home

download.easyspeedpc.net

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain download.easyspeedpc.net is registered by proxy through GODADDY.COM, LLC and was originally registered in December of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Wednesday, December 26, 2012

Expires date:
Monday, December 26, 2016

Updated date:
Sunday, December 20, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
easyspeedpc.net

Whois:
2 easyspeedpc.net records

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Dr.Web
Trojan.DownLoader11.50357, Trojan.DownLoader12.46104, Trojan.DownLoader12.18017, Trojan.DownLoader12.20853, Trojan.Siggen6.33552
65.22%

avast!
Win32:PUP-gen [PUP], Win32:Malware-gen, Win32:Dropper-gen [Drp]
56.52%

ESET NOD32
Win32/SpeedingUpMyPC.R application
52.17%

Reason Heuristics
PUP.Optional.ProbitSoftware, Win32.Generic.Installer.Meta, (M), PUP.Probit.Optional.Installer.Meta (L)
32.61%

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic, not-a-virus:Downloader.NSIS.Agent, UDS:DangerousObject.Multi.Generic
28.26%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, Downloader.Agent
19.57%

ESET NOD32
Win32/SpeedingUpMyPC
19.57%

VIPRE Antivirus
Threat.4150696, Trojan.Win32.Generic
19.57%

AhnLab V3 Security
PUP/Win32.SpdUpMyPC
17.39%

McAfee
Artemis!07D9976CBC3F, Artemis!2031773DB239, Artemis!E4B25FF31CF2, Artemis!371D66BF58F3, Artemis!6EB4E1C19817, Artemis!E368DE9ADA19
15.22%

NANO AntiVirus
Trojan.Nsis.Downloader.dpxzgr
15.22%

Malwarebytes
PUP.Optional.EasySpeedPC.A
13.04%

Baidu Antivirus
Trojan.Win32.Downloader, Trojan.Win32.SpeedingUpMyPC, Hacktool.NSIS.Agent, PUA.Win32.SpeedingUpMyPC
13.04%

Fortinet FortiGate
Riskware/SpeedingUpMyPC
13.04%

Sophos
Generic PUA JM, Generic PUA GO, Generic PUA AD (PUA), Generic PUA CG (PUA), Generic PUA DL (PUA)
10.87%

The domain download.easyspeedpc.net has been seen to resolve to the following 233 IP addresses.

