home

www.nowmegacurrent.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
nowmegacurrent.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore.dobreprogramyspzoo.Installer (M), PUP.installCore.dobrepro.Installer (M)
100.00%

The domain www.nowmegacurrent.com has been seen to resolve to the following 11 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 20, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 20, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 21, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 21, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 21, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 4, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 4, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 4, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 4, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 4, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 4, 2016

File downloads found at URLs served by www.nowmegacurrent.com.

1 / 68      (Adware)
http://www.nowmegacurrent.com/c?x=Q/q12a8IvOnRuDLONY/SFCly6a52g74AiJTJOlHjlH4=&c=js8ZrmQiKH8McP2o9W1HRRkFpBsGK4q77qSc NXdRVrfc2LELyS4YiWspECkgZVQyUsvyru8n9 ij5fEXaEFL1eTkOQtgpyKtJPz5LEhjs3TVGCoZfdFZkGR9e76/xnnv0d1sA4 Qyg0nIE8khVgIQ==&fallback_url=http://www.rarlab.com/.../winrar-x64-530.exe&downloadAs=WinRAR-12398-dp.exe  (ab2474f46c3d3932e9b23733dca8879a)

1 / 68      (Adware)
http://www.nowmegacurrent.com/c?x=GPkLaRczzW1al5EQwX0CsekGgFLg0 qrWgRx6moXUbs=&c=DoW0fAvbW2CJ2Xn7RBbR9sUdavJp1pMktiBNFWTcpJXVWE4zWhoEXdqKskN0lXx2NAI0/XN83bkxVQnNmBZyIUcdJVyeC6JwhIR0AFC2pAjoBLtVOi5tVXnE3GiSkrKNBJm/HldYP9ApcL/SC0bFsA==&fallback_url=http://netcologne.dl.sourceforge.net/project/aresgalaxy/aresgalaxy/.../aresregular237_installer.exe&downloadAs=Ares-12480-dp.exe  (511797536e09a13c8c1db06791530389)

1 / 68      (Adware)
http://www.nowmegacurrent.com/c?x=dUOxidG8khOEAABZhnPoqM9re3VABIOf5lrra6tV0rg=&c=iX6ZwJOUNPnkHk1puu09DvWl6KIKFjb1q3rTfRtn4XlKMZXCDzpwsvzOqeGxrZ0f1NiO2prtxrdh8jen9b7PeFP4Z8mmj3EAREQHPUKqVwHbJdCz vl1xBVqGCoV92sG7Fs3BWW0JCftVsCw pii8w==&fallback_url=https://ftp.mozilla.org/pub/firefox/releases/42.0/win64/.../Firefox Setup 42.0.exe&downloadAs=Firefox-13108-dp.exe  (27e86416736ac38f6236841ca1328e23)

1 / 68      (Adware)
http://www.nowmegacurrent.com/c?x=5w10hCIClnlAcxjF90Tr/8KrHll7Ytfu05Yr6e6Ce7Y=&c=bNzOnSpCOzj0nDAK05gkRJE37e1gLP2Hg4dFmfrqYwUOAiJwDidiRgdfiznZl19Mr04fsPHSYYaVluooKaudkiDudBJN1CSf3sPjoaGk4UFISCo0dcuFiASILGHOnQ0GFB3RYxu4OjOxMbuxfX7znQ==&fallback_url=http://get.geo.opera.com/pub/opera/desktop/33.0.1990.115/.../Opera_33.0.1990.115_Setup.exe&downloadAs=Opera-12614-dp.exe  (7b9f883d8e623251fffdcef08541ea58)

1 / 68      (Adware)
http://www.nowmegacurrent.com/c?x=A4gczNcCyBKEZYGa5HiFUKtRER8wq4P/IUCwjJj0PpQ=&c=3on SvPjxo4KhrbF/h80c9pjgzsTQiNVHgTkaWJlkX9U9c67L SG1 jJYoWCRgAIYhEaMwLyXMMBiMNJoGKx4ewctslqL3siVivgBFlYt3pSiTwwhu TlMistgFKWcYfS9Q4Idm3iBY6NUlTs9J4Gg==&fallback_url=http://get.geo.opera.com/pub/opera/desktop/34.0.2036.25/.../Opera_34.0.2036.25_Setup.exe&downloadAs=Opera-12614-dp.exe  (137eb88fd35bb8bf74fa59ed2dceb106)

1 / 68      (Adware)
http://www.nowmegacurrent.com/c?x=lmQXn XFGTNRrtWP JA4AW4qtbiy7Lc8CVf3U3VKdBU=&c=CXEIBjeU3M1IEvCVtQX3A7qExQWEDgkQ21CEQ8i3oDpyYrRcVaCfyt7Ac5TWnteooGO5dZbDeOAhPG7QhuBwGtpzraZ1FP6L06ekmudzmH/Sh6bNmlkL1kmLlMD13vMLQB9FeKHrF4EWBNZtwK/e g==&fallback_url=http://3nitysoftware.com/.../3nityDVDBurner.exe&downloadAs=3nity-CD-DVD-BURNER-39358-dp.exe  (ccf08a43c5b08ec827703e83d319e338)

1 / 68      (Adware)
http://www.nowmegacurrent.com/c?x=XN4Frjc4K8/P7UojtdQWWEeDNSGE md I67vYdM9w4=&c=1HKRsx6pWSad7bu1Eq8QMaXoi0Gotwx73Rpsq8fVGrJHgrSEjHkoS1IKYft1rMnlNnSPGfqTMhDWwjoB0zejepJt4IslmdOosB2Q1CWIhNoBOh/JErmrp7Z06ZmJpMuE7iVy5cpO1k9TuxAnYdtjuw==&fallback_url=http://storage.dobreprogramy.pl/.../fsSetup209.exe&downloadAs=Fotosizer-31810-dp.exe  (fc0864fcb37ae74435ef9bc8869e7fc2)

The following 6 files have been seen to comunicate with www.nowmegacurrent.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.