dl.down324.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dl.down324.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Wednesday, July 17, 2013

Expires date:
Sunday, July 17, 2016

Updated date:
Saturday, July 18, 2015

ASN:
AS16265 LEASEWEB LeaseWeb B.V.

Root domain:

Scanner detections:
Detections  (93% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Conversionads.T, PUP.Installer.BechiroSL.F, PUP.Installer.Solimba, PUP.Air Software.AirSoftware.Bundler (M), PUP.Solimba.Bechiro.Bundler (M), PUP.installCore.ClickMeIn.Installer (M), PUP.Solimba (M)
96.43%

Rising Antivirus
PE:Trojan.Zbot!6.103C, PE:Backdoor.Hupigon!6.1FD, PE:PUF.FirseriaInstaller@CV!1.5C42, PE:PUF.FirseriaInstaller@CV!1.9C54
85.71%

Malwarebytes
PUP.Optional.InstallCore.A, PUP.Optional.Solimba, PUP.Optional.Firseria, PUP.Optional.AirAdInstaller
82.14%

K7 Gateway Antivirus
Unwanted-Program
82.14%

K7 AntiVirus
Unwanted-Program , Trojan
82.14%

Sophos
Conversion Ads, Solimba Installer, PUA 'Solimba Installer', AirInstaller
82.14%

Comodo Security
ApplicUnwnt, Application.Win32.Solimba.L, TrojWare.Win32.Trojan.Obfuscated.~EN, Application.Win32.AirAdInstaller.A
82.14%

VIPRE Antivirus
Trojan.Win32.Generic, DownloadMR, Threat.4150696, Iminent
82.14%

Avira AntiVirus
ADWARE/InstallCore.Gen7, APPL/Solimba.Gen, TR/Crypt.XPACK.Gen, ADWARE/Adware.Gen
82.14%

IKARUS anti.virus
SoftwareBundler, PUA.Bechiro, Trojan.Patched, Win32.Malware
82.14%

AVG
Agent.F, Skodna.Generic, Adware Skodna.Generic.AMG, Adware BundleApp.H, Generic_r
82.14%

SUPERAntiSpyware
PUP.InstallCore/Variant, Adware.Solimba/Variant, Adware.AirInstaller/Variant
78.57%

Agnitum Outpost
PUA.Solimba, PUA.Downloader, PUA.AirAd
78.57%

Dr.Web
Adware.Downware.1302, Adware.Downware.1433, Adware.Downware.2035
78.57%

Vba32 AntiVirus
TScope.Trojan.MSIL, Downware.Morstar, AdWare.AirAdInstaller.ajov
78.57%

The domain dl.down324.com has been seen to resolve to the following 8 IP addresses.

September 17, 2016

ec2-54-225-92-8.compute-1.amazonaws.com
May 3, 2015

ec2-54-225-146-71.compute-1.amazonaws.com
May 3, 2015

ec2-54-235-219-29.compute-1.amazonaws.com
December 2, 2014

ec2-75-101-142-114.compute-1.amazonaws.com
December 2, 2014

ec2-54-197-235-95.compute-1.amazonaws.com
September 3, 2014

ec2-75-101-156-240.compute-1.amazonaws.com
September 3, 2014

hadl.lw100.1e111.net
August 29, 2013

File downloads found at URLs served by dl.down324.com.

1 / 68      (Adware)
http://dl.down324.com/n/3.0.17.6/.../Setup.exe  (ac26ec703f0aa2f5363431998b5ddc43)

1 / 68      (Adware)
http://dl.down324.com/n/3.0.18.4/.../Setup.exe  (a8808ecb060aa54fcdf464d3b7579769)

1 / 68
http://dl.down324.com/n/.../Setup.exe  (vlc-2.1.1-win32.exe)

29 / 68    (Adware)
http://dl.down324.com/n/3.0.17.6/.../Setup.exe  (d634d77e9e775ca59fdd0037388cbfec)

29 / 68    (Adware)
http://dl.down324.com/n/.../Setup.exe  (d634d77e9e775ca59fdd0037388cbfec)

The following 2 files have been seen to comunicate with dl.down324.com in live environments.

Facebook:
Shares:  3

Statistics are for the previous month.