home

downlozilla.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain downlozilla.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in November of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Austin, Texas within the United States which resides on the YHC Corporation network.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Texas, United States (US)

Create date:
Thursday, November 28, 2013

Expires date:
Saturday, November 28, 2015

Updated date:
Saturday, November 29, 2014

ASN:
AS40034 CONFLUENCE-NETWORK-INC - Confluence Networks Inc,VG

Whois:
2 downlozilla.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.FileMonarch.O, PUP.Installer.SafeDown.M, PUP.Installer.SOFTWAREINSTALLER.S
100.00%

ESET NOD32
Win32/AdWare.iBryte.AX application, Win32/AdWare.iBryte.BF application, Win32/AdWare.iBryte.BG application
100.00%

VIPRE Antivirus
Threat.4778314, Optimum Installer
100.00%

Malwarebytes
PUP.Optional.OptimunInstaller, PUP.Optional.iBryte
100.00%

Comodo Security
Application.Win32.AgentCV.HWYE
100.00%

avast!
Win32:IBryte-EF [PUP], Win32:IBryte-EE [PUP]
66.67%

AVG
Adware AdPlugin.AKC, Adware AdPlugin.ZC
66.67%

Dr.Web
Trojan.DownLoader11.34291, Trojan.DownLoader11.26958
66.67%

Kaspersky
Trojan.Win32.Buzus, Trojan-Downloader.Win32.Adload
66.67%

nProtect
Trojan/W32.Buzus.84848.C, Trojan/W32.Buzus.166704
66.67%

K7 AntiVirus
Adware , Unwanted-Program
66.67%

Agnitum Outpost
PUA.Agent, PUA.Downloader
66.67%

Clam AntiVirus
Win.Trojan.Agent-783393, Win.Adware.Ibryte-2534
66.67%

NANO AntiVirus
Trojan.Win32.Buzus.dffyza, Riskware.Win32.IBryte.ddthor
66.67%

Zillya! Antivirus
Trojan.Buzus.Win32.122155, Adware.iBryte.Win32.1495
66.67%

The domain downlozilla.com has been seen to resolve to the following 4 IP addresses.

209.99.40.222
209-99-40-222.fwd.datafoundry.com
December 2, 2014

209.99.40.223
209-99-40-223.fwd.datafoundry.com
December 1, 2014

104.28.11.88
August 17, 2014

104.28.10.88
August 17, 2014

File downloads found at URLs served by downlozilla.com.

19 / 68    (Adware)
http://downlozilla.com/download.php?dfile=winrar&sid=73x9jfp6_107_34203751&cookie=NzN4OWpmcDZfMTA3XzI1MV8yNTJfMzQyMDM3NTFfOA==  (winrar-setup.exe)

29 / 68    (Adware)
http://downlozilla.com/download.php?dfile=google-earth&sid=5t9id4yd_87_15013524&cookie=NXQ5aWQ0eWRfODdfMjExXzIxMl8xNTAxMzUyNF84  (google-earth-setup.exe)

8 / 68      (Adware)
http://downlozilla.com/download.php?dfile=ccleaner&sid=lc2sqi0i_76_5815300&cookie=bGMyc3FpMGlfNzZfMTg5XzE5MF81ODE1MzAwXzg=  (CCleaner-Setup.exe)

The following 57 files have been seen to comunicate with downlozilla.com in live environments.

TCP » 209.99.40.222:80
UCBrowser.exe (by UCWeb)

TCP » 209.99.40.223:80
UCBrowser.exe (by UCWeb)

TCP » 209.99.40.223:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 209.99.40.222:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 209.99.40.222:80
ContentFinder.exe (ContentFinder by ContentFinder Software)

TCP » 209.99.40.222:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 209.99.40.222:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 209.99.40.222:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 209.99.40.222:80
hkcmd.exe (Intel Common User Interface by Intel)

TCP » 209.99.40.222:80
ContentFinder.exe (ContentFinder by DigitalSoftware Group)

TCP » 209.99.40.223:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 209.99.40.222:80
jingling.exe

TCP » 209.99.40.222:80
online-guardian-v2.0.9.exe

TCP » 209.99.40.223:80
jingling.exe

TCP » 209.99.40.223:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 209.99.40.223:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 209.99.40.223:80
hkcmd.exe (Intel Common User Interface by Intel)

TCP » 209.99.40.222:80
msn.exe

TCP » 209.99.40.222:80
apptrailers.exe

TCP » 209.99.40.223:80
online-guardian-v2.0.9.exe

 
Latest 20 of 83 files

URL:
http://downlozilla.com/

Web server:
Apache

Twitter:
Shares:  2

Quantcast US:
Rank:  92,935

Statistics above are for the previous month of March 2024.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.