home

well-new.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain well-new.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in November of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Virginia, United States (US)

Create date:
Sunday, November 30, 2014

Expires date:
Wednesday, November 30, 2016

Updated date:
Sunday, October 25, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Whois:
2 well-new.com records

Scanner detections:
Detections  (89% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore (M), PUP.Installer.Bundler.Installer.Meta (M), PUP.NewMedia.NMH.installCore.Installer (M), PUP.InstallCore.RES (M), PUP.InstallCore.Internet.Installer.Meta (M), PUP.InstallCore.RE48 (M), PUP.NewMedia.NMH (M)
92.00%

ESET NOD32
Win32/InstallCore.YW potentially unwanted application, Win32/InstallCore.ACZ potentially unwanted application
8.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
8.00%

K7 AntiVirus
Adware
8.00%

NANO AntiVirus
Riskware.Win32.InstallCore.dsmvms, Riskware.Win32.InstallCore.dsmvpd
8.00%

Comodo Security
Application.Win32.InstallCore.DAH, Application.Win32.InstallCore.DQY
8.00%

Avira AntiVirus
PUA/InstallCore.dfs, PUA/InstallCore.A.11
8.00%

Qihoo 360 Security
Win32/Virus.b10, HEUR/QVM06.1.Malware.Gen
8.00%

avast!
Malware-gen
4.00%

Malwarebytes
PUP.Optional.InstallCore
4.00%

Agnitum Outpost
Trojan.Badur
4.00%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
4.00%

The domain well-new.com has been seen to resolve to the following 6 IP addresses.

52.7.132.182
ec2-52-7-132-182.compute-1.amazonaws.com
December 15, 2015

107.23.203.23
ec2-107-23-203-23.compute-1.amazonaws.com
December 15, 2015

54.84.143.69
ec2-54-84-143-69.compute-1.amazonaws.com
December 15, 2015

54.209.232.94
ec2-54-209-232-94.compute-1.amazonaws.com
June 19, 2015

54.84.140.114
ec2-54-84-140-114.compute-1.amazonaws.com
June 19, 2015

54.236.147.238
ec2-54-236-147-238.compute-1.amazonaws.com
June 19, 2015

File downloads found at URLs served by well-new.com.

1 / 68      (Adware)
http://well-new.com/?dl=1&pi=ATn0Nz7wNTnRNM==&osos=VdluDrW3cw==&dr=cHaWck1zcrW0IKDFvExthXN3DKV0OSDzcj1QDyDphXAmD3vpDZ0m rcWDK4m7dAWVVAm7dREhKVuvmAWASDChTMm7dlChV84NTCdNjCwOTnm7K2pDZ1fNZawNzM4OTnyAw==&pd=2323UmxJ2dFB d5CDrW3 QFj d0=&campaignId=9jn0Azn1Nz7wAZMq  (spotifysetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=Ajg4NzcyAzi3Ai==&osos=VdluDrW3cw==&dr=cHaWck1zcrW0IKDFvExthXN3DKV0vENyhKvEvmCWcyDEcmlChSDBDz1l QDj7z1VLyDj rcWDK4m7z0RvmiWAkDjIKiWXzMFAjLzAjn0ASDPDdlChV8FOZC0OZMRNZgy&pd=2323UEVw rWPDk1E d2JUmNJ i==&campaignId=9jn0Ajc3NjAdAZMq  (spotifysetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=Ajg4NzcyAZC1Ni==&osos=VdluDrW3cw==&dr=cHaWck1tIKFl73vPDEim2r0Wc32lDXiyvENyhKvEvmCWcyDEcmlChSDBDz1l QDj7z1TxyDj rcWDK4m7z0RvmiWAkDjIKiWXznzOTCyOZMFASDPDdlChV80Nj70ATa4ATiy&pd=2323UmRlDdVuDrVyeS1PcHszUmNJ i==&campaignId=9jn0AjCzNTi4AZMq  (minecraftsetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=Ajg4NzcyAj7yAM==&osos=VdluDrW3cw==&dr=c3aW7mcm2r0Wc32lDXimcHaWck1z2rVP SDphXAmD3vpDZ0m rcWDK4m7dAWL0Lm7dREhKVuvmAWASDChTMm7dlChV83AZ7dNjCwOTnm7K2pDZ1fOZM4ATidNzMyAw==&pd=2323UmxJ2d4t7XswcyFj d0=&campaignId=9jn0Ajc4OTLwAZMq  (steamsetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=ATn4Njc4NTaFNw==&osos=VdluDrW3cw==&chnl=b_sa_ch&dr=cHaWck1z2rVP SD0 T1z2dVl2Z7mc3aW7mcmIT1zvm2yIKiWvmREhKVuvmNjhVVTvmNBDz1l QDjhTnmDZ0wvmNpDZ1fATCFOT7FAZCRvm5EIKiWXzi3NzCzAzgwAjA=&pd=2323UmxJ2d4t7XswcyFj d0=&campaignId=9jn0AzidAzCdAZMq  (steamsetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=ATgRNZg3OTnwNw==&osos=VdluDrW3cw==&chnl=b_sa_chwin8&dr=cHaWck1Q HVlc3xP7dtzvExthXN3DKV0NkDzcj1QDyDphXAmD3vpDZ0m rcWDK4m7dAWVVAm7dREhKVuvmAWASDChTMm7dlChV8RNzL4NzgwOTnm7K2pDZ1fAZg1Nji4ATa0Ag==&pd=2323Um5wcHAt mV3UmNJ i==&campaignId=9jn0AzLwNjgwAZMq  (bluestackssetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=ATM0OTM4AznyAi==&osos=VdluDrW3cw==&chnl=b_sa_chwin8&dr=c3aW7mcm2r0Wc32lDXimcHaWck1q7XDPvmCWcyDEcmlChSDBDz1l QDj7z1nSyDj rcWDK4m7z0RvmiWAkDjIKiWXzCzAzidOTMFASDPDdlChV80NZiROTa3AZaz&pd=2323UmxJ2d4tDdV0UmNJ i==&campaignId=9jn0AziFOZcwAZMq  (javaruntimeenvironmentsetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=ATCwOZLRNjgFAM==&osos=VdluDrW3cw==&chnl=b_sa_ch&dr=cHaWck1wDr7tcmVPDrVyvExthXN3DKV0vENyhKvEvmCWcyDEcmlChSDBDz1l QDj7z1vTQDj rcWDK4m7z0RvmiWAkDjIKiWXzL0Nz7yAZnFASDPDdlChV8wOTAFNTMdATaz&pd=2323Uml0UKD1 QFj d0=&campaignId=9jn0AzLRATAwAZMq  (pdfreadersetup.exe)

