home

files.vbox.me

Runar Buvik

Domain Information

The domain files.vbox.me registered by Runar Buvik was initially registered in November of 2008 through OnlineNIC, Inc. R115-ME. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the Sago Networks network.
Registrar:
OnlineNIC, Inc. R115-ME (82)

Server location:
Illinois, United States (US)

Create date:
Thursday, November 6, 2008

Expires date:
Sunday, November 6, 2016

Updated date:
Monday, August 24, 2015

ASN:
AS21840 SAGONET-TPA - Sago Networks

Root domain:
vbox.me

Whois:
3 vbox.me records

Scanner detections:
Detections  (91% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.InstallAssistant
100.00%

Trend Micro House Call
TROJ_GEN.F47V1208, TROJ_GEN.F47V0204, Suspicious_GEN.F47V1113, Suspicious_GEN.F47V0424, Suspicious_GEN.F47V0602
50.00%

McAfee
Artemis!9F75DDB7087E
10.00%

The domain files.vbox.me has been seen to resolve to the following IP address.

64.16.198.18
64-16-198-18.static.sagonet.net
February 14, 2014

File downloads found at URLs served by files.vbox.me.

1 / 68      (PUP)
http://files.vbox.me/.../Portable-VirtualBox_v5.0.22-Starter_v6.4.10-Win_all.exe  (0a35942abc3b1a60f10922ad37e8d3fa)

1 / 68      (PUP)
http://files.vbox.me/.../Portable-VirtualBox_v5.0.2-Starter_v6.4.9-Win_all.exe  (cf6638fd22950a34e498147662aad99d)

1 / 68      (PUP)
http://files.vbox.me/.../Portable-VirtualBox_v5.0.16-Starter_v6.4.10-Win_all.exe  (811fcbcbe10d9e2c6cabbbbb4b27b34c)

0 / 68
http://files.vbox.me/.../Portable-VirtualBox_v5.0.8-Starter_v6.4.10-Win_all.exe  (44aa741dad3b06f822bc4e251efac723)

2 / 68      (PUP)
http://files.vbox.me/.../Portable-VirtualBox_v4.3.28-Starter_v6.4.9-Win_all.exe  (30502c98ca246e4d885ddef66ff35b5b)

1 / 68      (PUP)
http://files.vbox.me/.../Portable-VirtualBox_v4.1.4-Starter_v6.4.7-Win_all.exe  (d780ba72c15ea8975e3e78d3a4f0dffe)

2 / 68      (PUP)
http://files.vbox.me/.../Portable-VirtualBox_v4.3.26-Starter_v6.4.9-Win_all.exe  (e37fb1d408d3857fbdba1032d5f320af)

3 / 68      (PUP)
http://files.vbox.me/.../Portable-VirtualBox_v4.3.18-Starter_v6.4.9-Win_all.exe  (f_000126)

2 / 68      (PUP)
http://files.vbox.me/.../Portable-VirtualBox_v4.3.6-Starter_v6.4.9-Win_all.exe  (4d9bb2e7fc40d0cdbeba625b7b633bf2)

1 / 68      (PUP)
http://files.vbox.me/.../Portable-VirtualBox_v4.2.4-Starter_v6.4.9-Win_all.exe  (a2e2db132c0088cfa8a983e27b11bf6c)

2 / 68      (PUP)
http://files.vbox.me/.../Portable-VirtualBox_v4.3.4-Starter_v6.4.9-Win_all.exe  (9436b67d2017ad772e748220c96ae93b)

The following file have been seen to comunicate with files.vbox.me in live environments.

TCP » 64.16.198.18:80
portable-virtualbox.exe

URL:
http://files.vbox.me/

Web server:
Apache/2.2.15 (CentOS)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.