» www.newhdplugin.net
Overview
Analysis
IPs Addresses (17)
Downloads (122)
Network (47)
Website Detail
Statistics

www.newhdplugin.net

Wilmaonline LTD. (via a Proxy Registrant)

Domain Information

The domain www.newhdplugin.net is registered by proxy through Moniker Online Services and was originally registered in February of 2014. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network. The domain is associated with the publisher Wilmaonline LTD. who is located in Raanana, Israel.

Registrant:

Moniker Privacy Services on behalf of Wilmaonline LTD.

Registrar:

Moniker Online Services

Server location:

Quebec, Canada (CA)

Create date:

Thursday, February 13, 2014

Expires date:

Monday, February 13, 2017

Updated date:

Thursday, February 18, 2016

Root domain:

newhdplugin.net

Whois:

4 newhdplugin.net records

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Installer.Wilmaonline.g, PUP.Installer.Wilmaonline.k, PUP.Wilmaonline.P, Threat.Win.Reputation.IMP, PUP.Wilmaonline.c, PUP.Installer.Wilmaonline.BB, (M), Adware.Amonetize.Installer.Installer.Meta (M)

88.89%

Avira AntiVirus

ADWARE/Adware.Gen2, APPL/Amonetize.Z, APPL/Amonetize.htzw, Adware/Amonetize.tzv

77.78%

Malwarebytes

PUP.Optional.Amonetize.A, PUP.Optional.Downloader, PUP.Optional.Monetizer

75.00%

AhnLab V3 Security

PUP/Win32.Amonetiz, PUP/Win32.Amonetize

69.44%

avast!

Win32:PUP-gen [PUP], Win32:Amonetize-N [PUP], Win32:Amonetize-O [PUP], Win32:Amonetize-P [PUP], Win32:Amonetize-Y [PUP], Win32:Amonetize-AX [PUP], Win32:Amonetize-BA [PUP]

66.67%

ESET NOD32

Win32/Amonetize.AI (variant), Win32/Amonetize.AJ (variant), Win32/Amonetize.AO (variant), Win32/Amonetize.AS (variant), Win32/Amonetize.AW (variant)

66.67%

AVG

MalSign.Wilmo, Generic_r, BundleApp_r.R, Adware Generic_r.IT

66.67%

Kaspersky

not-a-virus:AdWare.Win32.Amonetize, not-a-virus:HEUR:AdWare.Win32.Amonetize

55.56%

Dr.Web

Adware.Downware.2250, Adware.Downware.2467, Adware.Downware.3925, Adware.Downware.5046, Adware.Downware.8024, Adware.Downware.7989

55.56%

Baidu Antivirus

Adware.Win32.Amonetize

55.56%

McAfee

Artemis!62C7FC5C4A49, Artemis!34251EF03489, Artemis!110B004CB741, RDN/Generic PUP.x!bvn, Artemis!28CDFA5D5BA5, Artemis!D5F74C41F572, Artemis!5CB2C34C2246, PUP-FBM!8ED066183EF9, PUP-FBM!838E942A7DDD

52.78%

Sophos

Amonetize, Generic PUA CF, Generic PUA JN, Amonetize (PUA)

52.78%

VIPRE Antivirus

Trojan.Win32.Generic, Amonetize, Threat.4150696, Threat.4785227

50.00%

NANO AntiVirus

Riskware.Win32.Amonetize.cvsxxi, Riskware.Win32.Downware.cyusqp, Riskware.Win32.Amonetize.czmqeb, Trojan.Win32.Agent.dbbsxs

44.44%

Qihoo 360 Security

Win32/Virus.Adware.932, Win32/Trojan.Multi.daf, Win32/Virus.Adware.389, Win32/Application.639, Win32/Application.c7d, Win32/Virus.Adware.e09

41.67%

The domain www.newhdplugin.net has been seen to resolve to the following 17 IP addresses.

