home

dl.down324.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dl.down324.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Wednesday, July 17, 2013

Expires date:
Sunday, July 17, 2016

Updated date:
Saturday, July 18, 2015

ASN:
AS16265 LEASEWEB LeaseWeb B.V.

Root domain:
down324.com

Whois:
3 down324.com records

Scanner detections:
Detections  (93% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Conversionads.T, PUP.Installer.BechiroSL.F, PUP.Installer.Solimba, PUP.Air Software.AirSoftware.Bundler (M), PUP.Solimba.Bechiro.Bundler (M), PUP.installCore.ClickMeIn.Installer (M), PUP.Solimba (M)
96.43%

Rising Antivirus
PE:Trojan.Zbot!6.103C, PE:Backdoor.Hupigon!6.1FD, PE:PUF.FirseriaInstaller@CV!1.5C42, PE:PUF.FirseriaInstaller@CV!1.9C54
85.71%

Malwarebytes
PUP.Optional.InstallCore.A, PUP.Optional.Solimba, PUP.Optional.Firseria, PUP.Optional.AirAdInstaller
82.14%

K7 AntiVirus
Unwanted-Program , Trojan
82.14%

Sophos
Conversion Ads, Solimba Installer, PUA 'Solimba Installer', AirInstaller
82.14%

Comodo Security
ApplicUnwnt, Application.Win32.Solimba.L, TrojWare.Win32.Trojan.Obfuscated.~EN, Application.Win32.AirAdInstaller.A
82.14%

VIPRE Antivirus
Trojan.Win32.Generic, DownloadMR, Threat.4150696, Iminent
82.14%

Avira AntiVirus
ADWARE/InstallCore.Gen7, APPL/Solimba.Gen, TR/Crypt.XPACK.Gen, ADWARE/Adware.Gen
82.14%

IKARUS anti.virus
SoftwareBundler, PUA.Bechiro, Trojan.Patched, Win32.Malware
82.14%

AVG
Agent.F, Skodna.Generic, Adware Skodna.Generic.AMG, Adware BundleApp.H, Generic_r
82.14%

SUPERAntiSpyware
PUP.InstallCore/Variant, Adware.Solimba/Variant, Adware.AirInstaller/Variant
78.57%

Agnitum Outpost
PUA.Solimba, PUA.Downloader, PUA.AirAd
78.57%

Dr.Web
Adware.Downware.1302, Adware.Downware.1433, Adware.Downware.2035
78.57%

Vba32 AntiVirus
TScope.Trojan.MSIL, Downware.Morstar, AdWare.AirAdInstaller.ajov
78.57%

NANO AntiVirus
Trojan.Win32.Generic.cskuge, Trojan.Win32.Firser.dmoatt, Riskware.Win32.AirAdInstaller.cwbkcs
78.57%

The domain dl.down324.com has been seen to resolve to the following 8 IP addresses.

204.11.56.48
September 17, 2016

54.225.92.8
ec2-54-225-92-8.compute-1.amazonaws.com
May 3, 2015

54.225.146.71
ec2-54-225-146-71.compute-1.amazonaws.com
May 3, 2015

54.235.219.29
ec2-54-235-219-29.compute-1.amazonaws.com
December 2, 2014

75.101.142.114
ec2-75-101-142-114.compute-1.amazonaws.com
December 2, 2014

54.197.235.95
ec2-54-197-235-95.compute-1.amazonaws.com
September 3, 2014

75.101.156.240
ec2-75-101-156-240.compute-1.amazonaws.com
September 3, 2014

95.211.134.97
hadl.lw100.1e111.net
August 29, 2013

File downloads found at URLs served by dl.down324.com.

1 / 68      (Adware)
http://dl.down324.com/n/3.0.17.6/.../Setup.exe  (ac26ec703f0aa2f5363431998b5ddc43)

1 / 68      (Adware)
http://dl.down324.com/n/3.0.18.4/.../Setup.exe  (a8808ecb060aa54fcdf464d3b7579769)

1 / 68
http://dl.down324.com/n/.../Setup.exe  (vlc-2.1.1-win32.exe)

25 / 68    (Adware)
http://dl.down324.com/n/3.0.17.6/.../Setup.exe  (d634d77e9e775ca59fdd0037388cbfec)

25 / 68    (Adware)
http://dl.down324.com/n/.../Setup.exe  (d634d77e9e775ca59fdd0037388cbfec)

The following 2 files have been seen to comunicate with dl.down324.com in live environments.

TCP » 204.11.56.48:80
chrome.crx

TCP » 204.11.56.48:80
chrome.crx

Facebook:
Shares:  3

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.