home

en.tubebox.org

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain en.tubebox.org is registered by proxy through GoDaddy.com, LLC (R91-LROR). This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the Microsoft Corporation network.
Registrar:
GoDaddy.com, LLC (R91-LROR)

Server location:
Noord-Holland, Netherlands (NL)

ASN:
AS8075 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

Root domain:
tubebox.org

Whois:
2 tubebox.org records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Conduit.H, PUP.Installer.STMSetup.a, PUP.Conduit.Bundler, PUP.DigitainmentAG (M), PUP.Covus.Bundler.Meta (M)
100.00%

VIPRE Antivirus
Conduit, InstallCore
80.00%

Dr.Web
Adware.Conduit.6, Adware.InstallCore.386, Adware.Conduit.278
60.00%

ESET NOD32
Win32/OpenCandy, Win32/InstallCore.PZ (variant), Win32/Toolbar.Conduit.AE potentially unwanted
60.00%

Baidu Antivirus
Adware.Win32.InstallCore, Adware.Win32.Conduit
60.00%

Fortinet FortiGate
Riskware/InstallCore, Riskware/Wajam
60.00%

McAfee
Artemis!1F43026D82FA, Trojan.Artemis!D52F05E9CB41
40.00%

Malwarebytes
PUP.Optional.Conduit.A, PUP.Optional.ClientConnect
40.00%

Trend Micro House Call
TROJ_GEN.F47V1217, Suspicious_GEN.F47V0730
40.00%

K7 AntiVirus
Trojan
40.00%

AVG
Generic
40.00%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
20.00%

Panda Antivirus
Adware/Conduit
20.00%

Norman
InstallCore.CERT
20.00%

Sophos
Install Core Click run software
20.00%

The domain en.tubebox.org has been seen to resolve to the following 3 IP addresses.

65.52.128.33
xboxsoho.com
December 23, 2015

50.97.147.37
50.97.147.37-static.reverse.softlayer.com
August 17, 2014

46.163.103.180
ds46-163-103-180.dedicated.hosteurope.de
January 25, 2014

File downloads found at URLs served by en.tubebox.org.

1 / 68      (PUP)
http://en.tubebox.org/l/1/.../  (tubebox_4.3_en-us.exe)

12 / 68    (PUP)
http://en.tubebox.org/features/.../  (c3be661c0e446190c8a9f70efde396cb9e47b0c1dfdf79f690c4694758027f6f)

1 / 68      (Adware)
http://en.tubebox.org/l/201/.../  (tubebox_youtubedownloader_201_en-us.exe)

17 / 68    (Adware)
http://en.tubebox.org/features/.../  (d52f05e9cb4129997534db76a3cbed51.exe)

9 / 68      (PUP)
http://en.tubebox.org/features/.../  (tubebox.exe)

The following 9 files have been seen to comunicate with en.tubebox.org in live environments.

TCP » 65.52.128.33:80
appiance.exe (Appiance by The Appiance Authors)

TCP » 65.52.128.33:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 65.52.128.33:443
dailywiki.exe

TCP » 65.52.128.33:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 65.52.128.33:80
onlineguardian-v2.exe

TCP » 65.52.128.33:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 65.52.128.33:80
vcnews.exe

TCP » 65.52.128.33:80
Cyberfox.exe (Cyberfox by 8pecxstudios)

TCP » 65.52.128.33:80
AdMunch.exe (Ad Muncher by Murray Hurps Software Pty)

URL:
http://en.tubebox.org/

Web server:
Apache/2.2.20 (Unix) (PHP/5.4.14)

Facebook:
Likes:  6
Shares:  15
Comments:  4

Twitter:
Shares:  5

Statistics are for the previous month.

freedriverscout.com

freemium.com

piratebay.com

freepdfperfect.com

freesystemutilities.com

freeyoutubedownloadmanager.com

bav0.com

deskshare.net

dirhamexpress.net

dtptools.com

emclient.com

exitgames.com

gapotchenko.com

herningsholm.it

lumion3d.com

maxto.net

nonlinear.com

photonengine.com

seltronhome.com

serversky.no

transcriber-pro.com

unifiedremote.com

winsplit-revolution.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.