0 / 68
http://well-new.com/?dl=1&pi=ATMFAZn0AjAFOM==&osos=VdluDrW3cw==&chnl=b_sa_chwin8&dr=c3aW7mcm2r0Wc32lDXimcHaWck13IKFy7XamIT1zvm2yIKiWvmREhKVuvmNjhVVTvmNBDz1l QDjhTnmDZ0wvmNpDZ1fAzg4Nj7FAZCRvm5EIKiWXzC1AZAyNzcwAjA=&pd=2323Um5wcHAtDdV0UmNJ i==&campaignId=9jn0AzLyOTnyAZMq  (winrar_setup.exe-setup.website)

1 / 68      (Adware)
http://well-new.com/?dl=1&pi=ATLRAZaFAZMFAg==&osos=VdluDrW3cw==&chnl=b_sa_sign_win8&dr=cHaWck1mIXvlDmW4vExthXN3DKV0AQDzcj1QDyDphXAmD3vpDZ0m rcWDEam7dAWxlam7dREhKDyvmAWASDChTMm7dlChV8RNTnwAzgwOTnm7K2pDZ1fNza3AzayOZn0Ag==&pd=2323UEvP2rLt2XNlUmNJ i==&campaignId=9jn0AziFNzi0AZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://well-new.com/?dl=1&pi=Ajg4NzcyAZgzAw==&osos=VdluDrW3cw==&dr=cHaWck1jIHvJ KLm2r0Wc32lDXiyvENyhKvEvmCWcyDEcmlChSDBDz1p2kDj7z1vVkDj rcWIXim7z0RvmiWAkDjIKiWXzLzNZczOZMFASDPDdlChV8wAZaRNjC4ATiy&pd=2323UExJck1EIXDlUmNJ i==&campaignId=9jn0Ajc3AT74AZMq  (googlechromesetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=ATC3NzM3NZAdNM==&osos=VdluDrW3cw==&dr=c3aW7mcm2r0Wc32lDXimcHaWck10DK5t2mll2dVyvmCWcyDEcmlChSDBDz1l QDj7z1vTQDj rcWDK4m7z0RvmiWAkDjIKiWXzM1NziFOZMFASDPDdlChV80NzgRNzazAjiy&pd=2323UmDyDKVBDK2l mxPcECu7dWt&campaignId=9jn0AznFAjcwAZMq  (teamviewersetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=ATnFNzAFAzg3Ni==&osos=VdluDrW3cw==&chnl=b_sa_temp|core&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWDK4m7dAWVVAm7dREhKVuvmAWASDChTMm7dlChVWZiL1iiLlHTlWvxkDG2z1YIdVF2dWyDH0m XiWed1P2rNo2HlwDX0m K4We3sB7KNl KVu2H0m73iWe3xPcm2l2H0m EiWedlmidWu2rVu2ZpnfXtpDlNl7XvjIZpLfSDleHsyhXtP7dVpDH0m7XMWed5CcrWzIXxp dFWvmxdhXtCDXDp7dVWvEsyhXMt KluDKNy7KD0vExthXN3DKV0OSDzcj1QDyDPDdlChVWsxn2ST1ViX0ln&pd=2323UEsB7XCt rlGDSFj d0=&campaignId=9jn0AzAdNTn0AZMq  (minecraftsetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=AjCyAznyAjc1Nw==&osos=VdluDrW3cw==&chnl=b_sa_ch&dr=cHaWck1z7KDPcmCm2r0Wc32lDXiyvENyhKvEvmCWcyDEcmlChSDBDz1l QDj7z1VLyDj rcWDK4m7z0RvmiWAkDjIKiWXzCyOZi4OTMFASDPDdlChV8dNjLROTARATaz&pd=2323Umluc3xP rRw 3Mu7dWt&campaignId=9jn0AzA3AzMdAZMq  (safarisetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=AzAdOTMdAZL4Nw==&osos=VdluDrW3cw==&dr=cHaWck1uDKVCUKDJcQ1zcrVlDk13 3vBDkD0 T1z2dVl2Zimc3aW7mcmIT1zvm2yIKiWvmREhKVuvmNjhLvSvmNBDz1l QDjhTnmDZ0wvmNpDZ1fNZizAjc4AZCRvm5EIKiWXzgwOZCdAzMyNZa=&pd=2323UEvP2rV1cdLu7dWt&campaignId=9jn0AznzATn0AZMq  (needforspeedworldsetup.exe)

