home

1stdl.org

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain 1stdl.org is registered by proxy through PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR). This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Gargallo, Piemonte within Italy which resides on the RIPE Network Coordination Centre network.
Registrar:
PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)

Server location:
Piemonte, Italy (IT)

ASN:
AS35415 WEBAZILLA Webazilla B.V.,NL

Whois:
1 1stdl.org record

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Installer.SystemApplet.R, PUP.Installer.TEHSNABSTROY.?, PUP.Installer.TEHSNABSTROY.m, PUP.Adknowledge.FusionInstall.Installer (M), Win32.Generic, Adware.Amonetize.Installer.Meta (M)
95.65%

avast!
Win32:Amonetize-BJ [PUP], Win32:Amonetize-BX [PUP], Win32:IBryte-CY [PUP], Win32:Amonetize-BZ [PUP], Win32:Adware-gen [Adw]
69.57%

McAfee
PUP-FBM!04275942AE92, PUP-FBM!B28114908E63, PUP-FBM!EC904BB78BBD, Artemis!42CFD7D9C79F, PUP-FBM!9465780CD795, Artemis!C97F6E48A413, PUP-FBM!BB1860BD285F, PUP-FBM!141E34DFB1C2, PUP-FBM!FC0A6524E4C6, PUP-FBM!CCF0EC352A8C, Artemis!34F193F5438F, PUP-FBM!D6EC87EB9007
65.22%

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize, not-a-virus:AdWare.Win32.iBryte, not-a-virus:AdWare.Win32.Amonetize
65.22%

Sophos
Amonetize, iBryte Optimum Installer, Generic PUA DD, Generic PUA KI
65.22%

Avira AntiVirus
ADWARE/Adware.Gen2, ADWARE/Adware.Gen7, APPL/Downloader.886
65.22%

AhnLab V3 Security
PUP/Win32.Amonetiz, PUP/Win32.IBryte
65.22%

ESET NOD32
Win32/Amonetize.AS (variant), Win32/Amonetize.AW (variant), Win32/Amonetize.BD (variant), Win32/Amonetize.BF.gen (variant)
65.22%

AVG
Generic_r, BundleApp_r.R, Adware Generic_s.CM
65.22%

NANO AntiVirus
Riskware.Win32.Downware.cyusqp, Riskware.Win32.Downware.czhuut, Riskware.Win32.Downware.czgvzu, Riskware.Win32.Downware.daymkg
60.87%

Baidu Antivirus
Adware.Win32.Amonetize
60.87%

Malwarebytes
PUP.Optional.Amonetize, PUP.Optional.OptimumInstaller.A
56.52%

VIPRE Antivirus
Amonetize, Threat.4778314, Trojan.Win32.Generic
56.52%

Trend Micro House Call
TROJ_GEN.R0C1H06ET14, TROJ_GEN.F47V0526, TROJ_GEN.F47V0524, TROJ_GEN.R0CBH06FM14, TROJ_GEN.R0C1H06FA14, TROJ_GEN.R0C1H06FN14
52.17%

Qihoo 360 Security
Win32/Virus.Adware.932, Win32/Trojan.Adware.37e, Malware.QVM10.Gen, HEUR/Malware.QVM10.Gen
47.83%

The domain 1stdl.org has been seen to resolve to the following IP address.

78.140.137.164
June 5, 2014

File downloads found at URLs served by 1stdl.org.

1 / 68      (PUP)
http://1stdl.org/.../?ref=p191.oc203.30966.203.627369ee907&prefix=DownloadFileSetup&url=&ti2=8345462675&country=VN&name=  (downloadfilesetup__2299_i957290161_il3945813.exe)

1 / 68      (PUP)
http://1stdl.org/.../?ref=p191.oc201.0.206.6840c7c416&prefix=DownloadFileSetup&url=&ti2=7543024076&country=RU&name=  (downloadfilesetup_s.exe)

24 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.610dd10ff21&prefix=DownloadFileSetup&url=&ti2=7642316609&country=IR&name=  (downloadfilesetup__2299_i827857494_il1859851.exe)

16 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.619649ca13&prefix=DownloadFileSetup&url=&ti2=7256070437&country=VN&name=  (MinecraftInstaller__2490_il503.exe)

1 / 68      (PUP)
http://1stdl.org/.../?ref=p191.oc203.5428.203.62950a46c14&prefix=DownloadFileSetup&url=&ti2=8439178207&country=IN&name=  (downloadfilesetup__2299_i968643166_il6231379.exe)

1 / 68      (Malware)
http://1stdl.org/.../?ref=p191.oc203.0.203.525514b2009&prefix=DownloadFileSetup&url=&ti2=6975508772&country=IN&name=  (windowsupdaterkb12695__7428_il175.exe)

