zdl.downloadzone.org

Quick Downloader  (via a Proxy Registrant)

Domain Information

The website operated by Adlogica distributes adware bundles of wrapped open-source and legitimate commercial software with various adware toolbars and other potentially unwanted software. The domain zdl.downloadzone.org is registered by proxy through GoDaddy.com, LLC (R91-LROR). This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Seattle, Washington within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform. The domain is associated with the publisher Quick Downloader who is located in San Francisco, California in the United States.
Registrar:
GoDaddy.com, LLC (R91-LROR)

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.DOWNLOADZONE.K, PUP.DOWNLOADZONE.P
100.00%

Malwarebytes
PUP.Optional.Downloadster
100.00%

Trend Micro House Call
TROJ_GEN.F47V0116, Suspicious_GEN.F47V0619
100.00%

ESET NOD32
Win32/Toolbar.MyWebSearch (variant)
100.00%

Sophos
Ez Toolbar Downloader
50.00%

AegisLab AV Signature
Troj.W32.Gen
50.00%

The domain zdl.downloadzone.org has been seen to resolve to the following 3 IP addresses.

s3-1-w.amazonaws.com
June 26, 2014

April 26, 2014

April 26, 2014

File downloads found at URLs served by zdl.downloadzone.org.

4 / 68      (Adware)
http://zdl.downloadzone.org/.../java_downloader.exe  (865f6e72e5dbf86cc23cb602e2f7f0fb)

6 / 68      (Adware)
http://zdl.downloadzone.org/.../java_setup.exe  (9fd77f869010036d2650da71cfb05abf)

The following 4 files have been seen to comunicate with zdl.downloadzone.org in live environments.

URL:
http://zdl.downloadzone.org/

Network:
Amazon Web Services (AWS)

SSL certificate subject:
CN=ssl2782.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, S=CA, C=US

SSL certificate issuer:
CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE

Web server:
AmazonS3