This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrant:
Bill Stanbrook
Registrar:
GoDaddy.com, LLC
Server location:
Virginia, United States (US)
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Bundler.Somoto, PUP.Somoto.Bundler, PUP.Somoto.SiteonSpot.Bundler (M), Adware.Somoto.Installer.Meta (M), PUP.Somoto.SiteonSp.Bundler (M), Adware.Somoto (M)
95.74%
AVG
Potentially harmful program Downloader.DTV, AdLoad.R
17.02%
Baidu Antivirus
Adware.Win32.Somoto
17.02%
Panda Antivirus
Trj/Genetic.gen, Trj/CI.A
17.02%
VIPRE Antivirus
Threat.4150696, Trojan.Win32.Generic
14.89%
Dr.Web
Adware.Somoto.131, Adware.Somoto.128, Threat.Undefined
14.89%
Quick Heal
Adware.NSIS.BetterInstaller.A
14.89%
K7 AntiVirus
Trojan
14.89%
NANO AntiVirus
Riskware.Nsis.Adware.dpwuzb, Trojan.Win32.Agent.dtledk
14.89%
Clam AntiVirus
Win.Adware.Somoto
14.89%
Kaspersky
not-a-virus:Downloader.Win32.Somato, not-a-virus:Downloader.NSIS.AdLoad
14.89%
Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen, HEUR/QVM42.1.Malware.Gen, Win32/Virus.Downloader.912, Win32/Virus.Downloader.78b
10.64%
Bkav FE
W32.HfsAdware
8.51%
Trend Micro House Call
TROJ_GEN.R0C1H07DI15, TROJ_GEN.R08NH07DI15, TROJ_GEN.F0C2C00CO15, TROJ_GEN.R00GH07DN15
8.51%
AhnLab V3 Security
PUP/Win32.Somoto
8.51%
The domain sub.goveba.info has been seen to resolve to the following 26 IP addresses.
ip-50-63-202-41.ip.secureserver.net
May 17, 2016
gator4252.hostgator.com
April 4, 2016
server-54-240-160-95.iad12.r.cloudfront.net
August 11, 2015
server-54-240-160-93.iad12.r.cloudfront.net
August 11, 2015
server-54-240-160-43.iad12.r.cloudfront.net
August 11, 2015
server-54-240-160-34.iad12.r.cloudfront.net
August 11, 2015
server-54-240-160-28.iad12.r.cloudfront.net
August 11, 2015
server-54-240-160-200.iad12.r.cloudfront.net
August 11, 2015
server-54-240-160-180.iad12.r.cloudfront.net
August 11, 2015
server-54-240-160-112.iad12.r.cloudfront.net
August 11, 2015
server-54-230-193-149.iad53.r.cloudfront.net
July 1, 2015
server-54-230-192-9.iad53.r.cloudfront.net
July 1, 2015
server-54-192-194-222.iad53.r.cloudfront.net
July 1, 2015
server-54-192-194-33.iad53.r.cloudfront.net
July 1, 2015
server-54-192-192-10.iad53.r.cloudfront.net
July 1, 2015
server-54-239-152-145.iad53.r.cloudfront.net
July 1, 2015
server-54-239-152-78.iad53.r.cloudfront.net
July 1, 2015
server-54-230-195-119.iad53.r.cloudfront.net
July 1, 2015
server-54-192-55-178.jfk6.r.cloudfront.net
May 5, 2015
server-54-192-55-192.jfk6.r.cloudfront.net
May 5, 2015
server-54-230-53-79.jfk6.r.cloudfront.net
May 5, 2015
server-54-230-52-105.jfk6.r.cloudfront.net
May 5, 2015
server-54-230-52-158.jfk6.r.cloudfront.net
May 5, 2015
server-54-230-52-85.jfk6.r.cloudfront.net
May 5, 2015
server-54-192-55-134.jfk6.r.cloudfront.net
May 5, 2015
server-54-230-52-95.jfk6.r.cloudfront.net
May 5, 2015
File downloads found at URLs served by sub.goveba.info.
Latest 30 of 51 download URLs
The following 96 files have been seen to comunicate with sub.goveba.info in live environments.
URL:
http://sub.goveba.info/
Title:
“404 - PAGE NOT FOUND”
Network:
Amazon Cloudfront