home

www.hurricane-file.net

ziv dascalu

Domain Information

The domain www.hurricane-file.net registered by ziv dascalu was initially registered in September of 2014 through GANDI SAS. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
GANDI SAS

Server location:
Oregon, United States (US)

Create date:
Wednesday, September 24, 2014

Expires date:
Thursday, September 24, 2015

Updated date:
Wednesday, September 24, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
hurricane-file.net

Whois:
1 hurricane-file.net record

Scanner detections:
Detections  (86% detected)

Scan engine
Details
Detections

Malwarebytes
PUP.Optional.Amonetize
85.71%

Agnitum Outpost
PUA.Amonetize
85.71%

Dr.Web
Adware.Downware.8618
85.71%

Zillya! Antivirus
Adware.Amonetize.Win32.1272
85.71%

AhnLab V3 Security
PUP/Win32.Amonetiz
85.71%

ESET NOD32
Win32/Amonetize.BR (variant)
85.71%

AVG
Generic_r
85.71%

Panda Antivirus
Trj/Genetic.gen
85.71%

Reason Heuristics
PUP.Installer.ShetefSolutionsConsulting1998.BB, PUP.Installer.ShetefSolutionsConsulting1998.?, PUP.Installer.ShetefSolutionsConsulting1998.g
85.71%

McAfee
Artemis!756E2715B8F8, Artemis!DD5F91ACEB5F, Artemis!DCABF01C7F51
42.86%

NANO AntiVirus
Riskware.Win32.Downware.dfqeij
28.57%

Baidu Antivirus
Adware.Win32.Amonetize
28.57%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
14.29%

F-Secure
Application:W32/Generic.70053c248f!Online
14.29%

Fortinet FortiGate
Riskware/Amonetize
14.29%

The domain www.hurricane-file.net has been seen to resolve to the following 3 IP addresses.

54.245.104.86
ec2-54-245-104-86.us-west-2.compute.amazonaws.com
November 29, 2014

54.214.33.160
ec2-54-214-33-160.us-west-2.compute.amazonaws.com
October 9, 2014

54.214.247.254
ec2-54-214-247-254.us-west-2.compute.amazonaws.com
September 28, 2014

File downloads found at URLs served by www.hurricane-file.net.

9 / 68      (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=8173&version=1.1.5.26&instid[appname]=Windows Loader 2.2.2 By Daz&instid[appsetupurl]=https://copy.com/.../Windows Loader Eazy Patch.exe  (book id56239985 pdf downloader__3687_i1342756092_il2114877.exe)

2 / 68      (false positives)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=8173&version=1.1.5.26&instid[appname]=Windows Loader 2.2.2 By Daz&instid[appsetupurl]=https://copy.com/.../Windows Loader Eazy Patch.exe  (wrar420.exe)

10 / 68    (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=3687&version=1.1.5.26&instid[appname]=Problem Book In Relativity And Gravitation Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1888167148.exe&instid[appimageurl]=http://.../logo.png&prefix=Problem Book In Relativity And Downloader&instid[thankyoupage]=http://.../?success&ti1=1888167148&AMt=1411822371780&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (human biology concepts and cu downloader__3687_i1341997873_il1996463.exe)

9 / 68      (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=9168&version=1.1.5.90&instid[appname]=Activation Code Downloader&instid[appsetupurl]=http://get.file3desktop.com/DownloadManager/Get?p=7392&d=10083&l=9525&n=1&instid[appimageurl]=https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTxoLer5Ytu9PdnrF1WsTHD2cC_Wa2IxWG84gDglmylAXRXLvQu&prefix=Activation Code Downloader&instid[thankyoupage]=http://cdn2.business2community.com/wp-content/uploads/2013/.../thank-you-page-295x300.jpg&AMt=1411826453984&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (keygen installer__9167_il79.exe)

9 / 68      (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=9169&version=1.1.5.90&instid[appname]=Software Crack Launcher&instid[appsetupurl]=http://get.file3desktop.com/DownloadManager/Get?p=7392&d=10083&l=9525&n=1&instid[appimageurl]=https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTxoLer5Ytu9PdnrF1WsTHD2cC_Wa2IxWG84gDglmylAXRXLvQu&prefix=Software Crack Launcher&instid[thankyoupage]=http://cdn2.business2community.com/wp-content/uploads/2013/.../thank-you-page-295x300.jpg&AMt=1411811981599&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (keygen installer__9167_il79.exe)

