1stdl.org

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain 1stdl.org is registered by proxy through PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR). This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Gargallo, Piemonte within Italy which resides on the RIPE Network Coordination Centre network.
Registrar:
PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)

Server location:
Piemonte, Italy (IT)

ASN:
AS35415 WEBAZILLA Webazilla B.V.,NL

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Installer.SystemApplet.R, PUP.Installer.TEHSNABSTROY.?, PUP.Installer.TEHSNABSTROY.m, PUP.Adknowledge.FusionInstall.Installer (M), Win32.Generic, Adware.Amonetize.Installer.Meta (M)
95.65%

avast!
Win32:Amonetize-BJ [PUP], Win32:Amonetize-BX [PUP], Win32:IBryte-CY [PUP], Win32:Amonetize-BZ [PUP], Win32:Adware-gen [Adw]
69.57%

McAfee
PUP-FBM!04275942AE92, PUP-FBM!B28114908E63, PUP-FBM!EC904BB78BBD, Artemis!42CFD7D9C79F, PUP-FBM!9465780CD795, Artemis!C97F6E48A413, PUP-FBM!BB1860BD285F, PUP-FBM!141E34DFB1C2, PUP-FBM!FC0A6524E4C6, PUP-FBM!CCF0EC352A8C, Artemis!34F193F5438F, PUP-FBM!D6EC87EB9007
65.22%

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize, not-a-virus:AdWare.Win32.iBryte, not-a-virus:AdWare.Win32.Amonetize
65.22%

Sophos
Amonetize, iBryte Optimum Installer, Generic PUA DD, Generic PUA KI
65.22%

Avira AntiVirus
ADWARE/Adware.Gen2, ADWARE/Adware.Gen7, APPL/Downloader.886
65.22%

McAfee Web Gateway
PUP-FBM!04275942AE92, PUP-FBM!B28114908E63, PUP-FBM!EC904BB78BBD, Artemis!42CFD7D9C79F, PUP-FBM!9465780CD795, Artemis!C97F6E48A413
65.22%

AhnLab V3 Security
PUP/Win32.Amonetiz, PUP/Win32.IBryte
65.22%

ESET NOD32
Win32/Amonetize.AS (variant), Win32/Amonetize.AW (variant), Win32/Amonetize.BD (variant), Win32/Amonetize.BF.gen (variant)
65.22%

AVG
Generic_r, BundleApp_r.R, Adware Generic_s.CM
65.22%

NANO AntiVirus
Riskware.Win32.Downware.cyusqp, Riskware.Win32.Downware.czhuut, Riskware.Win32.Downware.czgvzu, Riskware.Win32.Downware.daymkg
60.87%

Baidu Antivirus
Adware.Win32.Amonetize
60.87%

Malwarebytes
PUP.Optional.Amonetize, PUP.Optional.OptimumInstaller.A
56.52%

VIPRE Antivirus
Amonetize, Threat.4778314, Trojan.Win32.Generic
56.52%

Trend Micro House Call
TROJ_GEN.R0C1H06ET14, TROJ_GEN.F47V0526, TROJ_GEN.F47V0524, TROJ_GEN.R0CBH06FM14, TROJ_GEN.R0C1H06FA14, TROJ_GEN.R0C1H06FN14
52.17%

The domain 1stdl.org has been seen to resolve to the following IP address.

June 5, 2014

File downloads found at URLs served by 1stdl.org.

17 / 68    (PUP)

17 / 68    (Adware)
http://1stdl.org/.../?ref=p191.oc203.42373.203.630fcbdb918&prefix=DownloadFileSetup&url=&ti2=8488828953&country=IR&name=  (ds.daemon.slave.04.namaiki.akuma.shimai.kousoku.choukyou__7818_i972874344_il98197.exe)

URL:
http://1stdl.org/

Web server:
nginx (PHP/5.3.10-1ubuntu3.9)