home

www.good-hurricane-file.net

ziv dascalu

Domain Information

The domain www.good-hurricane-file.net registered by ziv dascalu was initially registered in September of 2014 through GANDI SAS. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
GANDI SAS

Server location:
Oregon, United States (US)

Create date:
Sunday, September 28, 2014

Expires date:
Monday, September 28, 2015

Updated date:
Sunday, September 28, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
good-hurricane-file.net

Whois:
1 good-hurricane-file.net record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

AhnLab V3 Security
PUP/Win32.Amonetize
100.00%

ESET NOD32
Win32/Amonetize.BW (variant), Win32/Amonetize.BY (variant), Win32/Amonetize.CH
100.00%

Reason Heuristics
PUP.Installer.VEBTORG.g, PUP.Installer.VEBTORG.h, PUP.Installer.ITLGROUP.?, PUP.Installer.ITLGROUP.z, PUP.Installer.AMGRUP.
100.00%

McAfee
Artemis!00007E9365A6, Artemis!728CCA80F9C3, Artemis!9C0DE03BDF31, Artemis!EF3A20165C83
80.00%

NANO AntiVirus
Riskware.Win32.Downware.dhaxhs, Riskware.Win32.Downware.difhzb, Riskware.Win32.Amonetize.dkinix
80.00%

Avira AntiVirus
Adware/Amonetize.519376.14, ADWARE/Adware.Gen4
80.00%

MicroWorld eScan
Gen:Variant.Graftor.161218, Gen:Variant.Application.Jaik.4831
60.00%

Bitdefender
Gen:Variant.Application.Bundler.22, Gen:Variant.Graftor.161610, Gen:Variant.Application.Jaik.4831
60.00%

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.22, Gen:Variant.Graftor.161610, Gen:Variant.Application.Jaik.4831
60.00%

F-Secure
Gen:Variant.Application.Bundler, Gen:Variant.Graftor.161610, Gen:Variant.Application.Jaik
60.00%

Dr.Web
Adware.Downware.8868, Adware.Downware.8996
60.00%

G Data
Gen:Variant.Application.Bundler.22, Gen:Variant.Graftor.161610, Gen:Variant.Application.Jaik.4831
60.00%

AVG
Generic
60.00%

Agnitum Outpost
PUA.Amonetize
60.00%

Sophos
Amonetize, Generic PUA GB, Generic PUA AJ
60.00%

The domain www.good-hurricane-file.net has been seen to resolve to the following 3 IP addresses.

54.245.242.253
ec2-54-245-242-253.us-west-2.compute.amazonaws.com
May 3, 2015

54.245.104.86
ec2-54-245-104-86.us-west-2.compute.amazonaws.com
November 12, 2014

54.214.33.160
ec2-54-214-33-160.us-west-2.compute.amazonaws.com
November 1, 2014

File downloads found at URLs served by www.good-hurricane-file.net.

17 / 68    (Adware)
http://www.good-hurricane-file.net/allddT.html?myref=dm&campid=9011&version=1.1.5.26&instid[appname]=The Long Dark Free Game Download&instid[appsetupurl]=http://www.myutility.com/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://downloadspeedy.com/downloadall.png&prefix=The Long Dark Free Game Download&instid[thankyoupage]=http://www.downloadforall.net/.../thankyou.php&ti1=341&ti2=1871&AMt=1414362932156&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (flashupdate__8497_i1386307512_il2173747.exe)

17 / 68    (Adware)
http://www.good-hurricane-file.net/allddT.html?myref=dm&campid=9011&version=1.1.5.26&instid[appname]=The Long Dark Free Game Download&instid[appsetupurl]=http://www.myutility.com/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://downloadspeedy.com/downloadall.png&prefix=The Long Dark Free Game Download&instid[thankyoupage]=http://www.downloadforall.net/.../thankyou.php&ti1=341&ti2=1871&AMt=1414362476953&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (flashupdate__8497_i1386307512_il2173747.exe)

17 / 68    (Adware)
http://www.good-hurricane-file.net/allddT.html?myref=dm&campid=9166&version=1.1.5.26&instid[appname]=The Long Dark Free Game Download&instid[appsetupurl]=http://www.myutility.com/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://downloadspeedy.com/downloadall.png&prefix=The Long Dark Free Game Download&instid[thankyoupage]=http://www.downloadforall.net/.../thankyou.php&ti1=251&ti2=1871&AMt=1414362441145&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (flashupdate__8497_i1386307512_il2173747.exe)

11 / 68    (Adware)
http://www.good-hurricane-file.net/allddT.html?myref=dm&campid=9011&version=1.1.5.26&instid[appname]=Avast! Free Antivirus 7.0.1474 With License Key Free Download&instid[appsetupurl]=http://www.myutility.com/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://downloadspeedy.com/downloadall.png&prefix=Avast. Free Antivirus 7.0.1474 With License Key Free Download&instid[thankyoupage]=http://www.downloadforall.net/.../thankyou.php&ti1=401&ti2=1871&AMt=1419080678858&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (jamie cullum momentum downloader__3687_i1427386328_il1138090.exe)

18 / 68    (Adware)
http://www.good-hurricane-file.net/allddT.html?myref=dm&campid=9011&version=1.1.5.26&instid[appname]=Adobe Dreamweaver CS5.5 With Serials Free Download Full Version&instid[appsetupurl]=http://www.myutility.com/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://downloadspeedy.com/downloadall.png&prefix=Adobe Dreamweaver CS5.5 With Serials Free Download Full Version&instid[thankyoupage]=http://www.downloadforall.net/.../thankyou.php&ti1=311&ti2=1871&AMt=1416007500527&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (spotydl 0 9 37 pkg downloader__3687_i1405509242_il1219304.exe)

6 / 68      (Adware)
http://www.good-hurricane-file.net/allddT.html?myref=dm&campid=9011&version=1.1.5.26&instid[appname]=Download Project Professional 2013 Free Full Version Software&instid[appsetupurl]=http://www.myutility.com/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://downloadspeedy.com/downloadall.png&prefix=Download Project Professional 2013 Free Full Version Software&instid[thankyoupage]=http://www.downloadforall.net/.../thankyou.php&ti1=401&ti2=1871&AMt=1415739093697&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (download project professional 2013 free full version software__9011_i1403053698_il20359.exe)

21 / 68    (Adware)
http://www.good-hurricane-file.net/alldd.html?myref=dm&campid=7529&version=1.1.6.20&instid[appname]=F1&instid[appsetupurl]=http://toolsvillage.com/wp-content/uploads/Installer/Toolsvillageinstallers/ToolsVillage.downloader_1.9.exe&instid[cmdline]=Toolsvillage&instid[appimageurl]=http://bit.ly/LOgOtV&prefix=toolsvillage.downloader&instid[thankyoupage]=http://toolsvillage.com/Recommendation/.../&AMt=1414131693891&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (toolsvillage.downloader__7529_il4576466.exe)

The following 4 files have been seen to comunicate with www.good-hurricane-file.net in live environments.

TCP » 54.245.104.86:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.245.104.86:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.214.33.160:80
new_chrome.exe (Google Chrome by Google)

TCP » 54.245.104.86:80
new_chrome.exe (Google Chrome by Google)

TCP » 54.214.33.160:80
Project1.exe (Pino by Microsoft)

TCP » 54.245.104.86:80
Project1.exe (Pino by Microsoft)

URL:
http://www.good-hurricane-file.net/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Apache/2.2.29 (Amazon)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.