home

tubebox.org

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain tubebox.org is registered by proxy through GoDaddy.com, LLC (R91-LROR). This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the Microsoft Corporation network.
Registrar:
GoDaddy.com, LLC (R91-LROR)

Server location:
Noord-Holland, Netherlands (NL)

ASN:
AS8075 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

Whois:
2 tubebox.org records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.DigitainmentAG.I, PUP.DigitainmentAG.a, PUP.Immanita (M)
100.00%

VIPRE Antivirus
Threat.4890059, Threat.4150696
75.00%

ESET NOD32
Win32/DownloadGuide.A potentially unwanted application
75.00%

AVG
Adware Generic_r.OA, Adware Generic_r.OC
75.00%

F-Secure
Adware:W32/Buzzrin
75.00%

IKARUS anti.virus
PUA.Win32.DownloadGuide, PUA.DownloadGuide
50.00%

Dr.Web
Adware.Downware.6044
50.00%

Agnitum Outpost
Riskware.Agent
50.00%

Avira AntiVirus
APPL/DownloadGuide.Gen2
50.00%

avast!
Win32:DownloadGuide-B [PUP]
25.00%

Malwarebytes
PUP.Optional.Breitschopp
25.00%

Total Defense
Win32/Tnega.cWXNWCD
25.00%

herdProtect (fuzzy)
a variant of 6e90237ca64d2deeaaaa75776a82ff648395b38f
25.00%

Qihoo 360 Security
Malware.QVM06.Gen
25.00%

McAfee
Trojan.Artemis!C900A607A960
25.00%

The domain tubebox.org has been seen to resolve to the following 3 IP addresses.

65.52.128.33
xboxsoho.com
December 31, 2014

50.97.147.37
50.97.147.37-static.reverse.softlayer.com
August 17, 2014

46.163.103.180
ds46-163-103-180.dedicated.hosteurope.de
January 25, 2014

File downloads found at URLs served by tubebox.org.

1 / 68      (Adware)
http://tubebox.org/features/.../  (tubebox_4.4_de-de.exe)

9 / 68      (Adware)
http://tubebox.org/features/.../  (tubebox5.exe)

12 / 68    (Adware)
http://tubebox.org/features/.../  (ec3138e4bc2427795a0fed280e2d0af0.exe)

9 / 68      (Adware)
http://tubebox.org/features/.../  (tubebox5.exe)

The following 9 files have been seen to comunicate with tubebox.org in live environments.

TCP » 65.52.128.33:80
appiance.exe (Appiance by The Appiance Authors)

TCP » 65.52.128.33:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 65.52.128.33:443
dailywiki.exe

TCP » 65.52.128.33:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 65.52.128.33:80
onlineguardian-v2.exe

TCP » 65.52.128.33:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 65.52.128.33:80
vcnews.exe

TCP » 65.52.128.33:80
Cyberfox.exe (Cyberfox by 8pecxstudios)

TCP » 65.52.128.33:80
AdMunch.exe (Ad Muncher by Murray Hurps Software Pty)

January 25, 2014
en.tubebox.org

URL:
http://tubebox.org/

Title:
“Tubebox - Download kostenlos -Free Video Converter”

Description:
“Kostenloser Video Converter und Downloader für legalen Musik Download geeignet! Free Youtube Converter - Youtube to mp3 auf Knopfdruck.”

Web server:
Apache/2.2.20 (Unix) (PHP/5.4.14)

freedriverscout.com

freemium.com

piratebay.com

freepdfperfect.com

freesystemutilities.com

freeyoutubedownloadmanager.com

bav0.com

deskshare.net

dirhamexpress.net

dtptools.com

emclient.com

exitgames.com

gapotchenko.com

herningsholm.it

lumion3d.com

maxto.net

nonlinear.com

photonengine.com

seltronhome.com

serversky.no

transcriber-pro.com

unifiedremote.com

winsplit-revolution.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.