The domain zipdownloader.com is registered by proxy through ENOM, INC. and was originally registered in December of 2012. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Phoenix, Arizona within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below). The domain is associated with the publisher Air Software who is located in Victoria, British Columbia in Canada.
Arizona, United States (US)
Friday, December 14, 2012
Wednesday, December 14, 2016
Saturday, November 14, 2015
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US
Detections (100% detected)
DownloadManager.AirSoftware.M, DownloadManager.AirSoftware.F, PUP.Installer.InstallManager.F, DownloadManager.Air Software, PUP.AdGazelle.Installer, PUP.Air Software.AirSoftware.Bundler (M)
PUP.Optional.AirInstaller, PUP.Optional.AirAdInstaller, PUP.Optional.Downware
Win32:Installer-L [PUP], Adware-gen [Adw], Win32:Malware-gen, Win32:Evo-gen [Susp], Win32:Adware-CAH [PUP]
Trojan.SMSSend.5157, Trojan.SMSSend.4766, Trojan.SMSSend.5407, Adware.Downware.9668, Adware.Downware.11074, Adware.Downware.1167
Iminent, Threat.4784938, Threat.5063330, Threat.4782985
ADWARE/Adware.Gen, W32/Neshta.a, Adware/AirInst.1174
AdWare.Airinstall, PUA.AirAdInstaller, AdWare.AirAdInstaller, PUA.AdGazelle
Riskware.Win32.AirAdInstaller.cwdmqw, Trojan.Win32.SMSSend.ddvfxt, Riskware.Win32.AirAdInstaller.dlqckn, Riskware.Win32.Downware.drcqse
Adware , Unwanted-Program
K7 Gateway Antivirus
Unwanted-Program , Trojan , Adware
Adware.Agent, PUA.AirAd, Riskware.Agent
Win32.Adware.Airadinstaller, Gen:Variant.Symmi.49926, Gen:Variant.Adware.Strictor.86912
Adware Generic5.AVSL, AdGazelle, Adware Generic_r
Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/Win32.AirAdInstaller, Trojan/Win32.TSGeneric, Spyware[AdWare:not-a-virus]/Win32.AirAdInstaller
The domain zipdownloader.com has been seen to resolve to the following 8 IP addresses.
File downloads found at URLs served by zipdownloader.com.
SSL certificate subject:
CN=ssl277842.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Statistics above are for the previous month of January 2017.