home

cool-ups.info

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain cool-ups.info is registered by proxy through PDR Ltd. d/b/a PublicDomainRegistry.com. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
PDR Ltd. d/b/a PublicDomainRegistry.com

Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Whois:
2 cool-ups.info records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Bundler.InstallCore, PUP.installCore (M), PUP.NewMedia.NMH.installCore.Installer (M), PUP.InstallCore.RES (M), PUP.InstallCore.RE48 (M)
100.00%

Comodo Security
Application.Win32.InstallCore.PK
6.67%

ESET NOD32
Win32/InstallCore.ZC potentially unwanted (variant)
6.67%

Trend Micro House Call
Suspicious_GEN.F47V0514
6.67%

Baidu Antivirus
Adware.Win32.InstallCore
6.67%

herdProtect (fuzzy)
a variant of f4cbe752945e2d68b5c75b0f2f6627c1e73f82de
6.67%

avast!
Trojan-gen
6.67%

The domain cool-ups.info has been seen to resolve to the following 6 IP addresses.

107.23.203.23
ec2-107-23-203-23.compute-1.amazonaws.com
February 10, 2016

54.84.143.69
ec2-54-84-143-69.compute-1.amazonaws.com
February 10, 2016

52.7.132.182
ec2-52-7-132-182.compute-1.amazonaws.com
February 10, 2016

54.236.147.238
ec2-54-236-147-238.compute-1.amazonaws.com
May 15, 2015

54.84.140.114
ec2-54-84-140-114.compute-1.amazonaws.com
May 15, 2015

54.209.232.94
ec2-54-209-232-94.compute-1.amazonaws.com
May 15, 2015

File downloads found at URLs served by cool-ups.info.

