home

dl3.getz.tv

N/A

Domain Information

The domain dl3.getz.tv registered by N/A was initially registered in December of 2012 through DOMAINCONTEXT, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Pokrovka, Primor'Ye within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
DOMAINCONTEXT, INC.

Server location:
Primor'Ye, Russia (RU)

Create date:
Tuesday, December 4, 2012

Updated date:
Friday, October 16, 2015

ASN:
AS42244 ESERVER Hosting Operator eServer.ru Ltd.

Root domain:
getz.tv

Whois:
4 getz.tv records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.DestinyMedia.Q, PUP.Installer.DestinyMedia.d, PUP.Installer.DestinyMedia.FF, Threat.Win.Reputation.IMP, PUP.DestinyMedia.Installer (M), PUP.DestinyM.Installer (M), PUP.Zona (L)
100.00%

Malwarebytes
PUP.Optional.Zona
53.33%

Vba32 AntiVirus
Signed-Downware.ZvuZona, Downloader.AdLoad
53.33%

Rising Antivirus
PE:PUF.Zona!1.9E06
53.33%

IKARUS anti.virus
AdWare.Win32.ZvuZona, PUA.ZvuZona, AdWare.ZvuZona
53.33%

Comodo Security
Application.Win32.ZvuZona.A
53.33%

Dr.Web
Program.Zona.4, riskware program Program.Zona.28, riskware program Program.Zona.19, Program.Zona.34
53.33%

AVG
Generic
53.33%

Sophos
Zona Installer, Generic PUA GE, Generic PUA DB, Generic PUA MA, Generic PUA LD
50.00%

McAfee
Artemis!B15CCC273A1F, Artemis!1424B3AA9BD5, Artemis!F0426A6942BE, Artemis!FF8B01C9BB6F, Artemis!381F185C54E6, Artemis!0971572C4A8E
50.00%

Qihoo 360 Security
HEUR/Malware.QVM06.Gen, HEUR/Malware.QVM18.Gen, Win32/Virus.Adware.95e
50.00%

Fortinet FortiGate
Riskware/ZvuZona, Riskware/Generic.AC.2350, Riskware/Adload
50.00%

Trend Micro House Call
TROJ_GEN.F47V0425, TROJ_GEN.F47V1216, TROJ_GEN.F47V0426, Suspicious_GEN.F47V0621, TROJ_GEN.F47V0602, Suspicious_GEN.F47V0620
46.67%

ESET NOD32
Win32/ZvuZona (variant), Win32/ZvuZona.A potentially unwanted (variant)
46.67%

Panda Antivirus
Trj/OCJ.F, Trj/Genetic.gen, Trj/CI.A
46.67%

The domain dl3.getz.tv has been seen to resolve to the following 3 IP addresses.

46.254.16.107
dl.zona.ru
February 24, 2016

91.218.230.53
hosted-by.ihc.ru
May 5, 2015

46.254.18.90
hosted-by.ihc.ru
August 12, 2014

File downloads found at URLs served by dl3.getz.tv.

24 / 68    (PUP)
http://dl3.getz.tv/ZonaSetup_latest.exe  (b33b16731b3004bbf6455ae9e3fd4956)

1 / 68      (PUP)
http://dl3.getz.tv/.../ZonaWebSetup.exe  (animal_dzhaz_-_polnaya_diskografiya_mp3.exe)

1 / 68      (PUP)
http://dl3.getz.tv/partner/tmp/d5/9e/.../ZonaSetup_latest.exe  (c4c78f6a5de1454395511d16f064a131)

1 / 68      (PUP)
http://dl3.getz.tv/tmp/95/4d/.../luntik_uchit_pravila.exe  (7b98a42e929809cf7fc3344bb4745ed0)

1 / 68      (PUP)
http://dl3.getz.tv/.../ZonaSetup_latest_0.exe  (zonasetup_latest.exe)

1 / 68      (PUP)
http://dl3.getz.tv/.../ZonaWebSetup.exe  (transformery_2007.exe)

1 / 68      (PUP)
http://dl3.getz.tv/partner/tmp/88/30/.../ZonaSetup_latest.exe  (filename=zonasetup_latest.e)

19 / 68    (PUP)
http://dl3.getz.tv/.../ZonaSetup_latest_1721.exe  (zonasetup_latest.exe)

24 / 68    (PUP)
http://dl3.getz.tv/.../ZonaSetup_latest_1828.exe  (zonasetup_latest.exe)

18 / 68    (PUP)
http://dl3.getz.tv/tmp/5d/22/.../nastoyashchiy_putin_2012_dvdrip.exe  (8d2821a42bca313f4778b0db7bf9ffbd)

19 / 68    (PUP)
http://dl3.getz.tv/.../ZonaSetup_latest_1784.exe  (zonasetup_latest.exe)

19 / 68    (PUP)
http://dl3.getz.tv/.../ZonaSetup_latest_19_5.exe  (zonasetup_latest.exe)

19 / 68    (PUP)
http://dl3.getz.tv/.../ZonaSetup_latest_1869.exe  (zonasetup_latest.exe)

12 / 68    (PUP)
http://dl3.getz.tv/tmp/af/94/.../kapitan_ron_captain_ron_1992_dvdrip.exe  (b6f1910087d0c277c34b74b06c15991a)

The following 13 files have been seen to comunicate with dl3.getz.tv in live environments.

TCP » 46.254.16.107:80
zona.exe (Zona by Destiny Media)

TCP » 46.254.16.107:80
zona.exe (Zona by Destiny Media)

TCP » 46.254.18.90:80
zonasetup_latest.exe (Zona installer by Destiny Media)

TCP » 46.254.16.107:80
zonasetup_latest.exe

TCP » 46.254.16.107:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 46.254.16.107:80
zona.exe (Zona by Destiny Media)

TCP » 46.254.16.107:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 46.254.16.107:80
zona.exe

TCP » 46.254.16.107:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 46.254.16.107:80
{5b8ef8f0-4707-4f0b-9d13-e609bf68d768} (Zona installer by Destiny Media)

TCP » 46.254.16.107:80
zonasetup_1.0.0.0.exe

TCP » 46.254.18.90:80
zonasetup_latest.exe (Zona installer by Destiny Media)

TCP » 46.254.18.90:80
zonasetup_latest.exe (Zona installer by Destiny Media)

URL:
http://dl3.getz.tv/

Google Analytics:
UA-27424010

Title:
“Смотреть фильмы и сериалы онлайн через программу Zona (Зона)”

Description:
“Самые новые фильмы и новые сериалы доступны онлайн с программой Зона”

Web server:
nginx

zona.ru

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.