clic.illyx.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain clic.illyx.com is registered by proxy through GODADDY.COM, LLC and was originally registered in October of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Remove Malware from clic.illyx.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Tuesday, October 11, 2011

Expires date:
Tuesday, October 11, 2016

Updated date:
Monday, October 12, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Kreapixel.J, PUP.Kreapixel.M, PUP.Kreapixel.Installer (M), PUP.Kreapixel.K, PUP.Kreapixel.O, PUP.Installer.Kreapixel.J, PUP.Kreapixel (M), PUP.Solimba.EilioDevelopmentssl (M)
94.44%

Sophos
Kreapixel, PUA 'Solimba Installer', Generic PUA OL, Generic PUA DO
72.22%

Dr.Web
Trojan.Crossrider.9, Trojan.DownLoader9.20992, Trojan.DownLoader9.19590, Trojan.DownLoader9.22298, Trojan.DownLoader9.21656
66.67%

Trend Micro House Call
TROJ_GEN.R0CBB01I413, TROJ_GEN.F47V1113, TROJ_GEN.F47V1214, TROJ_GEN.F47V0203, TROJ_GEN.F47V0201, TROJ_GEN.F47V0304, TROJ_GEN.F47V1026, TROJ_GEN.F47V0208, TROJ_GEN.F47V0202, TROJ_GEN.F47V0131, TROJ_GEN.F47V0913, TROJ_GEN.F47V1107, TROJ_GEN.F47V0609
61.11%

McAfee Web Gateway
Artemis!32897A7F3ACD, Artemis!93DF272FDF3D, Artemis!1718DCD16DC8, Artemis!D5D07548DA25, Artemis!41303A543C66, Artemis!10C9005F4C99
50.00%

McAfee
Artemis!32897A7F3ACD, Artemis!93DF272FDF3D, Artemis!1718DCD16DC8, Artemis!D5D07548DA25, Artemis!41303A543C66, Artemis!10C9005F4C99, Artemis!8FA4653CCE00, Artemis!1CC8DACBEC50, Artemis!62C3C5CFA06E, Artemis!2F94F9DB9D80
47.22%

Jiangmin
WebToolbar.Toolbar.f, Trojan/Reconyc.as, TrojanDownloader.Genome.ajnv
44.44%

Antiy Labs AVL
WebToolbar/Win32.Toolbar.gen, Trojan/Win32.Inject, Worm[IM]/Win32.Sohanad, Trojan/Win32.TSGeneric, RiskWare[Downloader:not-a-virus]/Win32.Morstar
44.44%

G Data
Win32.Application.KreaPixWebplayer, Win32.Trojan.Agent.X6M9WJ, Win32.Application.Morstar, Trojan.Generic.12760932
41.67%

ESET NOD32
Win32/Toolbar.Babylon, Win32/AdWare.Illyx, Win32/Krepixel (variant), Win32/Packed.Autoit, MSIL/Solimba.AK.gen potentially unwanted (variant)
38.89%

CMC Antivirus
Trojan.Win32.Generic!O
33.33%

IKARUS anti.virus
not-a-virus:WebToolbar.Win32.Toolbar, AdWare.Kreapixel, Trojan-Downloader.Win32.Genome, not-a-virus:Downloader.Morstar, AdWare.BundleApp
25.00%

K7 AntiVirus
Unwanted-Program , Trojan , DoS-Trojan
25.00%

Fortinet FortiGate
Riskware/Toolbar, Riskware/Illyx, Riskware/Krepixel, W32/Krepixel.A, Riskware/Morstar
22.22%

Commtouch SDK
W32/GenBl.2276BABD!Olympus, W32/GenBl.7AFE9FFD!Olympus, W32/GenBl.0914D934!Olympus, W32/GenBl.1CC8DACB!Olympus, W32/GenBl.62C3C5CF!Olympus
22.22%

The domain clic.illyx.com has been seen to resolve to the following 41 IP addresses.

ec2-52-73-156-129.compute-1.amazonaws.com
February 12, 2016

ec2-54-208-254-134.compute-1.amazonaws.com
February 12, 2016

ec2-52-20-219-95.compute-1.amazonaws.com
February 1, 2016

ec2-52-2-172-115.compute-1.amazonaws.com
February 1, 2016

ec2-52-72-251-195.compute-1.amazonaws.com
February 1, 2016

ec2-52-72-181-246.compute-1.amazonaws.com
February 1, 2016

ec2-54-172-73-48.compute-1.amazonaws.com
January 28, 2016

ec2-52-20-106-232.compute-1.amazonaws.com
January 28, 2016

ec2-107-23-147-56.compute-1.amazonaws.com
December 15, 2015

ec2-52-22-175-167.compute-1.amazonaws.com
December 15, 2015

ec2-52-7-53-84.compute-1.amazonaws.com
December 15, 2015

ec2-52-20-252-132.compute-1.amazonaws.com
December 2, 2015

ec2-54-174-196-254.compute-1.amazonaws.com
December 2, 2015

ec2-54-152-47-82.compute-1.amazonaws.com
December 2, 2015

ec2-54-86-172-158.compute-1.amazonaws.com
July 1, 2015

ec2-107-23-100-205.compute-1.amazonaws.com
July 1, 2015

ec2-54-173-193-7.compute-1.amazonaws.com
July 1, 2015

ec2-52-4-58-130.compute-1.amazonaws.com
May 21, 2015

ec2-54-85-76-7.compute-1.amazonaws.com
May 21, 2015

ec2-54-165-125-209.compute-1.amazonaws.com
May 21, 2015

ec2-54-175-84-195.compute-1.amazonaws.com
May 3, 2015

ec2-54-173-20-116.compute-1.amazonaws.com
May 3, 2015

ec2-54-175-1-157.compute-1.amazonaws.com
May 3, 2015

ec2-54-236-216-239.compute-1.amazonaws.com
November 18, 2014

ec2-54-236-179-48.compute-1.amazonaws.com
November 18, 2014

ec2-54-173-236-230.compute-1.amazonaws.com
November 18, 2014

ec2-54-241-186-17.us-west-1.compute.amazonaws.com
October 9, 2014

ec2-54-77-36-89.eu-west-1.compute.amazonaws.com
September 4, 2014

ec2-54-77-191-48.eu-west-1.compute.amazonaws.com
September 4, 2014

ec2-54-77-91-93.eu-west-1.compute.amazonaws.com
September 4, 2014

 
Showing 30 of 41 IP Addresses

File downloads found at URLs served by clic.illyx.com.

9 / 68      (PUP)

5 / 68      (PUP)

16 / 68    (PUP)

6 / 68      (PUP)

9 / 68      (PUP)

9 / 68      (PUP)

1 / 68      (PUP)

20 / 68    (PUP)

20 / 68    (PUP)

16 / 68    (PUP)

11 / 68    (PUP)

13 / 68    (PUP)

 
Latest 30 of 337 download URLs

The following 6 files have been seen to comunicate with clic.illyx.com in live environments.

URL:
http://clic.illyx.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.7.9

Remove Malware from clic.illyx.com - Powered by Reason Core Security