167.114.156.214

ns513839.ip-167-114-156.net

July 3, 2016

July 3, 2016

June 4, 2016

May 20, 2016

May 16, 2016

February 27, 2016

ec2-54-245-87-78.us-west-2.compute.amazonaws.com

February 10, 2016

54.245.242.253

ec2-54-245-242-253.us-west-2.compute.amazonaws.com

May 4, 2015

54.244.90.176

ec2-54-244-90-176.us-west-2.compute.amazonaws.com

May 3, 2015

54.214.33.160

ec2-54-214-33-160.us-west-2.compute.amazonaws.com

November 10, 2014

54.245.104.86

ec2-54-245-104-86.us-west-2.compute.amazonaws.com

October 20, 2014

54.214.6.146

ec2-54-214-6-146.us-west-2.compute.amazonaws.com

August 17, 2014

54.214.247.254

ec2-54-214-247-254.us-west-2.compute.amazonaws.com

August 13, 2014

54.203.247.123

ec2-54-203-247-123.us-west-2.compute.amazonaws.com

July 31, 2014

54.244.225.147

ec2-54-244-225-147.us-west-2.compute.amazonaws.com

April 26, 2014

54.214.5.255

ec2-54-214-5-255.us-west-2.compute.amazonaws.com

April 26, 2014

54.244.243.165

ec2-54-244-243-165.us-west-2.compute.amazonaws.com

March 12, 2014

File downloads found at URLs served by www.newhdplugin.net.

11 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZkdXVpZD1lZThmZGExOS01NWJlLTQzOTgtYmUwOS01YTJhOGQ0ZGVkZDQ (flashplayersetup__6802_i457992614_il31.exe)

9 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZmdXVpZD04MmRkMjVmYi03ZTI0LTQzZDctYjY2MC1jODY0YjZhZTFmODM (flashplayersetup__6802_i471225464_il31.exe)

1 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZydXVpZD05ZmVkODkzNi1kYzFhLTRhZjgtOTllNy04ZjI2MmIxMTQyMGQ (flashplayersetup__6802_i461870883_il31.exe)

1 / 68 (Malware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=7868&capp=FlashPlayer&ti1={clickID} (flashplayersetup__2583_i732314868_il1.exe)

1 / 68 (Malware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZzdXVpZD05YzEyYjhkNy1iYjJjLTQwMzYtOGU0NC1hYWZkMmY0YmMzNTM (flashplayersetup__2583_i676470620_il9.exe)

13 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z5dXVpZD00ZWJjYTlhOC0zY2M4LTQ1MGQtOTEzYy0zZGQzZTMxOTU5MDA (7zip__6621_il77.exe)

11 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZmdXVpZD01ZjRlMzY5MC0yNTM2LTQ1NDItYjVhOS00MzkxNTNjODBmMTc (flashplayersetup__6802_i457992614_il31.exe)

10 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z2dXVpZD1jODcwMDU4Ni04ZDk2LTRjMmQtYWFiZC05MjA1YmRjNmQ2ZWM (----flashplayersetup__6802_i450207357_il31.exe)

10 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZwdXVpZD0xNjExMWRlMi1kZDZmLTQ2ZDMtYjMwZS00ZDMwMTQwZTYwNWI (----flashplayersetup__6802_i450207357_il31.exe)

13 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZwdXVpZD04MWI0MDI4Yi1kNGZlLTQ1ODUtOGY0OC0wMjMyZDE1YmMwODg (7zip__6621_il77.exe)

10 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZwdXVpZD03NzNiNDA0Mi1mNWY3LTQzNTYtOTU4NS1mZmI3OGIxYzcwODk (----flashplayersetup__6802_i450207357_il31.exe)

13 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z1dXVpZD0yYTU2MjVjOS01ZjEzLTRiMzctYTFmNC1iZWU3ZWExYWI1MzQ (7zip__6621_il77.exe)

1 / 68 (Malware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=8051&capp=FlashPlayer&ti1={clickID} (flashplayersetup__8051_i657938901_il9.exe)

2 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZydXVpZD0wZDE5ZjVjNS1hMWY1LTQ4YWQtYWVhYS1hY2IwZGI1NGQyNmI (flashplayersetup__6802_i445585199_il31.exe)

1 / 68 (Malware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z2dXVpZD1jNWY2OTJhMy01N2FjLTRjZTctOGNkMC1hMjdkZmUzNTI2MTk (flashplayersetup__4651_i668384969_il9.exe)

