home

clic.illyx.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain clic.illyx.com is registered by proxy through GODADDY.COM, LLC and was originally registered in October of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Tuesday, October 11, 2011

Expires date:
Tuesday, October 11, 2016

Updated date:
Monday, October 12, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc., US

Root domain:
illyx.com

Whois:
3 illyx.com records

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Kreapixel.K, PUP.Kreapixel.Installer (M), PUP.Kreapixel.J, PUP.Kreapixel.M, PUP.Kreapixel.O, PUP.Kreapixel.L, PUP.Installer.Kreapixel.J, PUP.Kreapixel (M), PUP.Solimba.EilioDev (M), PUP.Solimba.Contumar (M), PUP.Solimba.DelimaxC (M), PUP.Solimba.Bechiros (M), PUP.Solimba (M)
92.31%

Sophos
Kreapixel, Generic PUA GO, Mal/Generic-S, Generic PUA IM (PUA)
58.97%

Dr.Web
Trojan.Crossrider.9, Trojan.DownLoader9.20992, Trojan.DownLoader9.19590, Adware.Downware.1119, Trojan.DownLoader9.18631
56.41%

Trend Micro House Call
TROJ_GEN.F47V0115, TROJ_GEN.F47V0203, TROJ_GEN.F47V0201, TROJ_GEN.F47V1121, TROJ_GEN.F47V0304, TROJ_GEN.F47V1026, TROJ_GEN.F47V0326, TROJ_GEN.F47V0722, TROJ_GEN.F47V0131, TROJ_GEN.F47V0913
48.72%

McAfee
Artemis!D5D07548DA25, Artemis!41303A543C66, Artemis!3CBED8EAB172, Artemis!10C9005F4C99, Artemis!F461E6182860, Artemis!8FA4653CCE00, Artemis!A0EF8A7C030A, Artemis!0914D934EF1D, Artemis!EE1347F4E9A1, Artemis!684B8B642CF7, Artemis!2A4E75B6F455
41.03%

ESET NOD32
Win32/AdWare.Illyx, Win32/Krepixel (variant), Win32/Toolbar.Babylon, Win32/Packed.Autoit
33.33%

G Data
Win32.Application.KreaPixWebplayer, Application.Generic.807216, Trojan.GenericKD.1748294
25.64%

K7 AntiVirus
Unwanted-Program , Trojan , Adware
25.64%

IKARUS anti.virus
Trojan-Downloader.Win32.Genome, not-a-virus:WebToolbar.Win32.Toolbar
20.51%

Fortinet FortiGate
Riskware/Illyx, Riskware/Krepixel, Riskware/Toolbar, W32/Genome.A!tr.dldr, PossibleThreat, W32/Badur.A!tr
17.95%

Qihoo 360 Security
HEUR/Malware.QVM11.Gen, Trojan.Generic, Win32/Trojan.Multi.daf, Win32/Trojan.96d
17.95%

Rising Antivirus
AU3SCRIPT:Malware.Banker!1.9DF6, PE:Trojan.Win32.Generic.160952F9!369709817, PE:Trojan.Win32.Generic.17335C5C!389241948
17.95%

Kaspersky
Trojan-Downloader.Win32.Genome, not-a-virus:WebToolbar.Win32.Toolbar
17.95%

VIPRE Antivirus
Trojan.Win32.Generic
15.38%

Comodo Security
ApplicUnwnt, ApplicUnwnt.Win32.AdWare.Krepixel.~A, UnclassifiedMalware
12.82%

The domain clic.illyx.com has been seen to resolve to the following 65 IP addresses.

