www.bigspeedpro.com

Somoto Ltd.  (via a Proxy Registrant)

Domain Information

The domain www.bigspeedpro.com is registered by proxy through GODADDY.COM, LLC and was originally registered in October of 2009. This domain has been seen distributing various forms of adware (some being very aggressive) directly or via bundled installations. The hosted servers are located in Haarlem, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher Somoto Ltd. who is located in Tel Aviv, Israel.
Registrar:
GODADDY.COM, LLC

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Saturday, October 24, 2009

Expires date:
Monday, October 24, 2016

Updated date:
Saturday, October 17, 2015

ASN:
AS60781 LEASEWEB-NL LeaseWeb B.V.,NL

Root domain:

Google Safe Browsing:
unwanted

Scanner detections:
Adware distribution

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallX.Bundle, PUP.Installer.Somoto.O, PUP.Installer.DSNR.K, (M), PUP.Somoto.S, PUP.Crossrider.Bwqjlhi.Installer.Meta (M), Win32.Generic, PUP.Crossrider.Nero.Installer.Meta (M), PUP.Downloader.Vzbxxyf.Installer (M), PUP.Downloader.Installer (M)
60.00%

Dr.Web
Adware.Somoto.16, Tool.InstallToolbar.107, Adware.Somoto.4, Trojan.Crossrider.41, Trojan.DownLoader9.53341, Adware.Toolbar.26
36.67%

ESET NOD32
Win32/Somoto, Win32/Bundled.Toolbar.Ask (variant), Win32/Packed.ScrambleWrapper, Win32/Toolbar.Conduit, Win32/DownWare, Win32/Downloader.Agent.AF
30.00%

Trend Micro House Call
TROJ_GEN.F47V0717, HV_ZYX_BL132900.TOMC, TROJ_GEN.F47V0127, TROJ_GEN.F47V0321, TROJ_GEN.F47V0201, TROJ_GEN.R0CBH07CI14, Suspicious_GEN.F47V0722
26.67%

Panda Antivirus
PUP/MultiToolbar.A, Adware/MultiToolbar, PUP/Conduit.A
20.00%

Bkav FE
W32.Clod966.Trojan, W32.Clodad0.Trojan, HW32.CDB, W32.Clod1ed.Trojan, W32.Cloda64.Trojan
16.67%

VIPRE Antivirus
Threat.46249, Adware.Agent, GamePlayLabs, BetterInstaller
16.67%

G Data
Win32.Parite, Win32.Application.Somoto
16.67%

Baidu Antivirus
Virus.Win32.Parite.$b, Trojan.Win32.ScrambleWrapper, Trojan.Win32.Agent, PUA.Win32.Downloader
16.67%

Fortinet FortiGate
W32/Parite.B, Riskware/Sim
16.67%

K7 AntiVirus
Unwanted-Program , Trojan
13.33%

McAfee
W32/Pate.b, Artemis!F236C9F24BFC, Artemis!C3CC961D429C, Artemis!3E7F357E4970
13.33%

NANO AntiVirus
Virus.Win32.Parite.bgvo, Riskware.Win32.RemoteAdmin.ccgsdt, Trojan.Win32.KillProc.dbxknj, Trojan.Win32.NtRootKit.dfbyev
13.33%

AhnLab V3 Security
Win32/Parite, PUP/Win32.Adware, Adware/Win32.Somoto
13.33%

Rising Antivirus
PE:Win32.Parite.b!16043, Suspicious, PE:Trojan.Win32.Generic.157848B0!360204464, Trojan.Win32.Generic.143F7D01
13.33%

The domain www.bigspeedpro.com has been seen to resolve to the following 5 IP addresses.

May 4, 2015

May 3, 2015

January 4, 2014

November 16, 2013

August 4, 2013

File downloads found at URLs served by www.bigspeedpro.com.

1 / 68      (Adware)

1 / 68      (Adware)

6 / 68      (inconclusive)

3 / 68      (Adware)

1 / 68      (Malware)

0 / 68

2 / 68      (PUP)
http://www.bigspeedpro.com/mirror2/.../etypesetup.exe  (4d35527d7db8d4c999dd49fb2c8f519f)

3 / 68      (inconclusive)

2 / 68      (PUP)

16 / 68    (Adware)

9 / 68      (PUP)
http://www.bigspeedpro.com/mirror/.../LuckySavingsV3.exe  (5553d15c3291cad9adf3bc588f3e2d36)

5 / 68      (inconclusive)

 
Latest 30 of 85 download URLs

URL:
http://www.bigspeedpro.com/

SSL certificate subject:
CN=bigspeedpro.com, OU=PositiveSSL, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx

Facebook:
Likes:  26
Shares:  22
Comments:  30

Statistics are for the previous month.