128:443
nsh61b2.tmp

URL:
http://track.mobclick.net/

Network:
Amazon Web Services (AWS)

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.