b1.org

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain b1.org is registered by proxy through GoDaddy.com, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Tampa, Florida within the United States which resides on the NOC4Hosts Inc. network.
Registrar:
GoDaddy.com, LLC

Server location:
Florida, United States (US)

ASN:
AS29802 HVC-AS - HIVELOCITY VENTURES CORP

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Catalina (M), PUP.Catalina.MPE, PUP.Installer.CatalinaGroupLimited.T, PUP.Catalina.Installer, PUP.Catalina.CatalinaGroup.Installer (M), Threat.Win.Reputation.IMP, PUP.Catalina.Installer (M), PUP.Catalina.httpb1or.Installer (M)
82.35%

Rising Antivirus
PE:PUF.4Shared!1.9C25
23.53%

ESET NOD32
Win32/4Shared.T potentially unwanted application, Win32/4Shared.BA potentially unwanted application, Win32/Bundled.Toolbar.Ask.G potentially unsafe application
23.53%

Dr.Web
Adware.Downware.2449, Adware.Downware.11298, Adware.Downware.10841, Adware.Downware.10572, Trojan.Inject1.28681, Adware.Downware.10572, Win32.Runonce.6652
23.53%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious.H, Artemis!F432B905A787, BehavesLike.Win32.Downloader.tc, Artemis!B7243B60CAF1
20.59%

Emsisoft Anti-Malware
Backdoor.Bot.135374, Gen:Win32.FileInfector.GKW@aW!lBFdi, Win32.Sality, Win32.Runouce.B@mm
20.59%

Trend Micro House Call
TROJ_GEN.F47V0327, TROJ_GEN.F47V0926, TROJ_GEN.F47V0111
17.65%

avast!
Win32:Adware-gen [Adw], Win32:Malware-gen, Win32:Agent-AODJ [Trj], Win32:SaliCode, Win32:Oncer
17.65%

McAfee
Artemis!F432B905A787, Artemis!1D715A95CA4E, Artemis!B7243B60CAF1, Virus.W32/Gnamer
14.71%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A, Threat.Undefined
11.76%

ESET NOD32
Win32/4Shared (variant), Win32/Bundled.Toolbar.Ask.G potentially unsafe (variant)
11.76%

F-Prot
W32/S-526cfc88, W32/Renamer.A.gen, W32/Sality.gen2, W32/Thecid.B@mm
11.76%

Kaspersky
not-a-virus:RiskTool.Win32.Catalina, Virus.Win32.Renamer, Virus.Win32.Sality, Email-Worm.Win32.Runouce
11.76%

Qihoo 360 Security
Malware.QVM10.Gen
8.82%

IKARUS anti.virus
Trojan.Win32.Badur
8.82%

The domain b1.org has been seen to resolve to the following 10 IP addresses.

June 27, 2016

June 27, 2016

February 23, 2016

February 23, 2016

October 12, 2015

October 12, 2015

September 27, 2014

September 27, 2014

May 21, 2014

74-50-112-231.static.hvvc.us
December 22, 2013

File downloads found at URLs served by b1.org.

1 / 68      (PUP)

3 / 68      (PUP)

3 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

2 / 68      (PUP)

1 / 68      (PUP)

13 / 68    (PUP)

4 / 68      (PUP)

1 / 68      (PUP)

3 / 68      (PUP)

8 / 68      (PUP)

1 / 68      (PUP)

2 / 68      (PUP)

0 / 68

1 / 68      (PUP)

1 / 68      (Malware)

1 / 68      (PUP)

The following 2 files have been seen to comunicate with b1.org in live environments.

URL:
http://b1.org/

Google Analytics:
UA-27910806

Title:
“B1 Free Archiver”

SSL certificate subject:
CN=ssl382581.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

Facebook:
Likes:  90
Shares:  765
Comments:  90

Statistics above are for the previous month of March 2017.