home

dl.zona.ru

Interstellaro Management Limited

Domain Information

The domain dl.zona.ru registered by Interstellaro Management Limited was initially registered in January of 2000 through RU-CENTER-REG-RIPN. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Pokrovka, Primor'Ye within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
RU-CENTER-RU

Server location:
Primor'Ye, Russia (RU)

Create date:
Monday, January 31, 2000

Expires date:
Wednesday, March 1, 2017

ASN:
AS42244 ESERVER Hosting Operator eServer.ru Ltd.,RU

Root domain:
zona.ru

Whois:
5 zona.ru records

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.DestinyMedia.AA, PUP.Installer.DestinyMedia.o, PUP.Installer.DestinyMedia.M, PUP.Win.Reputation, PUP.Installer.DestinyMedia.J, PUP.Installer.DestinyMedia.EE, PUP.Installer.DestinyMedia.V, PUP.DestinyMedia.Installer (M), PUP.DestinyMedia (M), PUP.DestinyM.Installer (M), PUP (M)
95.56%

Rising Antivirus
PE:PUF.Zona!1.9E06, PE:Malware.XPACK-LNR/Heur!1.5594
28.89%

Malwarebytes
PUP.Optional.Zona
20.00%

Sophos
Zona Installer, Generic PUA PH
20.00%

ESET NOD32
Win32/ZvuZona (variant), Win32/ZvuZona.A potentially unwanted (variant)
20.00%

Vba32 AntiVirus
Signed-Downware.ZvuZona, Win32.Zona, Downloader.AdLoad
20.00%

Comodo Security
Application.Win32.ZvuZona.APRI, UnclassifiedMalware
20.00%

K7 AntiVirus
Unwanted-Program , Adware
17.78%

Avira AntiVirus
APPL/DestinyMedia.A.4, Adware/ZvuZona.A, APPL/DestinyMedia.CU
15.56%

Agnitum Outpost
PUA.ZvuZona, PUA.Downloader
15.56%

Dr.Web
Trojan.StartPage.56003, Threat.Undefined, Adware.Downware.1527, riskware program Program.Zona.28, Program.Zona.41, Trojan.DownLoader5.54352
13.33%

avast!
Win32:Malware-gen
11.11%

IKARUS anti.virus
AdWare.Win32.ZvuZona, AdWare.Agent, PUA.ZvuZona
8.89%

AVG
Generic, Adware Skodna.Bundle.AS
8.89%

Trend Micro House Call
TROJ_GEN.F47V0410, TROJ_GEN.F47V0531, Suspicious_GEN.F47V0514
6.67%

The domain dl.zona.ru has been seen to resolve to the following IP address.

46.254.16.107
dl.zona.ru
January 8, 2014

File downloads found at URLs served by dl.zona.ru.

1 / 68      (PUP)
http://dl.zona.ru/.../ZonaWebSetup.exe  (call_of_duty_modern_warfare_2_activision_rus.exe)

0 / 68
http://dl.zona.ru/.../zona.apk  (0a2ab32b24efdc9fe86354f0ac830c5d)

4 / 68      (PUP)
http://dl.zona.ru/jre_latest.exe  (jre_setup.exe)

1 / 68      (PUP)
http://dl.zona.ru/.../ZonaSetup_latest_0.exe  (zonasetup_latest.exe)

20 / 68    (PUP)
http://dl.zona.ru/.../ZonaSetup_latest_13.exe  (Setup.exe)

1 / 68      (PUP)
http://dl.zona.ru/.../ZonaWebSetup.exe  (aleksey_bryantsev_-_tvoe_dyhanie.exe)

1 / 68      (PUP)
http://dl.zona.ru/ZonaSetup_latest.exe  (52f4362bf64830bd30ec1a3645b4b562)

13 / 68    (PUP)
http://dl.zona.ru/tmp/48/7b/.../word2007.exe.exe  (waves_all_plugins_bundle_v9r12_vst_x86_x64_win.exe)

2 / 68      (inconclusive)
http://dl.zona.ru/.../ZonaSetup_latest_155_5.exe  (212f6a921584290c67b81f59b3d0ab24)

8 / 68      (PUP)
http://dl.zona.ru/tmp/01/47/.../universitet_monstrov_monsters_university_den_skenlon_2013_multfilm_semeynyy_dvdrip_dub_litsenziya.exe  (d267b04370fe6dd7c13b1cf4bb40bc95)

The following 10 files have been seen to comunicate with dl.zona.ru in live environments.

TCP » 46.254.16.107:80
zona.exe (Zona by Destiny Media)

TCP » 46.254.16.107:80
zona.exe (Zona by Destiny Media)

TCP » 46.254.16.107:80
zonasetup_latest.exe

TCP » 46.254.16.107:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 46.254.16.107:80
zona.exe (Zona by Destiny Media)

TCP » 46.254.16.107:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 46.254.16.107:80
zona.exe

TCP » 46.254.16.107:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 46.254.16.107:80
{5b8ef8f0-4707-4f0b-9d13-e609bf68d768} (Zona installer by Destiny Media)

TCP » 46.254.16.107:80
zonasetup_1.0.0.0.exe

URL:
http://dl.zona.ru/

Google Analytics:
UA-27424010

Title:
“Смотреть фильмы и сериалы онлайн через программу Zona (Зона)”

Description:
“Самые новые фильмы и новые сериалы доступны онлайн с программой Зона”

Web server:
nginx

getz.tv

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.