home

s1.hd-plugin.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain s1.hd-plugin.com is registered by proxy through GODADDY.COM, LLC and was originally registered in February of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
GODADDY.COM, LLC

Server location:
Dublin City, Ireland (IE)

Create date:
Thursday, February 7, 2013

Expires date:
Sunday, February 7, 2016

Updated date:
Sunday, February 8, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:
hd-plugin.com

Whois:
2 hd-plugin.com records

Scanner detections:
Detections  (85% detected)

Scan engine
Details
Detections

VIPRE Antivirus
Iminent
100.00%

Reason Heuristics
PUP.CoolMirageltd.P, PUP.CoolMirageltd.T, PUP.CoolMirageltd.Q, PUP.CoolMirageltd.X, PUP.CoolMirageltd.Y, Threat.CoolMirage.Installer, PUP.CoolMirage.Installer (M)
100.00%

Sophos
FT Downloader
91.67%

ESET NOD32
Win32/Adware.1ClickDownload, Win32/AdWare.1ClickDownload.AT
91.67%

Dr.Web
Adware.Downware.902
83.33%

Avira AntiVirus
APPL/CoolMirage.Gen6, APPL/CoolMirage.cuq, Adware/Yontoo.H
83.33%

Comodo Security
Application.Win32.MCool.A
75.00%

McAfee
Adware-SweetIM, Artemis!7BA306E87A08, Artemis!2B847A02CC65, Artemis!5ADBD11824F8, Artemis!F61104B9CFD4, Artemis!0245992B44EA
66.67%

Malwarebytes
PUP.BundleInstaller.DW
58.33%

avast!
Win32:Downloader-TPG [PUP]
58.33%

SUPERAntiSpyware
Adware.Downware
50.00%

Microsoft Security Essentials
SoftwareBundler:Win32/OneClickDownloader
50.00%

Trend Micro House Call
TROJ_GEN.F47V0212, TROJ_GEN.F47V1116, ADW_CODECINSTALL, TROJ_GEN.F47V1007
33.33%

Panda Antivirus
Trj/CI.A
25.00%

NANO AntiVirus
Riskware.Nsis.Yontoo.cvlcfp, Riskware.Nsis.Downware.czyjkl
25.00%

The domain s1.hd-plugin.com has been seen to resolve to the following 4 IP addresses.

185.53.178.15
August 28, 2016

54.72.9.51
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
June 7, 2016

108.161.189.7
December 1, 2014

108.161.189.6
May 14, 2014

File downloads found at URLs served by s1.hd-plugin.com.

0 / 68
http://s1.hd-plugin.com/download/m2k/.../codec_pack_chrome_source.exe  (e1c3f1f1e84a79b389b3103d67d70f72)

1 / 68      (Adware)
http://s1.hd-plugin.com/download/.../hdplugin_chrome.exe  (5f39f6d3cea7cd35130714c274588df1)

13 / 68    (Adware)
http://s1.hd-plugin.com/download/m2k/.../hdplugin_chrome.exe  (hdplugin_firefox.exe)

7 / 68      (Adware)
http://s1.hd-plugin.com/.../hdplugin_chrome.exe  (hdplugin_firefox.exe)

12 / 68    (Adware)
http://s1.hd-plugin.com/download/1channel/.../hdplugin_chrome.exe  (hdplugin_firefox.exe)

13 / 68    (Adware)
http://s1.hd-plugin.com/download/m2k/.../codec_pack_chrome_source.exe  (codecpack_chrome_source.exe)

13 / 68    (Adware)
http://s1.hd-plugin.com/download/1channel/.../codec_pack_chrome_source.exe  (codec_pack_iexplorer_source.exe)

1 / 68
http://s1.hd-plugin.com/download/.../hdplugin_chrome.exe  (d88a157e299ce59ec9cc1a16dcededd2)

13 / 68    (Adware)
http://s1.hd-plugin.com/download/m2k/.../codec_pack_chrome_source.exe  (0245992b44eab00d622ef3cc8a77c746)

9 / 68      (Adware)
http://s1.hd-plugin.com/download/m2k/.../hdplugin_chrome.exe  (hdplugin_firefox.exe)

8 / 68      (Adware)
http://s1.hd-plugin.com/download/1channel/.../hdplugin_chrome.exe  (2b847a02cc652a624a7749c1ba88519d)

16 / 68    (Adware)
http://s1.hd-plugin.com/download/1channel/.../hdplugin_chrome.exe  (f61104b9cfd4cd50cb71a2aa3121a152)

7 / 68      (Adware)
http://s1.hd-plugin.com/download/.../hdplugin_chrome.exe  (hdplugin_firefox.exe)

21 / 68    (Adware)
http://s1.hd-plugin.com/download/.../hdplugin_chrome.exe  (bdcee145df303f531cf7fba961f60ef5)

The following 216 files have been seen to comunicate with s1.hd-plugin.com in live environments.

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
onedrvup.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
247843.ftf (Optimizer Pro v3.2 by PC Utilities Software Limited)

TCP » 54.72.9.51:80
1799877.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
install_flashplayer14x32_x64md_aaa_aih.exe (bon joueur)

TCP » 54.72.9.51:80
optimizerproinstaller.exe (Optimizer Pro v3.2 by PCUtilities Software Limited)

TCP » 54.72.9.51:80
charles.exe (by Apple)

TCP » 54.72.9.51:80
onedrv.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 54.72.9.51:80
install_flashplayer16x33_masp_aaa_aih.exe (by Apple)

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
g.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
hqghumeaylnlf.exe (Optimizer Pro v3.2 by PC Utilities Software Limited)

 
Latest 20 of 220 files

URL:
http://s1.hd-plugin.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
NetDNA-cache/2.2

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.