52.205.218.105
ec2-52-205-218-105.compute-1.amazonaws.com
July 29, 2016

52.206.36.195
ec2-52-206-36-195.compute-1.amazonaws.com
July 18, 2016

52.7.213.252
ec2-52-7-213-252.compute-1.amazonaws.com
July 18, 2016

52.5.14.12
ec2-52-5-14-12.compute-1.amazonaws.com
June 29, 2016

52.87.124.218
ec2-52-87-124-218.compute-1.amazonaws.com
June 29, 2016

54.165.125.29
ec2-54-165-125-29.compute-1.amazonaws.com
June 26, 2016

52.4.235.69
ec2-52-4-235-69.compute-1.amazonaws.com
June 26, 2016

54.165.143.255
ec2-54-165-143-255.compute-1.amazonaws.com
June 21, 2016

52.21.65.96
ec2-52-21-65-96.compute-1.amazonaws.com
June 21, 2016

54.208.124.218
ec2-54-208-124-218.compute-1.amazonaws.com
June 7, 2016

52.203.146.90
ec2-52-203-146-90.compute-1.amazonaws.com
June 6, 2016

52.87.106.50
ec2-52-87-106-50.compute-1.amazonaws.com
June 6, 2016

52.72.162.128
ec2-52-72-162-128.compute-1.amazonaws.com
June 2, 2016

52.5.57.82
ec2-52-5-57-82.compute-1.amazonaws.com
June 2, 2016

54.86.36.82
ec2-54-86-36-82.compute-1.amazonaws.com
June 2, 2016

52.203.78.46
ec2-52-203-78-46.compute-1.amazonaws.com
June 2, 2016

52.73.92.190
ec2-52-73-92-190.compute-1.amazonaws.com
May 16, 2016

52.7.74.56
ec2-52-7-74-56.compute-1.amazonaws.com
May 16, 2016

52.72.118.27
ec2-52-72-118-27.compute-1.amazonaws.com
March 8, 2016

107.21.44.249
ec2-107-21-44-249.compute-1.amazonaws.com
March 8, 2016

54.173.205.117
ec2-54-173-205-117.compute-1.amazonaws.com
February 20, 2016

52.73.185.238
ec2-52-73-185-238.compute-1.amazonaws.com
February 20, 2016

54.174.127.129
ec2-54-174-127-129.compute-1.amazonaws.com
February 16, 2016

52.72.1.193
ec2-52-72-1-193.compute-1.amazonaws.com
February 16, 2016

52.73.156.129
ec2-52-73-156-129.compute-1.amazonaws.com
February 12, 2016

54.208.254.134
ec2-54-208-254-134.compute-1.amazonaws.com
February 12, 2016

52.20.219.95
ec2-52-20-219-95.compute-1.amazonaws.com
February 1, 2016

52.2.172.115
ec2-52-2-172-115.compute-1.amazonaws.com
February 1, 2016

52.72.251.195
ec2-52-72-251-195.compute-1.amazonaws.com
February 1, 2016

52.72.181.246
ec2-52-72-181-246.compute-1.amazonaws.com
February 1, 2016

 
Showing 30 of 65 IP Addresses

File downloads found at URLs served by clic.illyx.com.

1 / 68      (Adware)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=5996&source=  (webplayer.exe)

0 / 68
http://clic.illyx.com/aff_c?offer_id=324&aff_id=7280&source=  (webplayer.exe)

1 / 68      (Adware)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=1602&source=Webplayer1  (webplayer.exe)

7 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=1640&source=  (webplayer_fr.exe)

5 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=5528&source=www.filmsstreaming.com  (webplayer_fr.exe)

7 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=1224&aff_id=1001&source=www.gigastreaming.com  (alloplayer.exe)

13 / 68    (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=7754  (webplayer.exe)

7 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=4808&source=BouleetBill  (webplayer.exe)

8 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=1005&source=udirectplayerb  (webplayer.exe)

6 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=373&aff_id=1005&aff_sub=link&source=regardertv  (webplayer.exe)

1 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=1005&source=ustreamingtvplayerb  (webplayer.exe)

1 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=276&aff_id=1560&source=animesplugin  (webgameplay.exe)

6 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=3826&source=naruto  (webplayer_us.exe)

8 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=1224&aff_id=3926&source=www.youmoviz.tv  (alloplayer.exe)

3 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=7542&source=v.hdcomplet.com  (webplayer.exe)

1 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=1224&aff_id=7882&source=www.wstreaming.net  (alloplayer.exe)

1 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=652&aff_id=1075  (musicloud.exe)

1 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=7816&source=www.streamiz-filmze.fr  (webplayer.exe)

1 / 68      (Adware)
http://clic.illyx.com/aff_c?offer_id=324&aff_id=5450&file_id=&source=  (webplayer.exe)

1 / 68      (Adware)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=5484&source=Voir En Streaming  (webplayer.exe)

1 / 68      (Adware)
http://clic.illyx.com/aff_c?offer_id=1224&aff_id=3212  (webplayer.exe)

30 / 68    (PUP)
http://clic.illyx.com/aff_c?offer_id=1224&aff_id=6434&source=dpstreams.org-player  (alloplayer.exe)

6 / 68      (PUP)
http://clic.illyx.com/SHzE  (webplayer.exe)

6 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=7712&source=www.stream-dvdrip.com  (webplayer_us.exe)

5 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=399&aff_id=3778&source=tousstreaming  (DDL_Manager.exe)

6 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=3778&source=tousstreaming  (webplayer.exe)

11 / 68    (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=1201  (webplayer_fr.exe)

4 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=1560&source=toriko700  (webplayer.exe)

7 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=1224&aff_id=1011&source=  (alloplayer.exe)

5 / 68      (PUP)
http://clic.illyx.com/aff_c?offer_id=25&aff_id=1017&source=  (webplayer_fr.exe)

 
Latest 30 of 614 download URLs

The following 6 files have been seen to comunicate with clic.illyx.com in live environments.

TCP » 54.86.172.158:80
myradiobox.exe (youtubePlaylist)

TCP » 107.21.52.90:80
Speedchecker.exe (Speedchecker by Optimal Software s.r.o)

TCP » 107.21.52.90:80
vxhost.exe

TCP » 54.246.131.227:80
icedragon.exe (IceDragon by COMODO Security Solutions)

TCP » 50.18.209.44:80
laesa.exe (Meskisift Visaal Studio 2010 by Meskisift Corporatien)

TCP » 107.23.142.44:80
TheWorld.exe (TheWorld by TheWorld.CN)

URL:
http://clic.illyx.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.7.9

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.