54.230.193.151
server-54-230-193-151.iad53.r.cloudfront.net
September 15, 2016

54.230.193.145
server-54-230-193-145.iad53.r.cloudfront.net
September 15, 2016

54.230.193.92
server-54-230-193-92.iad53.r.cloudfront.net
September 15, 2016

54.230.193.87
server-54-230-193-87.iad53.r.cloudfront.net
September 15, 2016

54.230.193.66
server-54-230-193-66.iad53.r.cloudfront.net
September 15, 2016

54.230.193.30
server-54-230-193-30.iad53.r.cloudfront.net
September 15, 2016

54.230.193.22
server-54-230-193-22.iad53.r.cloudfront.net
September 15, 2016

54.230.193.6
server-54-230-193-6.iad53.r.cloudfront.net
September 15, 2016

52.84.125.248
server-52-84-125-248.iad16.r.cloudfront.net
August 29, 2016

52.84.125.149
server-52-84-125-149.iad16.r.cloudfront.net
August 29, 2016

52.84.125.73
server-52-84-125-73.iad16.r.cloudfront.net
August 22, 2016

52.84.125.219
server-52-84-125-219.iad16.r.cloudfront.net
August 22, 2016

52.84.125.204
server-52-84-125-204.iad16.r.cloudfront.net
August 22, 2016

52.84.125.104
server-52-84-125-104.iad16.r.cloudfront.net
August 22, 2016

54.192.19.64
server-54-192-19-64.iad12.r.cloudfront.net
August 20, 2016

54.192.19.9
server-54-192-19-9.iad12.r.cloudfront.net
August 20, 2016

54.192.19.251
server-54-192-19-251.iad12.r.cloudfront.net
August 20, 2016

54.192.19.216
server-54-192-19-216.iad12.r.cloudfront.net
August 20, 2016

54.192.19.200
server-54-192-19-200.iad12.r.cloudfront.net
August 20, 2016

54.192.19.134
server-54-192-19-134.iad12.r.cloudfront.net
August 20, 2016

54.192.19.122
server-54-192-19-122.iad12.r.cloudfront.net
August 20, 2016

54.192.19.76
server-54-192-19-76.iad12.r.cloudfront.net
August 20, 2016

52.84.125.19
server-52-84-125-19.iad16.r.cloudfront.net
July 24, 2016

52.84.125.14
server-52-84-125-14.iad16.r.cloudfront.net
July 24, 2016

52.84.125.190
server-52-84-125-190.iad16.r.cloudfront.net
July 24, 2016

52.84.125.180
server-52-84-125-180.iad16.r.cloudfront.net
July 24, 2016

52.84.125.62
server-52-84-125-62.iad16.r.cloudfront.net
July 24, 2016

52.84.125.29
server-52-84-125-29.iad16.r.cloudfront.net
July 24, 2016

52.84.125.253
server-52-84-125-253.iad16.r.cloudfront.net
July 19, 2016

52.84.125.234
server-52-84-125-234.iad16.r.cloudfront.net
July 19, 2016

 
Showing 30 of 233 IP Addresses

File downloads found at URLs served by download.easyspeedpc.net.

1 / 68      (PUP)
http://download.easyspeedpc.net/publishers/9/.../EasySpeedPC.exe  (da75b1579709a9b1a709f2053d83a58f)

5 / 68      (PUP)
http://download.easyspeedpc.net/publishers/47/.../EasySpeedPC.exe  (3194c3b39cd8fa3b8f628d93a83eb697)

1 / 68      (PUP)
http://download.easyspeedpc.net/publishers/63/.../EasySpeedPC.exe  (5d9f340b5010c07b645874dfac80067a)

15 / 68    (PUP)
http://download.easyspeedpc.net/publishers/44/.../EasySpeedPC.exe  (2031773db23963cf57e28cd239530904)

4 / 68      (PUP)
http://download.easyspeedpc.net/publishers/26/.../EasySpeedPC.exe  (e35ed0c90010b20195b8232d39ed84ab)

1 / 68      (PUP)
http://download.easyspeedpc.net/publishers/16/.../EasySpeedPC.exe  (1ab12rn6.exe)

The following 295 files have been seen to comunicate with download.easyspeedpc.net in live environments.

TCP » 52.84.125.173:443
Client.exe

TCP » 54.192.195.32:443
online-guardian-v2.0.9.exe

TCP » 54.192.195.204:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.195.78:443
online-guardian-v2.0.9.exe

TCP » 54.192.19.156:80
yacqq.exe

TCP » 54.192.195.204:443
online-guardian-v2.0.9.exe

TCP » 54.192.19.134:80
cfhelp55.exe

TCP » 54.192.19.251:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.156:443
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.195.111:443
online-guardian-v2.0.9.exe

TCP » 52.85.142.214:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.122:80
browser.exe (Browser)

TCP » 54.192.19.9:80
ed2k.exe (aMuleall by http://www.amuleall.org/)

TCP » 52.85.142.103:80
se.exe

TCP » 54.192.19.156:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.192.19.156:80
saber.exe

TCP » 54.192.19.79:80
browser.exe (Browser)

TCP » 54.192.195.78:443
apptrailers.exe

TCP » 54.192.19.156:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.19.175:443
online-guardian-v2.0.9.exe

 
Latest 20 of 701 files

URL:
http://download.easyspeedpc.net/

Network:
Amazon Cloudfront

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.