1 / 68      (PUP)
http://1stdl.org/.../?ref=p191.oc201.0.206.531ff952301&prefix=DownloadFileSetup&url=&ti2=7199033342&country=RU&name=  (downloadfilesetup_s.exe)

16 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.672ab15d13&prefix=DownloadFileSetup&url=&ti2=7494265080&country=VN&name=  (brandon sanderson steelheart downloader__3687_i806786895_il5362240.exe)

16 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.5292b73a921&prefix=DownloadFileSetup&url=&ti2=7152436062&country=VN&name=  (panda cloud antivirus__6183_il597363.exe)

13 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.665afe6f07&prefix=DownloadFileSetup&url=&ti2=7443623220&country=VN&name=  (skymonkam__2155_il4324375.exe)

15 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.530e60d9517&prefix=DownloadFileSetup&url=&ti2=7181822284&country=VN&name=  (Google.Chrome__2309_il52306.exe)

24 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.611e09f1514&prefix=DownloadFileSetup&url=&ti2=7672237661&country=VN&name=  (downloadsetup__2299_i831296596_il2455017.exe)

2 / 68      (false positives)
http://1stdl.org/.../?ref=p191.oc203.33871.203.62863702107&prefix=DownloadFileSetup&url=&ti2=8386118141&country=VN&name=  (wrar420.exe)

1 / 68      (Adware)
http://1stdl.org/link/?ref=t2b83.chrome.0.results.6211ddeab21&prefix=DownloadSetup&url=name://DownloadSetup&ti2=&country=MA&name=DownloadSetup  (downloadsetup.exe)

16 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.61ea427b09&prefix=DownloadFileSetup&url=&ti2=7251439579&country=VN&name=  (downloadfilesetup__2299_i765268358_il6655838.exe)

20 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.61563705320&prefix=DownloadFileSetup&url=&ti2=7855285661&country=IR&name=  (absolute.uninstaller__2309_il244660.exe)

26 / 68    (Adware)
http://1stdl.org/.../?ref=p191.oc203.33022.203.72e4a2aa12&prefix=DownloadFileSetup&url=&ti2=8560116127&country=IR&name=  (downloadfilesetup__2299_i984594317_il2426553.exe)

22 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.623e24f8315&prefix=DownloadFileSetup&url=&ti2=8177079933&country=IR&name=  (avast..free.antivirus__2309_il26014.exe)

21 / 68    (Adware)
http://1stdl.org/.../?ref=p191.oc203.45236.203.72eb8e3305&prefix=DownloadFileSetup&url=&ti2=8550981621&country=IR&name=  (downloadfilesetup__2299_i983312362_il2162724.exe)

15 / 68    (Adware)
http://1stdl.org/.../?ref=p191.oc203.42373.203.630fcbdb918&prefix=DownloadFileSetup&url=&ti2=8488828953&country=IR&name=  (ds.daemon.slave.04.namaiki.akuma.shimai.kousoku.choukyou__7818_i972874344_il98197.exe)

15 / 68    (Adware)
http://1stdl.org/link/?ref=t198.0.0.results.63022bff210&prefix=DS.daemon.slave.04&url=name://DS daemon slave 04&ti2=IcSab9SPO3ksbsogXw9Re368hkiux1HNfe6sreVuo4YA&country=GR&name=DS daemon slave 04  (ds.daemon.slave.04.namaiki.akuma.shimai.kousoku.choukyou__7818_i972874344_il98197.exe)

16 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.619cfcf709&prefix=DownloadFileSetup&url=&ti2=7250714745&country=IR&name=  (downloadfilesetup__2299_i765268358_il6655838.exe)

29 / 68    (Adware)
http://1stdl.org/.../?ref=p191.oc203.0.203.621a32c6f07&prefix=DownloadFileSetup&url=&ti2=8080517729&country=VN&name=  (downloadfilesetup.exe)

12 / 68    (PUP)
http://1stdl.org/.../?ref=p191.oc203.0.203.524ab79e812&prefix=DownloadFileSetup&url=&ti2=6937242283&country=IR&name=  (file.download__2299_i720311472_il3129576.exe)

15 / 68    (PUP)
http://1stdl.org/link/?ref=t198.0.0.results.526b789c205&prefix=birgit.schrowange.nackt&url=name://birgit schrowange nackt&ti2=IXuZBgOcG6D0cK0g_zMaaetf3c5Qo59t4h9rLh9cbre9&country=NL&name=birgit schrowange nackt  (birgit.schrowange.nackt__7818_i730460237_il1042657.exe)

URL:
http://1stdl.org/

Web server:
nginx (PHP/5.3.10-1ubuntu3.9)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.