www.newhdplugin.net

Wilmaonline LTD.  (via a Proxy Registrant)

Domain Information

The domain www.newhdplugin.net is registered by proxy through Moniker Online Services and was originally registered in February of 2014. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter. The domain is associated with the publisher Wilmaonline LTD. who is located in Raanana, Israel.
Remove Malware from www.newhdplugin.net - Powered by Reason Core Security
Registrar:
Moniker Online Services

Server location:
Oregon, United States (US)

Create date:
Thursday, February 13, 2014

Expires date:
Saturday, February 13, 2016

Updated date:
Friday, January 23, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Avira AntiVirus
ADWARE/Adware.Gen2, Adware/Graftor.146078.139, APPL/Bundler.Amonetize.N.102, APPL/Amonetize.Z, APPL/Amonetize.htzw, Adware/Amonetize.tzv
100.00%

Malwarebytes
PUP.Optional.Amonetize.A, PUP.Optional.Monetizer, PUP.Optional.Downloader
97.30%

AhnLab V3 Security
PUP/Win32.Amonetiz, PUP/Win32.Amonetize
94.59%

ESET NOD32
Win32/Amonetize.AI (variant), Win32/Amonetize.AJ (variant), Win32/Amonetize.AS (variant), Win32/Amonetize.AO (variant), Win32/Amonetize.AX (variant)
91.89%

Reason Heuristics
PUP.Installer.Wilmaonline.g, PUP.Installer.Wilmaonline.k, PUP.Wilmaonline.P, Threat.Win.Reputation.IMP, PUP.Installer.Amonetizeltd.h, PUP.Installer.KOMPANIYAR.f, PUP.Installer.Wilmaonline.BB
89.19%

AVG
Downloader, MalSign.Wilmo, Generic_r, BundleApp_r.R
86.49%

avast!
Win32:Amonetize-N [PUP], Win32:PUP-gen [PUP], Win32:Amonetize-O [PUP], Win32:Amonetize-Y [PUP], Win32:Amonetize-AK [PUP]
78.38%

Sophos
Amonetize, Generic PUA DD, Generic PUA NH, Generic PUA MC, Generic PUA CF, Generic PUA JN
78.38%

Dr.Web
Adware.Downware.2250, Adware.Downware.2467, Adware.Downware.3925, Adware.Downware.5488, Adware.Downware.5546, Adware.Downware.5046
75.68%

McAfee Web Gateway
Artemis!62C7FC5C4A49, Artemis!34251EF03489, Artemis!110B004CB741, Artemis!28CDFA5D5BA5, Artemis!295A2D4C2B9B, Artemis!7050E7A1E35B
70.27%

McAfee
Artemis!62C7FC5C4A49, Artemis!34251EF03489, Artemis!110B004CB741, Artemis!28CDFA5D5BA5, Artemis!295A2D4C2B9B, Artemis!7050E7A1E35B, PUP-FBM!406ED99106D2, PUP-FBM!8ED066183EF9, PUP-FBM!CD0BF83F430A, PUP-FBM!838E942A7DDD, Artemis!189B08670FA1
67.57%

Kaspersky
not-a-virus:AdWare.Win32.Amonetize, not-a-virus:HEUR:AdWare.Win32.Amonetize
67.57%

Baidu Antivirus
Adware.Win32.Amonetize
67.57%

VIPRE Antivirus
Trojan.Win32.Generic, Amonetize, Threat.4150696
59.46%

NANO AntiVirus
Riskware.Win32.Amonetize.czmxgw, Riskware.Win32.Downware.cyusqp, Riskware.Win32.Amonetize.czcqbh, Riskware.Win32.Amonetize.czmqeb
56.76%

The domain www.newhdplugin.net has been seen to resolve to the following 11 IP addresses.

ec2-54-245-87-78.us-west-2.compute.amazonaws.com
February 10, 2016

ec2-54-245-242-253.us-west-2.compute.amazonaws.com
May 4, 2015

ec2-54-244-90-176.us-west-2.compute.amazonaws.com
May 3, 2015

ec2-54-214-33-160.us-west-2.compute.amazonaws.com
November 10, 2014

ec2-54-245-104-86.us-west-2.compute.amazonaws.com
October 20, 2014

ec2-54-214-6-146.us-west-2.compute.amazonaws.com
August 17, 2014

ec2-54-214-247-254.us-west-2.compute.amazonaws.com
August 13, 2014

ec2-54-203-247-123.us-west-2.compute.amazonaws.com
July 31, 2014

ec2-54-244-225-147.us-west-2.compute.amazonaws.com
April 26, 2014

ec2-54-214-5-255.us-west-2.compute.amazonaws.com
April 26, 2014

ec2-54-244-243-165.us-west-2.compute.amazonaws.com
March 12, 2014

File downloads found at URLs served by www.newhdplugin.net.

 
Latest 30 of 96 download URLs

The following 6 files have been seen to comunicate with www.newhdplugin.net in live environments.

URL:
http://www.newhdplugin.net/

Google Analytics:
UA-40440173

Title:
“Flash Player Download - Home”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
AmazonS3

Facebook:
Shares:  3
Comments:  1

Statistics are for the previous month.

Remove Malware from www.newhdplugin.net - Powered by Reason Core Security