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=AzMRNZgFNTAyNw==&osos=VdluDrW3cw==&gclid=COqhnYvhisUCFc3m7AodRjgAMA&dr=cHaWck1mIXvlDmW4vExthXN3DKV0OSDzcj1zcmAmIT1zvm2yIKiWvmREhXs0vmNjhLvSvmNBDz1w2kDjhTnmDZ0wvmNpDZ1fAZnFAZL3ATgyvm5EIKiWXzM3NjL0OZAdNjny&pd=7KN0IXDlUKluc3xP rRzUEVzUmNJ i==&campaignId=9jn0AjC3AzidAZMq  (firefoxsetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=Ajg4NzcyATA4OM==&osos=VdluDrW3cw==&gclid=CMX-n7LI-MQCFWsQ7Aod21kAsA&dr=cHaWck1NIKFl73vPDEim2r0Wc32lDXiFvENyhXNy7yDphXAmD3vpDZ0m rcWcHim7dAWilam7dREhXs0vmAWASDChTMm7dlChV8zNz70ATL1NZam7K2pDZ1fAzn3AZ7RATi3Njn=&pd=IKFz2r5B k1zDKLu7dWt&campaignId=9jn0AjCRAZgyAZMq  (minecraftsetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=Ajg4NzcRNT7RAw==&osos=VdluDrW3cw==&gclid=CM6YjdWL-cQCFdgDgQodHisAwQ&dr=cHaWck10DK5t2mll2dVyvExthXN3DKV0OSDzcj1zcmAmIT1zvm2yIKiWvmREhXs0vmNjhLvSvmNBDz1w2kDjhTnmDZ0wvmNpDZ1fATc3NjLyNZgyvm5EIKiWXzn1NZn3NT70AzgR&pd= rlGDS1mcmVlUmNJ i==&campaignId=9jn0AjCRAj7yAZMq  (teamviewersetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=Ajg4NzcRNzg0Ni==&osos=VdluDrW3cw==&gclid=COXlqumS98QCFajm7AodwF0AFQ&dr=cHaWck1mIXvlDmW4vExthXN3DKV0OSDzcj1zcmAmIT1zvm2yIKiWvmREhKVuvmNjhLNsvmNBDz1l QDjhTnmDZ0wvmNpDZ1fAZc4AZA3ATgyvm5EIKiWXzMzOZgzNzg1Njny&pd=7KN0IXDlUKluc3xP rRzUEVzUmNJ i==&campaignId=9jn0AjCwNTCdAZMq  (firefoxsetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=Ajg4NzcRAjcFAg==&osos=VdluDrW3cw==&gclid=CPL8wenS_sQCFSNk7Aod6EIAAA&dr=cHaWck1NIKFl73vPDEim2r0Wc32lDXiFvENyhXNy7yDphXAmD3vpDZ0m rcWDK4m7dAWVVAm7dREhKVuvmAWASDChTMm7dlChV8dNTMwNZC4OZAm7K2pDZ1fNjC4AjM1NZc4OZn=&pd=DrW3 mRJ7KitcdVlUmNJ i==&campaignId=9jn0AjCzATcwAZMq  (minecraftsetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=ATLFNjLRAjL3OM==&osos=VdluDrW3cw==&gclid=CO_dma7kh8UCFYXFcgodc4YAkA&dr=cHaWck13IKFy7Xam2r0Wc32lDXiFvENyhXNy7yDphXAmD3vpDZ0m rcWDK4m7dAWLnwm7dREhKVuvmAWASDChTMm7dlChV8RNjCdNzi3Nzam7K2pDZ1fATMdAzCwNjiwNzn=&pd=IKFz2r5B k1zIK1w rLu 3vE&campaignId=9jn0AjCdAzawAZMq  (winrarsetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=Ajg4NzcRAzazAM==&osos=VdluDrW3cw==&gclid=CjwKEAjw0q2pBRC3jrb24JjE8VgSJAAyIzAdLug9K2_OYA-3jp2rE9ux636uIPmF_sLE-ipHWck6_hoCGvrw_wcB&dr=cHaWck1JcrVu dDmIKNlvExthXN3DKV0OSDzcj1zcmAmIT1zvm2yIKiWvmREhKVuvmNjhVVTvmNBDz1l QDjhTnmDZ0wvmNpDZ1fAT7FNZAROTAyvm5EIKiWXzn0AjC4NTCdNjgR&pd=2r8tD3vl7Xiu7dWt&campaignId=9jn0AjgFNZM4AZMq  (openofficesetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=AznzNTcFNTi4Ai==&osos=VdluDrW3cw==&gclid=CM7i09vIisUCFWRp7AodsWIAaw&dr=cHaWck1mIXvlDmW4vExthXN3DKV0OSDzcj1zcmAmIT1zvm2yIKiWvmREhXs0vmNjhLvSvmNBDz1w2kDjhTnmDZ0wvmNpDZ1fAZAwATL3ATgyvm5EIKiWXzMFNzczAZidNjny&pd=7KN0IXDlUKluc3xP rRzUEVzUmNJ i==&campaignId=9jn0AjC3Ajc0AZMq  (firefoxsetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=Ajg4NzcRNzg0Ni==&osos=VdluDrW3cw==&gclid=CPq705fH_sQCFYEkgQodb00AAA&dr=cHaWck1zcrW0IKDFvExthXN3DKV0OSDzcj1zcmAmIT1zvm2yIKiWvmREhKVuvmNjhVVTvmNBDz1l QDjhTnmDZ0wvmNpDZ1fNZgzAza1AT7yvm5EIKiWXzidAZ71AzA3Azny&pd=DKFq 3Ct7dRl7K4u7dWt&campaignId=9jn0AjCzATLyAZMq  (spotifysetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=AznzNZndNjnyNg==&osos=VdluDrW3cw==&gclid=CjwKEAjwx9KpBRCAiZ_tgYKWvhQSJABQjGW-AYjJZVvntKVRAdnA9Sp9bc1dcrSWhW19EaeKJTo3UhoCf_rw_wcB&dr=cHaWck1mIXvlDmW4vExthXN3DKV0OSDzcj1zcmAmIT1zvm2yIKiWvmREhXs0vmNjhLvSvmNBDz1w2kDjhTnmDZ0wvmNpDZ1fAZcdAZL3ATgyvm5EIKiWXzMzNZL0OZAdNjny&pd=7KN0IXDlUKluc3xP rRzUEVzUmNJ i==&campaignId=9jn0AjC1Nz7yAZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://cool-ups.info/?dl=1&pi=AzMROZLROTL1AM==&osos=VdluDrW3cw==&gclid=Cj0KEQjw6tepBRDLqLnxouaY_pkBEiQAPIOiBvWQp2m3DhW6ItaRSNdbjj3SuECdntXVffNqScwM0jMaAo1C8P8HAQ&dr=cHaWck1mIXvlDmW4vExthXN3DKV0OSDzcj1zcmAmIT1zvm2yIKiWvmREhXs0vmNjhLvSvmNBDz1w2kDjhTnmDZ0wvmNpDZ1fAZC3AZL3ATgyvm5EIKiWXzM1NTL0OZAdNjny&pd=7KN0IXDlUKluc3xP rRzUEVzUmNJ i==&campaignId=9jn0AjCdNTcyAZMq  (firefoxsetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=ATc0OZMzATC3AM==&osos=VdluDrW3cw==&gclid=CjwKEAjwx9KpBRCAiZ_tgYKWvhQSJABQjGW-jfRLNN1DuVSM4LbvJjcoIBlib5oLnWpuD-6LSIi87xoCj1zw_wcB&dr=cHaWck1o 3xzcrW0UXNoIKVBDkD0 T1z2dVl2ZCmc3aWc3vjvmCWcyDEcmlChSDBDz1l QDj7z1VLyDj rcWDK4m7z0RvmiWAkDjIKiWXznRATCFATi0AQDPDdlChV8RATn3AjA4NzAwAg==&pd=IKFz2r5B H2l rwu 3vE&campaignId=9jn0AjC1Nzi0AZMq  (hotspotshieldsetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=Ajg4NzcRNzg0Ni==&osos=VdluDrW3cw==&gclid=COq53qXo_sQCFRcMjgodvIMA-Q&dr=cHaWck1mIXvlDmW4vExthXN3DKV0OSDzcj1zcmAmIT1zvm2yIKiWvmREhKVuvmNjhLlOvmNBDz1l QDjhTnmDZ0wvmNpDZ1fAZnRATA3ATgyvm5EIKiWXzM1ATC1NTC1Njny&pd=7KN0IXDlUKluc3xP rRzUEVzUmNJ i==&campaignId=9jn0AjCzAjiyAZMq  (firefoxsetup.exe)