0 / 68
http://well-new.com/?dl=1&pi=NZM1NT70Ajgy&osos=VdluDrW3cw==&dr=cHaWck1z2rVP SD0 T1z2dVl2kDzcj1QDyDphXAmD3vpDZ0m rcWDK4m7dAWVVAm7dREhKVuvmAWASDChTMm7dlChV8FAT7dNjCwOTnm7K2pDZ1fATgRNTLdNzMyAw==&pd=2323UmxJ2d4t7XswcyFj d0=&campaignId=9jn0AzM1Ajg0AZMq  (steamsetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=ATA3ATawNjidAw==&osos=VdluDrW3cw==&dr=cHaWck1JcrVu dDmIKNlvExthXN3DKV0NQDzcj1QDyDphXAmD3vpDZ0m rcWDK4m7dAWL0Lm7dREhKVuvmAWASDChTMm7dlChV8dATM4AZMROTnm7K2pDZ1fOZadATnyNTnyAw==&pd=2323Um2l2k1oDXvlUmNJ i==&campaignId=9jn0AznwAjcwAZMq  (openofficesetup.exe)

1 / 68      (Adware)
http://well-new.com/?dl=1&pi=ATM1AjnwNZnzAM==&osos=VdluDrW3cw==&chnl=&dr=cHaWck1jIHvJ KLm2r0Wc32lDXiyvENyhKvEvmCWcyDEcmlChSDBDz1l QDj7z1TxSDj rcWDK4m7z0RvmiWAkDjIKiWXzaFAjAzOZMFASDPDdlChV8zNTMyNzA4ATiy&pd=2323UExJck1EIXDlUmNJ i==&campaignId=9jn0AzLyATA4AZMq  (googlechromesetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=Ajg4NzcyAZgzAw==&osos=VdluDrW3cw==&dr=c3aW7mcm2r0Wc32lDXimcHaWck10DK5t2mll2dVyvmCWcyDEcmlChSDBDz1l QDj7z1vTQDj rcWDK4m7z0RvmiWAkDjIKiWXzM1NziFOZMFASDPDdlChV8ROZcRNzazAjiy&pd=2323UmDyDKVBDK2l mxPcECu7dWt&campaignId=9jn0AjgFOZL4AZMq  (teamviewersetup.exe)

0 / 68
http://well-new.com/?dl=1&pi=Ajg4NzcRNZi1OM==&osos=VdluDrW3cw==&dr=cHaWck10DK5t2mll2dVyvExthXN3DKV0AQDzcj1QDyDphXAmD3vpDZ0m rcWDK4m7dAWxVAm7dREhKVuvmAWASDChTMm7dlChV8RATg0OTgwOTnm7K2pDZ1fAZAFOZgyAza0Ag==&pd=2323UmDyDKVBDK2l mxPcECu7dWt&campaignId=9jn0Ajc0NzawAZMq  (teamviewer_setup_fr.exe)

