clic.illyx.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain clic.illyx.com is registered by proxy through GODADDY.COM, LLC and was originally registered in October of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Tuesday, October 11, 2011

Expires date:
Tuesday, October 11, 2016

Updated date:
Monday, October 12, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc., US

Root domain:

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Kreapixel.K, PUP.Kreapixel.Installer (M), PUP.Kreapixel.J, PUP.Kreapixel.M, PUP.Kreapixel.O, PUP.Kreapixel.L, PUP.Installer.Kreapixel.J, PUP.Kreapixel (M), PUP.Solimba.EilioDev (M), PUP.Solimba.Contumar (M), PUP.Solimba.DelimaxC (M), PUP.Solimba.Bechiros (M), PUP.Solimba (M)
92.31%

Sophos
Kreapixel, Generic PUA GO, Mal/Generic-S, Generic PUA IM (PUA)
58.97%

Dr.Web
Trojan.Crossrider.9, Trojan.DownLoader9.20992, Trojan.DownLoader9.19590, Adware.Downware.1119, Trojan.DownLoader9.18631
56.41%

Trend Micro House Call
TROJ_GEN.F47V0115, TROJ_GEN.F47V0203, TROJ_GEN.F47V0201, TROJ_GEN.F47V1121, TROJ_GEN.F47V0304, TROJ_GEN.F47V1026, TROJ_GEN.F47V0326, TROJ_GEN.F47V0722, TROJ_GEN.F47V0131, TROJ_GEN.F47V0913
48.72%

McAfee
Artemis!D5D07548DA25, Artemis!41303A543C66, Artemis!3CBED8EAB172, Artemis!10C9005F4C99, Artemis!F461E6182860, Artemis!8FA4653CCE00, Artemis!EE1347F4E9A1
41.03%

McAfee Web Gateway
Artemis!D5D07548DA25, Artemis!41303A543C66, Artemis!3CBED8EAB172, Artemis!10C9005F4C99, Artemis!F461E6182860, Artemis!8FA4653CCE00
41.03%

ESET NOD32
Win32/AdWare.Illyx, Win32/Krepixel (variant), Win32/Toolbar.Babylon, Win32/Packed.Autoit
33.33%

Antiy Labs AVL
Trojan/Win32.Inject, Worm[IM]/Win32.Sohanad, WebToolbar/Win32.Toolbar.gen
33.33%

CMC Antivirus
Trojan.Win32.Generic!O
30.77%

Jiangmin
Trojan/Reconyc.as, WebToolbar.Toolbar.f, TrojanDownloader.Genome.ajnv
28.21%

G Data
Win32.Application.KreaPixWebplayer, Application.Generic.807216, Trojan.GenericKD.1748294
25.64%

K7 AntiVirus
Unwanted-Program , Trojan , Adware
25.64%

K7 Gateway Antivirus
Unwanted-Program , Adware , Trojan
23.08%

IKARUS anti.virus
Trojan-Downloader.Win32.Genome, not-a-virus:WebToolbar.Win32.Toolbar
20.51%

Fortinet FortiGate
Riskware/Illyx, Riskware/Krepixel, Riskware/Toolbar, W32/Genome.A!tr.dldr, PossibleThreat, W32/Badur.A!tr
17.95%

The domain clic.illyx.com has been seen to resolve to the following 65 IP addresses.

ec2-52-205-218-105.compute-1.amazonaws.com
July 29, 2016

ec2-52-206-36-195.compute-1.amazonaws.com
July 18, 2016

ec2-52-7-213-252.compute-1.amazonaws.com
July 18, 2016

ec2-52-5-14-12.compute-1.amazonaws.com
June 29, 2016

ec2-52-87-124-218.compute-1.amazonaws.com
June 29, 2016

ec2-54-165-125-29.compute-1.amazonaws.com
June 26, 2016

ec2-52-4-235-69.compute-1.amazonaws.com
June 26, 2016

ec2-54-165-143-255.compute-1.amazonaws.com
June 21, 2016

ec2-52-21-65-96.compute-1.amazonaws.com
June 21, 2016

ec2-54-208-124-218.compute-1.amazonaws.com
June 7, 2016

ec2-52-203-146-90.compute-1.amazonaws.com
June 6, 2016

ec2-52-87-106-50.compute-1.amazonaws.com
June 6, 2016

ec2-52-72-162-128.compute-1.amazonaws.com
June 2, 2016

ec2-52-5-57-82.compute-1.amazonaws.com
June 2, 2016

ec2-54-86-36-82.compute-1.amazonaws.com
June 2, 2016

ec2-52-203-78-46.compute-1.amazonaws.com
June 2, 2016

ec2-52-73-92-190.compute-1.amazonaws.com
May 16, 2016

ec2-52-7-74-56.compute-1.amazonaws.com
May 16, 2016

ec2-52-72-118-27.compute-1.amazonaws.com
March 8, 2016

ec2-107-21-44-249.compute-1.amazonaws.com
March 8, 2016

ec2-54-173-205-117.compute-1.amazonaws.com
February 20, 2016

ec2-52-73-185-238.compute-1.amazonaws.com
February 20, 2016

ec2-54-174-127-129.compute-1.amazonaws.com
February 16, 2016

ec2-52-72-1-193.compute-1.amazonaws.com
February 16, 2016

ec2-52-73-156-129.compute-1.amazonaws.com
February 12, 2016

ec2-54-208-254-134.compute-1.amazonaws.com
February 12, 2016

ec2-52-20-219-95.compute-1.amazonaws.com
February 1, 2016

ec2-52-2-172-115.compute-1.amazonaws.com
February 1, 2016

ec2-52-72-251-195.compute-1.amazonaws.com
February 1, 2016

ec2-52-72-181-246.compute-1.amazonaws.com
February 1, 2016

 
Showing 30 of 65 IP Addresses

File downloads found at URLs served by clic.illyx.com.

1 / 68      (Adware)

12 / 68    (PUP)

17 / 68    (PUP)

6 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (Adware)

9 / 68      (PUP)
http://clic.illyx.com/SHzE  (webplayer.exe)

16 / 68    (PUP)

7 / 68      (PUP)

 
Latest 30 of 614 download URLs

The following 6 files have been seen to comunicate with clic.illyx.com in live environments.

URL:
http://clic.illyx.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.7.9