home

s1.hulkload.com

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain s1.hulkload.com is registered by proxy through NAME.COM, INC. and was originally registered in October of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Nuremberg, Bayern within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
NAME.COM, INC.

Server location:
Bayern, Germany (DE)

Create date:
Monday, October 1, 2012

Expires date:
Sunday, October 1, 2017

Updated date:
Sunday, August 11, 2013

ASN:
AS24940 HETZNER-AS Hetzner Online AG

Root domain:
hulkload.com

Whois:
2 hulkload.com records

Scanner detections:
Detections  (57% detected)

Scan engine
Details
Detections

Dr.Web
Adware.Downware.1699, Adware.Downware.1575, Adware.Downware.964, infected with JS.Redirector.153
80.00%

Reason Heuristics
Bundler.PPI.CBSInteractive.o, PUP.Installer.ShetefSolutionsConsulting1998., PUP.Installer.KoyoteLab.S
60.00%

ESET NOD32
Win32/CNETInstaller (variant), Win32/Amonetize.AA (variant)
40.00%

IKARUS anti.virus
not-a-virus:Downloader.Win32.Agent, Trojan.JS.Seedabutor
40.00%

Fortinet FortiGate
Riskware/Amonetize, JS/Redirector.XA!tr
40.00%

McAfee
Artemis!D770A95564A8, Program.HTML/Redirector
40.00%

Trend Micro House Call
TROJ_GEN.F47V1222, TROJ_GEN.F47V0312
40.00%

Comodo Security
ApplicUnwnt, Heur.Suspicious
40.00%

Avira AntiVirus
ADWARE/Adware.Gen2, HTML/DSPark.B
40.00%

Norman
Killav.NZH, Agent.ALGSM
40.00%

Boost by Reason
Bundler.PPI.CBSInteractive.o
20.00%

Malwarebytes
PUP.Optional.InstallMonetizer
20.00%

VIPRE Antivirus
Amonetize
20.00%

Kaspersky
not-a-virus:Downloader.Win32.Agent
20.00%

NANO AntiVirus
Trojan.Win32.Downware.crewao
20.00%

The domain s1.hulkload.com has been seen to resolve to the following IP address.

144.76.41.40
static.40.41.76.144.clients.your-server.de
December 26, 2013

File downloads found at URLs served by s1.hulkload.com.

12 / 68    (PUP)
http://s1.hulkload.com/files/7/.../Avc 4.rar  (693af78dd6829af52b5d379299bce9cd)

0 / 68
http://s1.hulkload.com/files/8/.../avg_free_stb_all_2014_4744_free.exe  (avg_free_stb_pb_2014_4744_free.exe)

0 / 68
http://s1.hulkload.com/files/5/.../adwcleaner_3.216.exe  (b653dd91d5d6e519d3357a80a15a5dfb)

2 / 68
http://s1.hulkload.com/files/1/.../IDM.6055.SiLeNt.InStAlL.exe  (idm.exe)

2 / 68
http://s1.hulkload.com/files/6/.../IDM.6055.SiLeNt.InStAlL.exe  (idm.exe)

4 / 68      (PUP)
http://s1.hulkload.com/files/7/.../Dabel_Cleanup-ORG.exe  (cbsidlm-cbsi145-should_i_remove_it-bp-75834044.exe)

12 / 68    (Adware)
http://s1.hulkload.com/files/0/.../Wifi pirater mot de p_e v5 by achraf tycoon.exe  (download videos by ant com download dll__3038_i207517208_il13035716.exe)

3 / 68      (PUP)
http://s1.hulkload.com/files/8/.../fTalkSetup-r0-n-bf.exe  (5d07cecfa1d46efbaba6f4d6823a4a83)

The following file have been seen to comunicate with s1.hulkload.com in live environments.

TCP » 144.76.41.40:80
cometbird.exe (CometBird by CometNetwork)

URL:
http://s1.hulkload.com/

Web server:
Apache

media1fire.com

megauplaod.org

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.