home

www.ziputil.net

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain www.ziputil.net is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in February of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Wednesday, February 22, 2012

Expires date:
Wednesday, February 22, 2017

Updated date:
Friday, January 29, 2016

Root domain:
ziputil.net

Whois:
7 ziputil.net records

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore.FriedCoo.Installer (M), PUP.installCore.JumpyApp.Installer (M), PUP.installCore.ComboApp.Installer (M), PUP.installCore (M), PUP.InstallCore (M)
97.92%

Bkav FE
W32.Clod853.Trojan
2.08%

McAfee
Artemis!500EFB844629
2.08%

K7 AntiVirus
Unwanted-Program
2.08%

Trend Micro House Call
TROJ_GEN.F47V1120
2.08%

Dr.Web
Adware.InstallCore.133
2.08%

VIPRE Antivirus
InstallCore
2.08%

Sophos
Install Core Click run software
2.08%

ESET NOD32
Win32/InstallCore.GB
2.08%

ESET NOD32
Win32/Kryptik.BWAM trojan
2.08%

The domain www.ziputil.net has been seen to resolve to the following 52 IP addresses.

149.56.9.74
May 23, 2016

46.166.182.63
.
May 22, 2016

149.56.9.65
May 22, 2016

46.166.182.53
May 17, 2016

149.56.9.68
April 21, 2016

149.56.9.73
April 20, 2016

149.56.9.66
April 17, 2016

149.56.9.64
April 14, 2016

149.56.9.75
April 10, 2016

149.56.9.77
April 8, 2016

46.166.182.55
April 8, 2016

46.166.182.56
April 8, 2016

149.56.9.67
April 7, 2016

149.56.9.76
April 7, 2016

149.56.9.72
April 4, 2016

46.166.182.64
.
April 4, 2016

149.56.9.70
April 3, 2016

149.56.9.71
April 2, 2016

46.166.182.62
.
April 2, 2016

149.56.9.78
April 1, 2016

149.56.9.69
March 31, 2016

141.8.225.106
November 7, 2015

50.63.202.104
ip-50-63-202-104.ip.secureserver.net
May 5, 2015

92.242.140.21
unallocated.barefruit.co.uk
August 1, 2014

54.197.239.246
ec2-54-197-239-246.compute-1.amazonaws.com
June 21, 2014

184.73.205.143
ec2-184-73-205-143.compute-1.amazonaws.com
June 21, 2014

50.19.247.199
ec2-50-19-247-199.compute-1.amazonaws.com
June 21, 2014

23.23.228.190
ec2-23-23-228-190.compute-1.amazonaws.com
June 21, 2014

54.243.86.8
ec2-54-243-86-8.compute-1.amazonaws.com
April 20, 2014

23.21.204.175
ec2-23-21-204-175.compute-1.amazonaws.com
April 20, 2014

 
Showing 30 of 52 IP Addresses

File downloads found at URLs served by www.ziputil.net.

1 / 68      (Adware)
http://www.ziputil.net/default/gb/.../?dl=1  (zipopenersetup.exe)

The following 234 files have been seen to comunicate with www.ziputil.net in live environments.

TCP » 92.242.140.21:80
smelled.exe (Smelled)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
marini.exe (Marini)

TCP » 92.242.140.21:443
client.exe (ClientWrapper)

TCP » 92.242.140.21:80
thebrowser.exe (TheBrowser by Goobzo)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:443
WindowService.exe (WindowService)

TCP » 92.242.140.21:443
ciuninstall.exe

TCP » 92.242.140.21:1866
jutched.exe

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
masterupdater.exe

TCP » 50.63.202.104:80
zipopenersetup.exe

TCP » 50.63.202.104:80
minecraft.exe

TCP » 50.63.202.104:80
icreinstall_zipopenersetup.exe

TCP » 50.63.202.104:80
tulrotzugitu.exe

TCP » 92.242.140.21:80
pricemeterexpress.crx

TCP » 92.242.140.21:80
chrome.crx

TCP » 92.242.140.21:80
app-center.crx

TCP » 92.242.140.21:80
ntp.crx

TCP » 92.242.140.21:80
3dayinvite.crx

 
Latest 20 of 234 files

URL:
http://www.ziputil.net/

Title:
“Loading....”

Title (1/4/2014):
“Zip Opener”

Title (5/5/2015):
“ziputil.net”

Web server:
Apache-Coyote/1.1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.