zipdownloader.com

Air Software  (via a Proxy Registrant)

Domain Information

The domain zipdownloader.com is registered by proxy through ENOM, INC. and was originally registered in December of 2012. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Phoenix, Arizona within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below). The domain is associated with the publisher Air Software who is located in Victoria, British Columbia in Canada.
Remove Malware from zipdownloader.com - Powered by Reason Core Security
Registrar:
ENOM, INC.

Server location:
Arizona, United States (US)

Create date:
Friday, December 14, 2012

Expires date:
Wednesday, December 14, 2016

Updated date:
Saturday, November 14, 2015

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
DownloadManager.AirSoftware.M, DownloadManager.AirSoftware.F, PUP.Installer.InstallManager.F, DownloadManager.Air Software, PUP.AdGazelle.Installer, PUP.Air Software.AirSoftware.Bundler (M)
100.00%

Malwarebytes
PUP.Optional.AirInstaller, PUP.Optional.AirAdInstaller, PUP.Optional.Downware
88.89%

avast!
Win32:Installer-L [PUP], Adware-gen [Adw], Win32:Malware-gen, Win32:Evo-gen [Susp], Win32:Adware-CAH [PUP]
88.89%

Dr.Web
Trojan.SMSSend.5157, Trojan.SMSSend.4766, Trojan.SMSSend.5407, Adware.Downware.9668, Adware.Downware.11074, Adware.Downware.1167
88.89%

VIPRE Antivirus
Iminent, Threat.4784938, Threat.5063330, Threat.4782985
88.89%

Avira AntiVirus
ADWARE/Adware.Gen, W32/Neshta.a, Adware/AirInst.1174
88.89%

IKARUS anti.virus
AdWare.Airinstall, PUA.AirAdInstaller, AdWare.AirAdInstaller, PUA.AdGazelle
88.89%

NANO AntiVirus
Riskware.Win32.AirAdInstaller.cwdmqw, Trojan.Win32.SMSSend.ddvfxt, Riskware.Win32.AirAdInstaller.dlqckn, Riskware.Win32.Downware.drcqse
88.89%

K7 AntiVirus
Adware , Unwanted-Program
77.78%

K7 Gateway Antivirus
Unwanted-Program , Trojan , Adware
77.78%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
77.78%

Agnitum Outpost
Adware.Agent, PUA.AirAd, Riskware.Agent
77.78%

G Data
Win32.Adware.Airadinstaller, Gen:Variant.Symmi.49926, Gen:Variant.Adware.Strictor.86912
77.78%

AVG
Adware Generic5.AVSL, AdGazelle, Adware Generic_r
77.78%

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/Win32.AirAdInstaller, Trojan/Win32.TSGeneric, Spyware[AdWare:not-a-virus]/Win32.AirAdInstaller
77.78%

The domain zipdownloader.com has been seen to resolve to the following 8 IP addresses.

November 9, 2015

November 9, 2015

June 19, 2015

June 19, 2015

February 7, 2014

February 7, 2014

August 5, 2013

August 5, 2013

File downloads found at URLs served by zipdownloader.com.

45 / 68    (Adware)

45 / 68    (Adware)

38 / 68    (Adware)

26 / 68    (Adware)

31 / 68    (Adware)

19 / 68    (Adware)

52 / 68    (Adware)

2 / 68      (Adware)

2 / 68      (Adware)

URL:
http://zipdownloader.com/

Title:
“Zip Downloader”

Description:
“#”

SSL certificate subject:
CN=ssl277842.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

Facebook:
Likes:  328
Comments:  8

Statistics above are for the previous month of November 2016.

Remove Malware from zipdownloader.com - Powered by Reason Core Security