home

i1.installbox2.info

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain i1.installbox2.info is registered by proxy through GoDaddy.com, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
GoDaddy.com, LLC

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
installbox2.info

Whois:
1 installbox2.info record

Scanner detections:
Detections  (86% detected)

Scan engine
Details
Detections

XVirus List
Win.Detected
71.43%

Bkav FE
W32.Clod46e.Trojan, W32.Clod364.Trojan, W32.Clodd3f.Trojan, HW32.FilDoer
57.14%

MicroWorld eScan
Adware.Agent.NRJ, Adware.Generic.545897, Win32/Adware.SpeedingUpMyPC.A, Win32/InstalleRex.H.Gen
57.14%

McAfee
Artemis!38F61D046E57, Artemis!1A6B07B7220F, RDN/Generic PUP.x!bu
57.14%

Trend Micro House Call
TROJ_GEN.R0CBH0AHR13, ADW_SPROTECT, TROJ_GEN.F47V0501, ADW_BHO
57.14%

Dr.Web
Adware.BGuard.11, Adware.Downware.851, Adware.Searcher.2436
57.14%

VIPRE Antivirus
Sprotector, Trojan.Win32.Generic
57.14%

Reason Heuristics
Unnamed.Threat.19, Unnamed.Threat.25, Threat.Win.Reputation, PUP.Optional.SubeoTech.V
57.14%

ESET NOD32
Win32/Duckegg, Win32/Adware.SpeedingUpMyPC (variant), Win32/InstalleRex, Win32/Toolbar.GadgetBox.C potentially unwanted (variant)
57.14%

Malwarebytes
PUP.Optional.SProtect.A, PUP.Optional.OptimizePro.A
42.86%

K7 AntiVirus
Riskware
42.86%

avast!
NSIS:SProtector-A [PUP], Win32:InstalleRex-M [PUP]
42.86%

Sophos
Generic PUA BD, BProtector, Mal/Generic-S
42.86%

Trend Micro
ADW_SPROTECT, ADW_BHO
42.86%

Emsisoft Anti-Malware
Adware.Agent.NRJ, Adware.Generic.545897, Adware.Win32.SpeedingUpMyPC.AMN
42.86%

The domain i1.installbox2.info has been seen to resolve to the following IP address.

54.186.53.99
ec2-54-186-53-99.us-west-2.compute.amazonaws.com
April 16, 2016

File downloads found at URLs served by i1.installbox2.info.

14 / 68    (PUP)
http://i1.installbox2.info/.../alnaddytoolbar_east.exe  (ows.exe)

1 / 68
http://i1.installbox2.info/.../ncdownloader.exe  (605bf1b5717ad12eaa646b518736f755)

14 / 68    (PUP)
http://i1.installbox2.info/.../optimizerpro_ala9.exe  (optimizerproinstaller.exe)

22 / 68    (PUP)
http://i1.installbox2.info/addons/.../search_defender_166.exe  (assistant_v3.exe)

17 / 68    (PUP)
http://i1.installbox2.info/.../agent_setup.exe  (a8d875d352c4933627da339b54ca2ef4)

19 / 68    (PUP)
http://i1.installbox2.info/addons/.../search_defender_alternate_166.exe  (102a308197d8ff05ce2b775cf4bff0c7)

6 / 68      (Malware)
http://i1.installbox2.info/.../duckegg.exe  (fastdownload.exe)

The following file have been seen to comunicate with i1.installbox2.info in live environments.

TCP » 54.186.53.99:80
fl studio 11 producer edition registry crck.rar.exe (StarApp)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.