The domain www.slow-tsunami-file.com registered by Ziv Dascalu was initially registered in September of 2014 through GANDI SAS. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Server location:
Northern Ireland, United Kingdom (GB)
Create date:
Wednesday, September 24, 2014
Expires date:
Saturday, September 24, 2016
Updated date:
Friday, September 25, 2015
Scanner detections:
Detections (98% detected)
Scan engine
Details
Detections
Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Installer.InstallPath.d, PUP.Installer.ShetefSolutionsConsulting1998.X, PUP.Installer.ShetefSolutionsConsulting1998.W, PUP.Installer.AMGRUP.d, PUP.Amonetize.ShetefSolutionsConsulting1998.Bundler (M), PUP.Amonetize.AMGRUP.Bundler (M), PUP.Amonetize.DOZDEKORUM.Bundler (M), PUP.Amonetize.InstallPath.Installer (M), PUP.Amonetize.ITLGROUP.Bundler (M), PUP.Amonetize.VEBTORG.Bundler (M), Adware.Amonetize.Installer.Meta (M), PUP.Amonetize.DOZDEKOR.Bundler (M), PUP.Amonetize.InstallP.Installer (M)
100.00%
AhnLab V3 Security
PUP/Win32.Amonetize
41.86%
ESET NOD32
Win32/Amonetize.BS (variant), Win32/Amonetize.BY (variant), Win32/Amonetize.CK (variant), Win32/Amonetize.CS (variant), Win32/Amonetize.CX potentially unwanted (variant)
37.21%
AVG
Generic_r, Adware Generic_r.TX, Downloader.Generic14
34.88%
Dr.Web
Adware.Downware.8706, Adware.Downware.8996, Trojan.Amonetize.341, Trojan.Adfltnet.70, Trojan.Adfltnet.71, Adware.Downware.8868
34.88%
NANO AntiVirus
Riskware.Win32.Downware.dgibky, Riskware.Win32.Downware.difhzb, Trojan.Win32.Adfltnet.dlsvsx, Riskware.Win32.Amonetize.dlfklg
34.88%
Malwarebytes
PUP.Optional.Amonetize, PUP.Optional.Bundle, PUP.Optional.Bundler, PUP.Optional.Downloader
32.56%
Avira AntiVirus
ADWARE/Adware.Gen4, Adware/Amonetize.575168.46, TR/Crypt.ZPACK.Gen2, Adware/Amonetize.575168.18, ADWARE/Adware.Gen2
32.56%
Agnitum Outpost
PUA.Amonetize
30.23%
Fortinet FortiGate
Riskware/Amonetize, Adware/Amonetize
30.23%
McAfee
Artemis!AAAEFAF4A374, RDN/Generic PUP.x!c2k, Artemis!54E117F334B4, Artemis!A32DD2406EBA, Artemis!9A1376EC2F4E, Artemis!576113863B2F
27.91%
K7 AntiVirus
Unwanted-Program , Trojan
27.91%
G Data
Win32.Application.Amonetize, Win32.Adware.Amonetize, Application.Generic.828144, Trojan.Generic.11927092, Trojan.GenericKD.2067331
25.58%
Sophos
Generic PUA KM, Generic PUA PH, Generic PUA HF, Amonetize, Generic PUA JG, Generic PUA DF, Generic PUA LJ, Generic PUA CI
25.58%
Trend Micro House Call
TROJ_SPNR.08JJ14, TROJ_SPNR.08JB14, Suspicious_GEN.F47V1230, Suspicious_GEN.F47V0107, Suspicious_GEN.F47V1227, TROJ_GEN.R02SH07AB15
25.58%
The domain www.slow-tsunami-file.com has been seen to resolve to the following 5 IP addresses.
unallocated.barefruit.co.uk
May 15, 2016
ec2-54-244-90-176.us-west-2.compute.amazonaws.com
June 19, 2015
ec2-54-245-242-253.us-west-2.compute.amazonaws.com
May 5, 2015
ec2-54-245-104-86.us-west-2.compute.amazonaws.com
November 12, 2014
ec2-54-214-33-160.us-west-2.compute.amazonaws.com
October 9, 2014
File downloads found at URLs served by www.slow-tsunami-file.com.
Latest 30 of 127 download URLs
The following 234 files have been seen to comunicate with www.slow-tsunami-file.com in live environments.
URL:
http://www.slow-tsunami-file.com/