www.newhdplugin.net

Wilmaonline LTD.  (via a Proxy Registrant)

Domain Information

The domain www.newhdplugin.net is registered by proxy through Moniker Online Services and was originally registered in February of 2014. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network. The domain is associated with the publisher Wilmaonline LTD. who is located in Raanana, Israel.
Registrar:
Moniker Online Services

Server location:
Quebec, Canada (CA)

Create date:
Thursday, February 13, 2014

Expires date:
Monday, February 13, 2017

Updated date:
Thursday, February 18, 2016

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Wilmaonline.g, PUP.Installer.Wilmaonline.k, PUP.Wilmaonline.P, Threat.Win.Reputation.IMP, PUP.Wilmaonline.c, PUP.Installer.Wilmaonline.BB, (M), Adware.Amonetize.Installer.Installer.Meta (M)
88.89%

Avira AntiVirus
ADWARE/Adware.Gen2, APPL/Amonetize.Z, APPL/Amonetize.htzw, Adware/Amonetize.tzv
77.78%

Malwarebytes
PUP.Optional.Amonetize.A, PUP.Optional.Downloader, PUP.Optional.Monetizer
75.00%

AhnLab V3 Security
PUP/Win32.Amonetiz, PUP/Win32.Amonetize
69.44%

avast!
Win32:PUP-gen [PUP], Win32:Amonetize-N [PUP], Win32:Amonetize-O [PUP], Win32:Amonetize-P [PUP], Win32:Amonetize-Y [PUP], Win32:Amonetize-AX [PUP], Win32:Amonetize-BA [PUP]
66.67%

ESET NOD32
Win32/Amonetize.AI (variant), Win32/Amonetize.AJ (variant), Win32/Amonetize.AO (variant), Win32/Amonetize.AS (variant), Win32/Amonetize.AW (variant)
66.67%

AVG
MalSign.Wilmo, Generic_r, BundleApp_r.R, Adware Generic_r.IT
66.67%

Kaspersky
not-a-virus:AdWare.Win32.Amonetize, not-a-virus:HEUR:AdWare.Win32.Amonetize
55.56%

Dr.Web
Adware.Downware.2250, Adware.Downware.2467, Adware.Downware.3925, Adware.Downware.5046, Adware.Downware.8024, Adware.Downware.7989
55.56%

Baidu Antivirus
Adware.Win32.Amonetize
55.56%

McAfee
Artemis!62C7FC5C4A49, Artemis!34251EF03489, Artemis!110B004CB741, RDN/Generic PUP.x!bvn, Artemis!28CDFA5D5BA5, Artemis!D5F74C41F572, Artemis!5CB2C34C2246, PUP-FBM!8ED066183EF9, PUP-FBM!838E942A7DDD
52.78%

Sophos
Amonetize, Generic PUA CF, Generic PUA JN, Amonetize (PUA)
52.78%

VIPRE Antivirus
Trojan.Win32.Generic, Amonetize, Threat.4150696, Threat.4785227
50.00%

McAfee Web Gateway
Artemis!62C7FC5C4A49, Artemis!34251EF03489, Artemis!110B004CB741, RDN/Generic PUP.x!bvn, Artemis!28CDFA5D5BA5, Artemis!D5F74C41F572
50.00%

NANO AntiVirus
Riskware.Win32.Amonetize.cvsxxi, Riskware.Win32.Downware.cyusqp, Riskware.Win32.Amonetize.czmqeb, Trojan.Win32.Agent.dbbsxs
44.44%

The domain www.newhdplugin.net has been seen to resolve to the following 17 IP addresses.

ns513839.ip-167-114-156.net
July 3, 2016

July 3, 2016

June 4, 2016

May 20, 2016

May 16, 2016

February 27, 2016

ec2-54-245-87-78.us-west-2.compute.amazonaws.com
February 10, 2016

ec2-54-245-242-253.us-west-2.compute.amazonaws.com
May 4, 2015

ec2-54-244-90-176.us-west-2.compute.amazonaws.com
May 3, 2015

ec2-54-214-33-160.us-west-2.compute.amazonaws.com
November 10, 2014

ec2-54-245-104-86.us-west-2.compute.amazonaws.com
October 20, 2014

ec2-54-214-6-146.us-west-2.compute.amazonaws.com
August 17, 2014

ec2-54-214-247-254.us-west-2.compute.amazonaws.com
August 13, 2014

ec2-54-203-247-123.us-west-2.compute.amazonaws.com
July 31, 2014

ec2-54-244-225-147.us-west-2.compute.amazonaws.com
April 26, 2014

ec2-54-214-5-255.us-west-2.compute.amazonaws.com
April 26, 2014

ec2-54-244-243-165.us-west-2.compute.amazonaws.com
March 12, 2014

File downloads found at URLs served by www.newhdplugin.net.

1 / 68      (Malware)

1 / 68      (Malware)

1 / 68      (Malware)

14 / 68    (PUP)

 
Latest 30 of 122 download URLs

The following 47 files have been seen to comunicate with www.newhdplugin.net in live environments.

 
Latest 20 of 57 files

URL:
http://www.newhdplugin.net/

Title:
“newhdplugin.net”

Title (3/12/2014):
“Flash Player Download”

Title (5/3/2015):
“Flash Player Download - Home”

Web server:
nginx

Facebook:
Shares:  3
Comments:  1

Statistics are for the previous month.