www.bigspeedpro.com

Somoto Ltd.  (via a Proxy Registrant)

Domain Information

The domain www.bigspeedpro.com is registered by proxy through GODADDY.COM, LLC and was originally registered in October of 2009. This domain has been seen distributing various forms of adware (some being very aggressive) directly or via bundled installations. The hosted servers are located in Haarlem, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher Somoto Ltd. who is located in Tel Aviv, Israel.
Remove Malware from www.bigspeedpro.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Saturday, October 24, 2009

Expires date:
Monday, October 24, 2016

Updated date:
Saturday, October 17, 2015

ASN:
AS60781 LEASEWEB-NL LeaseWeb B.V.,NL

Root domain:

Google Safe Browsing:
unwanted

Scanner detections:
Adware distribution

Scan engine
Details
Detections

Dr.Web
Adware.Somoto.8, Trojan.DownLoader7.7108, Trojan.KillProc.12318, Adware.Somoto.17, Adware.Somoto.16, Trojan.DownLoader9.53341, Adware.Somoto.7
57.69%

ESET NOD32
Win32/Somoto (variant), Win32/OpenCandy, Win32/Bundled.Toolbar.Ask (variant), Win32/Packed.ScrambleWrapper, Win32/DownWare, Win32/Toolbar.Conduit
53.85%

Antiy Labs AVL
Backdoor/Win32.Pex.gen, Virus/Win32.Xpaj.gen, GrayWare[AdWare:not-a-virus]/Win32.Agent, Trojan/Win32.SGeneric, Trojan[Spy]/Win32.Zbot
42.31%

Reason Heuristics
PUP.Installer.DSNR.K, PUP.BetterInstaller.Somoto.FF, PUP.Somoto.S, PUP.BetterInstaller.Somoto.L, PUP.Downloader.Frsqkq.Q, Win32.Generic
34.62%

K7 Gateway Antivirus
Unwanted-Program , Trojan
30.77%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5, PE:PUF.SmartInstaller!1.9D9A, PE:Trojan.Win32.Generic.131C35BF!320615871, PE:Trojan.Win32.Generic.14A4C4DD!346342621
30.77%

Trend Micro House Call
TROJ_GE.099113DA, PAK_Generic.001, TROJ_GEN.R0CBH05KK13, TROJ_GEN.F47V0127, TROJ_GEN.F47V0321, TROJ_GEN.R0CBH07CI14, Suspicious_GEN.F47V0722
26.92%

K7 AntiVirus
Unwanted-Program , Trojan
23.08%

Fortinet FortiGate
Riskware/Sim, Riskware/Somoto
23.08%

VIPRE Antivirus
BetterInstaller, Adware.Agent, GamePlayLabs
23.08%

Panda Antivirus
Adware/MultiToolbar, PUP/MultiToolbar.A, PUP/Conduit.A
23.08%

McAfee
Artemis!12EAF2169105, Artemis!386A86EF4B85, Artemis!F236C9F24BFC, Artemis!C3CC961D429C, Artemis!41FFD179AF78
19.23%

Malwarebytes
PUP.Optional.Somoto, PUP.Optional.Somoto.A
19.23%

avast!
Win32:Somoto-B [PUP], Win32:Somoto-F [PUP], Win32:Crossrider-C [PUP]
19.23%

McAfee Web Gateway
Artemis!12EAF2169105, Artemis!386A86EF4B85, Artemis!F236C9F24BFC, Artemis!C3CC961D429C
19.23%

The domain www.bigspeedpro.com has been seen to resolve to the following 5 IP addresses.

May 4, 2015

May 3, 2015

January 4, 2014

November 16, 2013

August 4, 2013

File downloads found at URLs served by www.bigspeedpro.com.

6 / 68      (Adware)

20 / 68    (Adware)

1 / 68      (Adware)

9 / 68      (PUP)
http://www.bigspeedpro.com/mirror/.../LuckySavingsV3.exe  (5553d15c3291cad9adf3bc588f3e2d36)

8 / 68      (Malware)

3 / 68      (inconclusive)

5 / 68      (inconclusive)

3 / 68      (PUP)
http://www.bigspeedpro.com/mirror/.../allcdcovers.exe  (40cea2fecbb4177a52ecb47a8bc277e6)

4 / 68      (inconclusive)

3 / 68      (inconclusive)

1 / 68      (inconclusive)

3 / 68      (PUP)
http://www.bigspeedpro.com/mirror/.../cdcovers.exe  (d7ad25c0266c9d43353db1b13146646b)

23 / 68    (Adware)

17 / 68    (Adware)
http://www.bigspeedpro.com/mirror/.../pivot_setup.exe  (6e2f181b37228c934caa2eb478dca6cb)

 
Latest 30 of 49 download URLs

URL:
http://www.bigspeedpro.com/

SSL certificate subject:
CN=bigspeedpro.com, OU=PositiveSSL, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx

Facebook:
Likes:  26
Shares:  22
Comments:  30

Statistics are for the previous month.

Remove Malware from www.bigspeedpro.com - Powered by Reason Core Security