home

ttb.thefilesbox.com

WHOIS PRIVACY PROTECTION SERVICE, INC.  (Proxy Registrant)

Domain Information

The domain ttb.thefilesbox.com is registered by proxy through ENOM, INC. and was originally registered in March of 2016. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
ENOM, INC.

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Sunday, March 13, 2016

Expires date:
Monday, March 13, 2017

Updated date:
Monday, March 28, 2016

Root domain:
thefilesbox.com

Whois:
2 thefilesbox.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.PluginUpdateSL.F, PUP.Installer.Softpulse, PUP.Softpulse, PUP.Bundler.Softpulse, PUP.Softpulse.PluginUpdate.Bundler (M), PUP.Softpulse.PluginUp.Bundler (M), PUP.Softpulse (M)
100.00%

Dr.Web
Trojan.Domaiq.57, Trojan.DownLoader11.60009, Trojan.Domaiq.54, Trojan.Domaiq.102
75.00%

ESET NOD32
Win32/SoftPulse.U potentially unwanted application, Win32/SoftPulse.V potentially unwanted application
66.67%

F-Secure
Gen:Variant.Adware.Graftor.170434, Riskware.Application.Bundler.DomaIQ, Gen:Variant.Adware.Kazy
66.67%

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.170434, Application.Bundler.DomaIQ.V, Gen:Variant.Adware.Kazy.494185
66.67%

VIPRE Antivirus
Threat.4150696, Threat.5064683
66.67%

Clam AntiVirus
Win.Adware.Agent-34581, Win.Adware.Multiplug-33061
66.67%

McAfee
Program.SoftPulse
66.67%

Sophos
PUA 'SoftPulse' (of type Adware)
66.67%

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse, Trojan.Win32.Agent
66.67%

Bkav FE
W32.HfsAdware
66.67%

MicroWorld eScan
Gen:Variant.Adware.Symmi.49537, Gen:Variant.Adware.Graftor.170434
66.67%

Malwarebytes
PUP.Optional.Plugin, PUP.Optional.SoftPulse
66.67%

K7 AntiVirus
Unwanted-Program
66.67%

Bitdefender
Gen:Variant.Adware.Symmi.49537, Gen:Variant.Adware.Graftor.170434
66.67%

The domain ttb.thefilesbox.com has been seen to resolve to the following 3 IP addresses.

213.247.47.190
May 29, 2016

185.53.178.7
April 10, 2016

92.242.140.21
unallocated.barefruit.co.uk
May 4, 2015

File downloads found at URLs served by ttb.thefilesbox.com.

1 / 68      (Adware)
http://ttb.thefilesbox.com/download/request/.../VzPtIfRl?PubID=79_4573_3703&ClickID=9236134495  (flash player v 12 14 2 1.exe)

1 / 68      (Adware)
http://ttb.thefilesbox.com/download/request/.../VzPtIfRl?PubID=79_4573_3703&ClickID=9235892161  (flash player v 12 14 2 1.exe)

1 / 68      (Adware)
http://ttb.thefilesbox.com/download/request/.../VzPtIfRl?PubID=79_4573_3703&ClickID=9246382706  (install flashplayer15x32 15 0 1.exe)

33 / 68    (Adware)
http://ttb.thefilesbox.com/download/request/.../VzPtIfRl?PubID=79_4573_3703&ClickID=9226882161  (flash player v 12 14 2 1.exe)

1 / 68      (Adware)
http://ttb.thefilesbox.com/download/request/.../VzPtIfRl?PubID=79_4573_3703&ClickID=9235424810  (flash player v 12 14 2 1.exe)

34 / 68    (Adware)
http://ttb.thefilesbox.com/download/request/.../wxX75Z7P?PubID=79_3527_3100&ClickID=9364605382  (setup.exe)

30 / 68    (Adware)
http://ttb.thefilesbox.com/download/request/.../wxX75Z7P?PubID=79_3527_3100&ClickID=9322975511  (setup.exe)

30 / 68    (Adware)
http://ttb.thefilesbox.com/download/request/.../wxX75Z7P?PubID=79_3527_3100&ClickID=9322974787  (setup.exe)

30 / 68    (Adware)
http://ttb.thefilesbox.com/download/request/.../wxX75Z7P?PubID=79_3527_3100&ClickID=9348348555  (setup.exe)

34 / 68    (Adware)
http://ttb.thefilesbox.com/download/request/.../wxX75Z7P?PubID=79_3527_3100&ClickID=9241523939  (setup.exe)

31 / 68    (Adware)
http://ttb.thefilesbox.com/download/request/.../wxX75Z7P?PubID=79_3527_3100&ClickID=9246226539  (setup.exe)

34 / 68    (Adware)
http://ttb.thefilesbox.com/download/request/.../VzPtIfRl?PubID=79_4573_3703&ClickID=9235879242  (flash player v 12 14 2 1.exe)

The following 232 files have been seen to comunicate with ttb.thefilesbox.com in live environments.

TCP » 92.242.140.21:80
smelled.exe (Smelled)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
marini.exe (Marini)

TCP » 92.242.140.21:443
client.exe (ClientWrapper)

TCP » 92.242.140.21:80
thebrowser.exe (TheBrowser by Goobzo)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:443
WindowService.exe (WindowService)

TCP » 92.242.140.21:443
ciuninstall.exe

TCP » 92.242.140.21:1866
jutched.exe

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
masterupdater.exe

TCP » 185.53.178.7:80
adobe_flash_player_chrome.crx

TCP » 185.53.178.7:443
translategenius.crx

TCP » 92.242.140.21:80
pricemeterexpress.crx

TCP » 92.242.140.21:80
chrome.crx

TCP » 92.242.140.21:80
app-center.crx

TCP » 92.242.140.21:80
ntp.crx

TCP » 92.242.140.21:80
3dayinvite.crx

TCP » 92.242.140.21:80
twitter.crx

TCP » 92.242.140.21:80
viewlater.crx

 
Latest 20 of 232 files

URL:
http://ttb.thefilesbox.com/

Title:
“thefilesbox.com”

Web server:
nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.