home

go.sonobi.com

Contech, LLC

Domain Information

The domain go.sonobi.com registered by Contech, LLC was initially registered in November of 2006 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
GODADDY.COM, LLC

Server location:
Oregon, United States (US)

Create date:
Wednesday, November 29, 2006

Expires date:
Sunday, November 29, 2020

Updated date:
Tuesday, November 10, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
sonobi.com

Whois:
3 sonobi.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.WebPick.Installer.Z, Adware.WebPick.Installer (M), Adware (M)
100.00%

Bkav FE
HW32.CDB, W32.HfsAdware
16.67%

MicroWorld eScan
Adware.Generic.572468, Adware.Generic.571854
16.67%

McAfee
PUP-FHQ!35B602F5EC89, PUP-FHQ!C5D41C4A0F1F
16.67%

Malwarebytes
PUP.Optional.Installex
16.67%

SUPERAntiSpyware
PUP.InstallRex/Variant, Adware.InstalleRex/Variant
16.67%

K7 AntiVirus
Unwanted-Program
16.67%

Agnitum Outpost
Adware.Generic, PUA.InstalleRex
16.67%

avast!
Win32:InstalleRex-O [PUP], Win32:InstalleRex-X [PUP]
16.67%

Kaspersky
not-a-virus:AdWare.Win32.Agent
16.67%

Bitdefender
Adware.Generic.572468, Adware.Generic.571854
16.67%

NANO AntiVirus
Riskware.Win32.Adware.crcapm, Riskware.Win32.Agent.crfila
16.67%

Emsisoft Anti-Malware
Adware.Generic.572468, Gen:Variant.Application.Bundler.InstallRex
16.67%

Comodo Security
Application.Win32.Agent.V
16.67%

Dr.Web
Adware.Downware.1166
16.67%

The domain go.sonobi.com has been seen to resolve to the following 2 IP addresses.

209.208.126.234
May 5, 2015

54.186.38.27
ec2-54-186-38-27.us-west-2.compute.amazonaws.com
April 14, 2014

File downloads found at URLs served by go.sonobi.com.

1 / 68      (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=D??s L??szl?? & Geszti P??ter A dzsungel k??nyve (musical) - Nyit??ny&sz=4508&lk=http://www.video2mp3.net/load/YouTube/b8DTOfoc600/.../  (d-�s l--szl--.exe)

1 / 68      (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=Sean Kingston - Beat It ft. Chris Brown, Wiz Khalifa&sz=3999&lk=http://www.video2mp3.net/load/YouTube/uF4tsdbj0vY/.../  (sean kingston - beat it ft. chris brown, wiz khalifa.exe)

1 / 68      (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=???? ???? - ???????? ??????????&sz=4460&lk=http://www.video2mp3.net/load/YouTube/d_T3gvahZcw/.../  (�-�- �-�- - �-�-�-�- �-�-�-�-�-.exe)

1 / 68      (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=Meet Virginia lyrics- Train&sz=3822&lk=http://www.video2mp3.net/load/YouTube/zF2BNQKoXtg/.../  (meet virginia lyrics- train.exe)

1 / 68      (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=Little Mix - Change Your Life&sz=3160&lk=http://www.video2mp3.net/load/YouTube/ifRoMGG8Wvs/.../  (little mix - change your life.exe)

1 / 68      (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=Pitbull - Get It Started ft. Shakira&sz=4200&lk=http://www.video2mp3.net/load/YouTube/q5SG7U76tls/.../  (pitbull - get it started ft. shakira.exe)

1 / 68      (Adware)
http://go.sonobi.com/?l=wp&sb=ytm&tl=Blowin' Smoke Kacey Musgraves lyrics&sz=3589&lk=http://www.youtubetomp3.com/load/YouTube/1tTK0EjTmNM/.../  (blowin' smoke kacey musgraves lyrics.exe)

1 / 68      (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=Pusha T - Numbers On The Boards (Prod. By Kanye West)&sz=2549&lk=http://www.video2mp3.net/load/YouTube/feMwG3zW7Ro/.../  (pusha t - numbers on the boards (prod. by kanye west).exe)

1 / 68      (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=cherish :amnesia **with lyrics**&sz=3521&lk=http://www.video2mp3.net/load/YouTube/mPCSHonthLs/.../  (cherish -amnesia --with lyrics--.exe)

1 / 68      (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=Wale - Bad Lyrics&sz=4031&lk=http://www.video2mp3.net/load/YouTube/Yk_yQ7kaQ5E/.../  (wale - bad lyrics.exe)

35 / 68    (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=Macklemore & Ryan Lewis - Same Love (feat. Mary Lambert) [HQ]&sz=6232&lk=http://www.video2mp3.net/load/YouTube/-7gdm3KllxA/.../  (macklemore.exe)

29 / 68    (Adware)
http://go.sonobi.com/?l=wp&sb=v2m&tl=Marinko Rokvic - Skitnica&sz=3880&lk=http://www.video2mp3.net/load/YouTube/x10ko6XPAQs/.../  (marinko rokvic - skitnica.exe)

The following 2 files have been seen to comunicate with go.sonobi.com in live environments.

TCP » 54.186.38.27:80
sysTPLService.exe (sysTPLService by Tlapia)

TCP » 54.186.38.27:80
noihcye.exe

URL:
http://go.sonobi.com/

Google Analytics:
UA-74033606

Title:
“Premium Programmatic Advertising | Sonobi”

Description:
“Sonobi is re-thinking the business of digital advertising for today's media publishers and advertisers.”

Network:
Amazon Web Services (AWS), running an EC2 instance

SSL certificate subject:
CN=*.go.sonobi.com, OU=Domain Control Validated

SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:
nginx

Facebook:
Shares:  3

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.