1 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=Ajg4NzcyAZC1Ni==&osos=VdluDrW3cw==&gclid=CM2Lvt-D8cQCFdcXjgodTq4Agg&dr=cHaWck1mIXvlDmW4vExthXN3DKV0OSDzcj1zcmAmIT1zvm2yIKiWvmREhKVuvmNjhLlOvmNBDz1l QDjhTnmDZ0wvmNpDZ1fAZnRATA3ATgyvm5EIKiWXzM3OZgFNTC1Njny&pd=7KN0IXDlUKluc3xP rRzUEVzUmNJ i==&campaignId=9jn0Ajg4NZCwAZMq  (firefoxsetup.exe)

7 / 68      (PUP)
http://cool-ups.info/?dl=1&pi=ATa3OTc0ATA4Ng==&osos=VdluDrW3cw==&gclid=CjwKEAjwx9KpBRCAiZ_tgYKWvhQSJABQjGW-0xY8d_pvnLdrzwrAfxWtCjoZFkYdiQ_BchUu6SOPuxoCP3nw_wcB&dr=cHaWck1NIKFl73vPDEim2r0Wc32lDXiFvENyhXNy7yDphXAmD3vpDZ0m rcWDK4m7dAWi0nm7dREhKVuvmAWASDChTMm7dlChV8dNTC3AjnwNzAm7K2pDZ1fNjA4NTa1OZi1OZn=&pd=cdVlDrW3 mRJ7Kiu7dWt&campaignId=9jn0AjC1NTgyAZMq  (minecraftsetup.exe)

The following 3 files have been seen to comunicate with cool-ups.info in live environments.

TCP » 54.84.143.69:80
WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

TCP » 54.84.143.69:80
notifier64.exe (Notifications)

TCP » 54.84.143.69:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

URL:
http://cool-ups.info/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.4.7

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.