softs.illyx.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain softs.illyx.com is registered by proxy through GODADDY.COM, LLC and was originally registered in October of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Quebec, Canada (CA)

Create date:
Tuesday, October 11, 2011

Expires date:
Tuesday, October 11, 2016

Updated date:
Monday, January 11, 2016

ASN:
AS16276 OVH OVH SAS,FR

Root domain:

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Kreapixel.L, PUP.Win.Reputation, PUP.Kreapixel.I, PUP.Kreapixel.J, PUP.VisualTools.H, Threat.Win.Reputation.IMP, PUP.Installer.Kreapixel.J, (M), PUP.LiMo.L, PUP.ELEX.SkytouchTechnologyCo (M), PUP.Kreapixel.KreapixelNetwork.Installer (M), PUP.Kreapixel (M), PUP.Kreapixel.Installer (M), PUP.Babylon.Banylon (M), PUP.Sien.SIENSA.Bundler (M)
72.00%

Jiangmin
Backdoor/Poison.ailg, Trojan/Reconyc.as, Trojan/Agent.kfiu, TrojanDownloader.Genome.adth
46.00%

Trend Micro House Call
TROJ_GEN.F47V0112, TROJ_GEN.F47V0810, TROJ_GEN.F47V0817, TROJ_GEN.F47V0115, TROJ_GEN.F47V0318, TROJ_GEN.R0CBH07CA14, TROJ_GEN.F47V0323, TROJ_GEN.R0C1H07GL14, Suspicious_GEN.F47V0613
40.00%

Dr.Web
infected with Trojan.Crossrider.20, Trojan.Crossrider.9, Adware.Downware.1119, Trojan.StartPage.56734, BackDoor.Cybergate.1, Trojan.DownLoader11.31719
36.00%

ESET NOD32
Win32/Packed.ScrambleWrapper, Win32/Toolbar.Babylon (variant), Win32/AdWare.Illyx, Win32/Packed.Autoit, Win32/GameTool.BB, Win32/Reporter
36.00%

McAfee Web Gateway
Artemis!40987D8303F1, Artemis!DE23430525E1, Artemis!F8C6783990B3, Artemis!37BD65F12E99, RDN/Generic PUP.x!cgl, Artemis!E5500FE1B8A2
36.00%

McAfee
Artemis!40987D8303F1, Artemis!DE23430525E1, Artemis!F8C6783990B3, Artemis!37BD65F12E99, RDN/Generic PUP.x!cgl, Artemis!E5500FE1B8A2, Artemis!E2E8ACB2FB07
34.00%

avast!
Win32:Dropper-gen [Drp], Win32:Adware-BLN [Adw], Win32:Adware-gen [Adw], Win32:Malware-gen
32.00%

Baidu Antivirus
Trojan.Win32.Autoit, Adware.Win32.Illyx, Trojan.Win32.Hacktool.bAutoit, Trojan.Win32.Reporter, Trojan.Win32.WPM
32.00%

G Data
Win32.Application.KreaPixWebplayer, Trojan.GenericKD.1602076, Trojan.Generic.11392997, Trojan.Generic.11331711, Trojan.Generic.11454846
30.00%

Qihoo 360 Security
Win32/Trojan.Dropper.0c3, HEUR/Malware.QVM11.Gen, HEUR/Malware.QVM20.Gen, Win32/Virus.Downloader.565, Win32/Trojan.c22, HEUR/QVM10.1.Malware.Gen
28.00%

Kaspersky
not-a-virus:HEUR:AdWare.NSIS.Adwapper, Trojan.Win32.Autoit, Trojan-Dropper.Win32.FrauDrop, Trojan-Downloader.Win32.Genome
26.00%

Sophos
Kreapixel, Mal/Generic-S, Generic PUA MF, Install Core Click run software, Generic PUA EO, Generic PUA DN (PUA)
26.00%

MicroWorld eScan
Trojan.GenericKD.1602076, Trojan.Generic.11392997, Trojan.Generic.11331711, Trojan.Generic.11454846, Trojan.Generic.11592563, Trojan.Generic.11447063, Trojan.AutoIt.BWM, Trojan.GenericKD.1798499, Worm.Generic.535441, Trojan.GenericKD.1748274
26.00%

F-Secure
Trojan.GenericKD.1602076, Trojan.Generic.11392997, Trojan.Generic.11331711, Trojan.Generic.11454846, Trojan.Generic.11592563
26.00%

The domain softs.illyx.com has been seen to resolve to the following 3 IP addresses.

ns517839.ip-192-99-47.net
February 1, 2016

December 26, 2013

December 26, 2013

File downloads found at URLs served by softs.illyx.com.

22 / 68    (PUP)
http://softs.illyx.com/setup/ressources/.../webplayer.exe  (095a1a3e731c19f8fb6381d1fef3b2f8)

1 / 68      (Adware)

4 / 68      (Malware)

9 / 68      (Malware)

1 / 68      (PUP)

12 / 68    (Malware)
http://softs.illyx.com/.../launcher.exe  (250b6197b9480584371410ccadc9d1e6)

31 / 68    (PUP)

3 / 68      (Malware)

32 / 68    (PUP)
http://softs.illyx.com/task/.../launcher.exe  (56aea581ec99798c16ef31a922137064)

1 / 68      (Adware)
http://softs.illyx.com/.../DeltaTB.exe  (d62876c1db5234f6039a3e2d09532684)

2 / 68      (PUP)

5 / 68      (PUP)
http://softs.illyx.com/task/.../launcher.exe  (e7fd552520d1daccb995ab9e80c30cad)

2 / 68      (Malware)

URL:
http://softs.illyx.com/

Web server:
Apache/2.4.10 (Debian)