9 / 68      (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=9169&version=1.1.5.90&instid[appname]=Software Crack Launcher&instid[appsetupurl]=http://get.file3desktop.com/DownloadManager/Get?p=7392&d=10083&l=9525&n=1&instid[appimageurl]=https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTxoLer5Ytu9PdnrF1WsTHD2cC_Wa2IxWG84gDglmylAXRXLvQu&prefix=Software Crack Launcher&instid[thankyoupage]=http://cdn2.business2community.com/wp-content/uploads/2013/.../thank-you-page-295x300.jpg&AMt=1411811855920&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (keygen installer__9167_il79.exe)

9 / 68      (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=9169&version=1.1.5.90&instid[appname]=Software Crack Launcher&instid[appsetupurl]=http://get.file3desktop.com/DownloadManager/Get?p=7392&d=10083&l=9525&n=1&instid[appimageurl]=https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTxoLer5Ytu9PdnrF1WsTHD2cC_Wa2IxWG84gDglmylAXRXLvQu&prefix=Software Crack Launcher&instid[thankyoupage]=http://cdn2.business2community.com/wp-content/uploads/2013/.../thank-you-page-295x300.jpg&AMt=1411811020331&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (keygen installer__9167_il79.exe)

9 / 68      (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=3502&version=1.1.5.90&instid[appname]=SciLors Grooveshark Downloader&instid[appsetupurl]=http://scilor.com/grooveshark/download/InstallSciLorsGrooveshark.comDownloaderV0.4.14.exe&instid[cmdline]=SciLorsGrooovesharkDownloader&instid[appimageurl]=http://www.scilor.com/GrooveIcon150.png&prefix=SciLorsGrooovesharkDownloader&instid[thankyoupage]=https://.../GroovesharkDownloader&AMt=1411825940302&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (software crack launcher__9169_il316295.exe)

9 / 68      (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=3687&version=1.1.5.26&instid[appname]=UTorrent Plus V3 4 2 Build 42354 Cracked Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1474275565.exe&instid[appimageurl]=http://.../logo.png&prefix=UTorrent Plus V3 4 2 Build 423 Downloader&instid[thankyoupage]=http://.../?success&ti1=1474275565&AMt=1411837892618&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (book id56239985 pdf downloader__3687_i1342756092_il2114877.exe)

12 / 68    (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=9167&version=1.1.5.90&instid[appname]=Keygen Installer&instid[appsetupurl]=http://get.file3desktop.com/DownloadManager/Get?p=7392&d=10083&l=9525&n=1&instid[appimageurl]=https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTxoLer5Ytu9PdnrF1WsTHD2cC_Wa2IxWG84gDglmylAXRXLvQu&prefix=Keygen Installer&instid[thankyoupage]=http://cdn2.business2community.com/wp-content/uploads/2013/.../thank-you-page-295x300.jpg&AMt=1411851012409&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (activation code downloader__9168_il59.exe)

13 / 68    (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=7048&version=1.1.5.26&instid[appname]=minecraft&instid[appsetupurl]=http://www.minecrafttindir.com/minecraft-indir.exe&instid[appimageurl]=http://www.minecrafttindir.com/img/mine.jpg&prefix=minecraft.kurulum&instid[thankyoupage]=http://.../?tesekkurler&AMt=1411754368101&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (minecraft.kurulum__7048_il5479.exe)

9 / 68      (Adware)
http://www.hurricane-file.net/allddT.html?myref=dm&campid=9169&version=1.1.5.90&instid[appname]=Software Crack Launcher&instid[appsetupurl]=http://get.file3desktop.com/DownloadManager/Get?p=7392&d=10083&l=9525&n=1&instid[appimageurl]=https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTxoLer5Ytu9PdnrF1WsTHD2cC_Wa2IxWG84gDglmylAXRXLvQu&prefix=Software Crack Launcher&instid[thankyoupage]=http://cdn2.business2community.com/wp-content/uploads/2013/.../thank-you-page-295x300.jpg&AMt=1411832228717&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (software crack launcher__9169_il316295.exe)

The following 5 files have been seen to comunicate with www.hurricane-file.net in live environments.

TCP » 54.245.104.86:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.245.104.86:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.214.33.160:80
new_chrome.exe (Google Chrome by Google)

TCP » 54.245.104.86:80
new_chrome.exe (Google Chrome by Google)

TCP » 54.214.247.254:80
Client.exe

TCP » 54.214.33.160:80
Project1.exe (Pino by Microsoft)

TCP » 54.245.104.86:80
Project1.exe (Pino by Microsoft)

URL:
http://www.hurricane-file.net/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Apache/2.2.29 (Amazon)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.