31 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZkdXVpZD0xZjViNzJlMy0zMzI5LTQ4YWYtYTJiYy0wODdiNTk0OTRkNTM (flashplayersetup__6802_i461377462_il31.exe)

1 / 68 (Malware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=7871&capp=FlashPlayer&ti1={clickID} (flashplayersetup__7871_i712265415_il1.exe)

11 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZzdXVpZD1iMTZjMmM1ZS00NTI3LTQ5OGYtODBjMS1lOThlNmYyMTQzNjk (flashplayer__6741_i569799895_il3.exe)

19 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZkdXVpZD0wZTJkMGJjOS01ZjRjLTRkMmItODFkNy1kMWE1MTQwZWFkNmI (flashplayersetup__6802_i469549172_il31.exe)

13 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=8237&capp=FlashPlayer (flashplayersetup__4651_i690590096_il9.exe)

13 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZldXVpZD0wYWU0OWU5Yi0wZDM5LTRmNGItYmM2ZC1jNjc1NWY1YmNlYjM (7zip__6621_il77.exe)

20 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZhdXVpZD05ZGQ0ODIzOC0xMjA5LTRjYjEtOWE5OS1jYmIyNTM3ZThhZGI (flashplayer__6741_i600030111_il3.exe)

5 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZkdXVpZD1jM2UyMjU4Yy1iYWNkLTQ0OTMtODY3Ny1jNzkxMGI0OTBkZTY (flashplayersetup__4651_i424226665_il31.exe)

26 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z1dXVpZD0yYzM2NzE2MC1jMDJhLTQ0NDItOGE3ZC01M2U2NjIzMTc1ZWE (flashplayersetup__6595_i484514001_il31.exe)

11 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=7866&capp=FlashPlayer&ti1={clickID} (flashplayersetup__6802_i720923669_il1.exe)

30 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=8500&capp=FlashPlayer (mqnh6d3q.exe)

12 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZydXVpZD1jODFjY2RkZS05OWM2LTQ5NjgtODFkZC00OWRlMGEyMmYyOGU (flashplayersetup__6802_i429319110_il31.exe)

13 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z0dXVpZD04NmIwODExMy01OTFmLTRlZTMtOGIxZS04ZGQ5YzE1OTE0YTk (7zip__6621_il77.exe)

20 / 68 (Adware)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=7343&capp=FlashPlayer&ti1=lax1CJuP39KMhtrAOBACGOuA_7us3qqAPyINNzUuNjYuMTUwLjE1MCgBMJCn058F&ti2=SBZ&ti3=3374519 (flashplayer__4120_i1198524369_il28.exe)

20 / 68 (PUP)

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=2583&capp=FlashPlayer&ti1=0040797773972749770 (flashplayersetup__8500_i746084420_il1.exe)

Latest 30 of 122 download URLs

The following 47 files have been seen to comunicate with www.newhdplugin.net in live environments.

TCP » 167.114.156.214:3333

webproxy.exe

TCP » 167.114.156.214:80

setup_info.exe

TCP » 167.114.156.214:80

tencent.exe (by Tencent)

TCP » 167.114.156.214:80

rs.exe

TCP » 54.245.104.86:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 167.114.156.214:80

loader.exe (Updater by SOFTWARE AGILITY LIMITED)

TCP » 167.114.156.214:80

win.exe (SendStat Module)

TCP » 167.114.156.214:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.244.243.165:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 167.114.156.214:80

ProxyFinder.EXE (Proxy Finder Enterprise Edition Application)

TCP » 54.244.243.165:80

instatime.exe

TCP » 167.114.156.214:80

citrio.exe (Citrio by CatalinaGroup)

TCP » 167.114.156.214:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 167.114.156.214:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 167.114.156.214:80

deamon.exe

TCP » 54.244.243.165:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.244.243.165:443

wikithemes.exe

TCP » 54.244.243.165:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 167.114.156.214:80

run_css.exe

TCP » 167.114.156.214:1177

pirater facebook v1.0.exe

Latest 20 of 57 files

URL:

http://www.newhdplugin.net/

Title:

“newhdplugin.net”

Title (3/12/2014):

“Flash Player Download”

Title (5/3/2015):

“Flash Player Download - Home”

Web server:

nginx

Facebook:

Shares: 3

Comments: 1

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.