home

newupdatesneeded.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain newupdatesneeded.com is registered by proxy through ENOM, INC. and was originally registered in July of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
ENOM, INC.

Server location:
Virginia, United States (US)

Create date:
Friday, July 18, 2014

Expires date:
Saturday, July 18, 2015

Updated date:
Friday, July 18, 2014

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Whois:
1 newupdatesneeded.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.LionSeaSoftwarecoltd.F, PUP.Installer.SafeUpdateTechnologSafeUpdateTechnology.F, PUP.AdGazelle.SafeUpdateTechnologSafeUpdateTechnology.Installer (M), PUP.AdGazelle.SafeUpda.Installer (M), PUP.Outbrowse.Bestapp.Bundler (M), PUP.AdGazelle (M)
97.37%

avast!
Win32:Adware-gen [Adw], Win32:Malware-gen
10.53%

VIPRE Antivirus
Threat.5063330
10.53%

Avira AntiVirus
Adware/AgentCV.A.7184, ADWARE/Adware.Gen2
10.53%

AVG
Generic
10.53%

ESET NOD32
Win32/AdGazelle (variant)
7.89%

Comodo Security
Application.Win32.AgentCV.VDPS
5.26%

Agnitum Outpost
Riskware.Agent
5.26%

Dr.Web
Adware.Downware.8645
5.26%

K7 AntiVirus
Unwanted-Program
5.26%

herdProtect (fuzzy)
a variant of 975a7bd1b7f319029169eff146286e63965da1c2
2.63%

F-Secure
Gen:Variant.Adware.Strictor.67719
2.63%

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.67719
2.63%

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.67719
2.63%

Norman
Gen:Variant.Adware.Strictor.67719
2.63%

The domain newupdatesneeded.com has been seen to resolve to the following 4 IP addresses.

185.53.177.6
June 18, 2016

54.72.9.51
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
May 17, 2016

54.83.26.63
ec2-54-83-26-63.compute-1.amazonaws.com
September 18, 2014

23.23.129.134
ec2-23-23-129-134.compute-1.amazonaws.com
August 28, 2014

File downloads found at URLs served by newupdatesneeded.com.

1 / 68      (Adware)
http://newupdatesneeded.com/Download?lpm_id=13  (setup.exe)

1 / 68      (Adware)
http://newupdatesneeded.com/Download?lpm_id=4  (setup.exe)

1 / 68      (PUP)
http://newupdatesneeded.com/Download?lpm_id=9  (setup.exe)

1 / 68      (Adware)
http://newupdatesneeded.com/Download?lpm_id=35  (setup.exe)

The following 215 files have been seen to comunicate with newupdatesneeded.com in live environments.

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
onedrvup.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
247843.ftf (Optimizer Pro v3.2 by PC Utilities Software Limited)

TCP » 54.72.9.51:80
1799877.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
install_flashplayer14x32_x64md_aaa_aih.exe (bon joueur)

TCP » 54.72.9.51:80
optimizerproinstaller.exe (Optimizer Pro v3.2 by PCUtilities Software Limited)

TCP » 54.72.9.51:80
charles.exe (by Apple)

TCP » 54.72.9.51:80
onedrv.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 54.72.9.51:80
install_flashplayer16x33_masp_aaa_aih.exe (by Apple)

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
g.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
hqghumeaylnlf.exe (Optimizer Pro v3.2 by PC Utilities Software Limited)

 
Latest 20 of 219 files

URL:
http://newupdatesneeded.com/

Title:
“Free Downloads”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.