» stockdl.blob.core.windows.net
Overview
Analysis
IPs Addresses (1)
Downloads (19)
Website Detail
Related Domains (1)

stockdl.blob.core.windows.net

Microsoft Corporation

Domain Information

The domain stockdl.blob.core.windows.net registered by Microsoft Corporation was initially registered in August of 1995 through MARKMONITOR INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Sao Paulo, Sao Paulo within Brazil which resides on the Latin American and Caribbean IP address Regional Registry network.

Registrant:

Microsoft Corporation

Registrar:

MARKMONITOR INC.

Server location:

Sao Paulo, Brazil (BR)

Create date:

Thursday, August 10, 1995

Expires date:

Saturday, June 4, 2016

Updated date:

Wednesday, October 8, 2014

ASN:

AS8075 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation,US

Root domain:

windows.net

Whois:

1 windows.net record

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.KanchanaKhiandee.Q, PUP.RungnapaFongkerd.Q, PUP.VASSANAKONGSOONGNERN.Q, PUP.VASSANAKONGSOONGNERN.I, PUP.CoolMirage.VASSANAKONGSOONGNERN, PUP.CoolMirage.VASSANAKONGSOONGNERN.Installer (M)

100.00%

AVG

Generic, Rungnapa, MultiBundle

92.86%

Dr.Web

Adware.Downware.6586, Adware.Downware.8319, Adware.Yontoo.54

90.48%

K7 AntiVirus

Adware , Riskware

90.48%

Kaspersky

not-a-virus:AdWare.NSIS.Yontoo, not-a-virus:Downloader.Win32.TornTV

85.71%

VIPRE Antivirus

CoolMirage Ltd, Threat.4783938

85.71%

AhnLab V3 Security

Win-PUP/CrossRider

71.43%

Sophos

Kanchana Khiandee adware, FT Downloader, Generic PUA DP, CoolMirage, Generic PUA GJ, Generic PUA GF, Generic PUA HF, Generic PUA KG

64.29%

Baidu Antivirus

Adware.NSIS.Yontoo, Hacktool.Win32.TornTV, Trojan.MSIL.ShimChanger, Adware.Win32.1ClickDownload

64.29%

McAfee

Artemis!F77A44832E45, Artemis!D78BDE0FE37C, Artemis!087FE55AA17E, Artemis!CB543C48E39E, Artemis!9B3CEFC2E544, Artemis!3301566B246D, Artemis!E5BC53DD0865, Artemis!DAF19AF82548, Artemis!09D5F8F7551B, Artemis!F2FDCC9824CB, Artemis!D963B48394B3, Artemis!F1670B0530DF

59.52%

ESET NOD32

NSIS/TrojanDownloader.Adload.AA, NSIS/TrojanDropper.Agent.CB, NSIS/TrojanDownloader.Adload.AC, Win32/Adware.1ClickDownload.AY

57.14%

G Data

NSIS.Application.Adload, NSIS.Application.BetterMarkIt, NSIS.Application.TornTV, Application.Bundler.MC

54.76%

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen, Win32/Virus.Downloader.e28, Win32/Trojan.b01

52.38%

Trend Micro House Call

Suspicious_GEN.F47V1227, Suspicious_GEN.F47V0105, Suspicious_GEN.F47V0130, Suspici.EDD0D2A5, Suspicious_GEN.F47V0202, TROJ_GEN.R02SC0EKD14

52.38%

Avira AntiVirus

Adware/Yontoo.69064, TR/Dldr.Adload.76248, TR/Dldr.Adload.65536, TR/Drop.Agent.131120, TR/Drop.Agent.122224, Adware/Yontoo.77224

26.19%

The domain stockdl.blob.core.windows.net has been seen to resolve to the following IP address.

191.235.193.40

blob.db4prdstr09a.store.core.windows.net

October 20, 2014

File downloads found at URLs served by stockdl.blob.core.windows.net.

10 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (2e527bd9f5bb79ed8a3a6e5c4ec1161b)

11 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../HDVidCodec.exe (hdvid.exe)

13 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../FLVPlayer_marmar_large.exe (flvplayer.exe)

17 / 68 (Adware)

https://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (+s_7uwfp.exe)

1 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (67a1d8a0fe57279114b2ca6b71da3c70)

16 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome_a.exe (4e856c1c821817d00fcf354278c416a8)

11 / 68 (Adware)

https://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (e09f5ab98efee8ac991017f013134054)

13 / 68 (Adware)

https://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (8899b5ad3406d899565478793e77e471)

12 / 68 (Adware)

https://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (1dd621b5e3fc41958f740087220b2e34)

7 / 68 (Adware)

https://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (ea8105b9fe9183b7d47764cd0b068a45)

12 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (90d08dc131be9d6f7e5a0e3f2827b369)

15 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (09d5f8f7551bc9063706a0c160e7077f)

8 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (b6870d8835d9c765a8dcf0f84d09ca32)

8 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (1a05e6423d032fea40005b01655e96a8)

15 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome_a.exe (825d269c90eeb04b2f0e0ea80ed67fd7)

15 / 68 (Adware)

https://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (cb543c48e39e7fd248b3c40223cfeb8b)

11 / 68 (Adware)

https://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (f_000424)

16 / 68 (Adware)

http://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (0b50402c066af3fc8f28564b7bbfba92)

7 / 68 (Adware)

https://stockdl.blob.core.windows.net/.../FLVPlayer-Chrome.exe (c8a87a76bd5056c7f4b4a01fd3c714db)

URL:

http://stockdl.blob.core.windows.net/

SSL certificate subject:

CN=*.blob.core.windows.net

SSL certificate issuer:

CN=MSIT Machine Auth CA 2, DC=redmond, DC=corp, DC=microsoft, DC=com

Web server:

Microsoft-HTTPAPI/2.0

Related Domains

computerbild.de

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.