1 / 68      (Adware)
http://well-new.com/?dl=1&pi=ATcFAjMyOTC3Ni==&osos=VdluDrW3cw==&chnl=b_sa_sign_win8&dr=c3aW7mcm2r0Wc32lDXimcHaWck1z2rVP SDphXAmD3vpDZ0m rcWDK4m7dAWSL4m7dREhKVuvmAWASDChTMm7dlChV8wAZ7dNjCwOTnm7K2pDZ1fAZizAzAdNzMyAw==&pd=2323UmxJ2d4t7XswcyFj d0=&campaignId=9jn0AzAdNjayAZMq  (steamsetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=AznzNTg0NjgyAg==&osos=VdluDrW3cw==&chnl=b_sa_ch&dr=cHaWck1j 3Vu2rVyUXN0cmlGDS1J mRp mLm2r0Wc32lDXiFvENyhKvEvmCWcyDEcmlChSDBDz1w2kDj7z1kLQDj rcWcHim7z0RvmiWAkDjIKiWXzCRAjAyATnFASDPDdlChV83AzAyNTn1Ajaz&pd=2323Um2yDK50UKtp miu7dWt&campaignId=9jn0AzizATawAZMq  (counterstrikesetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=NjA0AzCRNzCz&osos=VdluDrW3cw==&dr=c3aW7mcm2r0Wc32lDXimcHaWck1E dWE rLtDK5y2rgmIT1zvm2yIKiWvmREhKVuvmNjhVN5vmNBDz1l QDjhTnmDZ0wvmNpDZ1fNZgROZC4AZCRvm5EIKiWXzMzATi0NzAyNZa=&pd=2323UENJDEx37XvlUK2l2kFj d0=&campaignId=9jn0AzM0OZcwAZMq  (googleearthsetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=ATC3NjCzNj7yAw==&osos=VdluDrW3cw==&dr=cHaWck1E2r5fSVDfcd5uXd5uDHvl7XAm2r0Wc32lDXidvENyhKvEvmCWcyDEcmlChSDBDz1l QDj7z1vTQDj rcWDK4m7z0RvmiWAkDjIKiWXzgRAZcFOTMFASDPDdlChV8dNTM4OTMzATaz&pd=2323Umtp2dCtc3VuUmNJ i==&campaignId=9jn0AzMRATi0AZMq  (gtaivsanandreassetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=Ajg4NzcyAZgzAw==&osos=VdluDrW3cw==&dr=c3aW7mcm2r0Wc32lDXimcHaWck1q7XDPvmCWcyDEcmlChSDBDz1l QDj7z1TxSDj rcWDK4m7z0RvmiWAkDjIKiWXzc0AzidOTMFASDPDdlChV80NTiROTa3AZaz&pd=2323UmxJ2d4tDdV0UmNJ i==&campaignId=9jn0AjCyAziyAZMq  (javaruntimeenvironmentsetup.exe)

1 / 68      (PUP)
http://well-new.com/?dl=1&pi=AT70NTA0Aza3AM==&osos=VdluDrW3cw==&chnl=b_sa_chwin8&dr=cHaWck1jIHvJ KLm2r0Wc32lDXiyvENyhKvEvmCWcyDEcmlChSDBDz1l QDj7z1VLyDj rcWDK4m7z0RvmiWAkDjIKiWXziRAzAzOZMFASDPDdlChV83NjgyNzA4ATiy&pd=2323UExJck1EIXDlUmNJ i==&campaignId=9jn0Aza4NTayAZMq  (googlechromesetup.exe)

10 / 68    (PUP)
http://well-new.com/?dl=1&pi=Ajg4NzcyNTMRNM==&osos=VdluDrW3cw==&dr=cHaWck1w r5u2HAt2EAtemWt7mllcyD0 T1z2dVl2Zamc3aW7mcmIT1zvm2yIKiWvmREhKVuvmNjhVVTvmNBDz1l QDjhTnmDZ0wvmNpDZ1fNjn1Nz7FAZCRvm5EIKiWXzCwNzC0OZcwAjA=&pd=2323Um2J dxP73xp2mLu7dWt&campaignId=9jn0AjgRNT7wAZMq  (plantsvszombiessetup.exe)

8 / 68      (PUP)
http://well-new.com/?dl=1&pi=ATnFOZg4OZL0Ni==&osos=VdluDrW3cw==&dr=cHaWck13IKFC 32zUK1J2mllUK1PIdVyvExthXN3DKV0vENyhKvEvmCWcyDEcmlChSDBDz1l QDj7z1VLyDj rcWDK4m7z0RvmiWAkDjIKiWXzMROZ7dOTMFASDPDdlChV8yOZAdOT73AZaz&pd=2323UmxJ2d4tcdWm2H2PcmLu7dWt&campaignId=9jn0AzMwAZnwAZMq  (windowsmoviemakersetup.exe)

The following 3 files have been seen to comunicate with well-new.com in live environments.

TCP » 54.84.143.69:80
WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

TCP » 54.84.143.69:80
notifier64.exe (Notifications)

TCP » 54.84.143.69:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

June 6, 2016
www.well-new.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.