zipdownloader.com

Air Software  (via a Proxy Registrant)

Domain Information

The domain zipdownloader.com is registered by proxy through ENOM, INC. and was originally registered in December of 2012. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Phoenix, Arizona within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below). The domain is associated with the publisher Air Software who is located in Victoria, British Columbia in Canada.
Registrar:
ENOM, INC.

Server location:
Arizona, United States (US)

Create date:
Friday, December 14, 2012

Expires date:
Wednesday, December 14, 2016

Updated date:
Saturday, November 14, 2015

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
DownloadManager.AirSoftware.M, DownloadManager.AirSoftware.F, PUP.Installer.InstallManager.F, DownloadManager.Air Software, PUP.AdGazelle.Installer, PUP.Air Software.AirSoftware.Bundler (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Air Software (M)
100.00%

Malwarebytes
PUP.Optional.AirInstaller, PUP.Optional.AirAdInstaller, PUP.Optional.Downware
60.00%

avast!
Win32:Installer-L [PUP], Adware-gen [Adw], Win32:Malware-gen, Win32:Evo-gen [Susp], Win32:Adware-CAH [PUP]
60.00%

Dr.Web
Trojan.SMSSend.5157, Trojan.SMSSend.4766, Trojan.SMSSend.5407, Adware.Downware.9668, Adware.Downware.11074, Adware.Downware.1167
60.00%

VIPRE Antivirus
Iminent, Threat.4784938, Threat.5063330, Threat.4782985
60.00%

Avira AntiVirus
ADWARE/Adware.Gen, W32/Neshta.a, Adware/AirInst.1174
60.00%

IKARUS anti.virus
AdWare.Airinstall, PUA.AirAdInstaller, AdWare.AirAdInstaller, PUA.AdGazelle
60.00%

NANO AntiVirus
Riskware.Win32.AirAdInstaller.cwdmqw, Trojan.Win32.SMSSend.ddvfxt, Riskware.Win32.AirAdInstaller.dlqckn, Riskware.Win32.Downware.drcqse
60.00%

K7 AntiVirus
Adware , Unwanted-Program
53.33%

K7 Gateway Antivirus
Unwanted-Program , Trojan , Adware
53.33%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
53.33%

Agnitum Outpost
Adware.Agent, PUA.AirAd, Riskware.Agent
53.33%

G Data
Win32.Adware.Airadinstaller, Gen:Variant.Symmi.49926, Gen:Variant.Adware.Strictor.86912
53.33%

AVG
Adware Generic5.AVSL, AdGazelle, Adware Generic_r
53.33%

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/Win32.AirAdInstaller, Trojan/Win32.TSGeneric, Spyware[AdWare:not-a-virus]/Win32.AirAdInstaller
53.33%

The domain zipdownloader.com has been seen to resolve to the following 8 IP addresses.

November 9, 2015

November 9, 2015

June 19, 2015

June 19, 2015

February 7, 2014

February 7, 2014

August 5, 2013

August 5, 2013

File downloads found at URLs served by zipdownloader.com.

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

38 / 68    (Adware)

45 / 68    (Adware)

45 / 68    (Adware)

38 / 68    (Adware)

26 / 68    (Adware)

31 / 68    (Adware)

19 / 68    (Adware)

52 / 68    (Adware)

2 / 68      (Adware)

2 / 68      (Adware)

URL:
http://zipdownloader.com/

Title:
“Zip Downloader”

Description:
“#”

SSL certificate subject:
CN=ssl277842.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

Facebook:
Likes:  328
Comments:  8

Statistics above are for the previous month of April 2017.