cdnus.ironcdn.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain cdnus.ironcdn.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in March of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Frankfurt Am Main, Hessen within Germany which resides on the Leaseweb USA, Inc. network.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Hessen, Germany (DE)

Create date:
Wednesday, March 28, 2012

Expires date:
Tuesday, March 28, 2017

Updated date:
Sunday, February 21, 2016

ASN:
AS30633 LEASEWEB-US - Leaseweb USA, Inc.

Root domain:

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/InstallCore.AZ (variant), Win32/InstallCore.AF (variant), Win32/InstallCore.AY (variant), Win32/InstallCore.AW (variant)
73.47%

Reason Heuristics
PUP.NextRadioTV.I, PUP.NextRadioTV.W, PUP.NextRadioTV.R, PUP.NextRadioTV.O, PUP.NextRadioTV.E, PUP.NextRadioTV.X, PUP.NextRadioTV.T, Win32.Generic, PUP.installCore.NextRadioTV (M), PUP.installCore.Clickrunsoftware (M), Threat.Win.Reputation.IMP, PUP.installCore.NextRadi (M), PUP.installCore.Clickrun (M), PUP.ironSource (M)
73.47%

Dr.Web
Adware.InstallCore.80, Adware.InstallCore.55, Adware.InstallCore.72, Adware.InstallCore.53, Adware.MediaFinder.2, Adware.InstallCore.43
71.43%

F-Prot
W32/InstallCore.W.gen, W32/InstallCore.W2.gen, W32/InstallCore.G.gen, W32/InstallCore.V2.gen, W32/InstallCore.P.gen, W32/InstallCore.S.gen
69.39%

Avira AntiVirus
ADWARE/InstallCore.Gen, APPL/Downloader.Gen6, PUA/InstallCore.Gen
65.31%

Trend Micro House Call
TROJ_GEN.F47V1228, TROJ_GEN.F47V0131, TROJ_GEN.F47V1225, TROJ_GEN.F47V1222, TROJ_GEN.RCBH1CC, TROJ_GEN.F47V1223, TROJ_GEN.RCBH1CE, TROJ_GEN.RCBH1LM, TROJ_GEN.RCBH1AM
59.18%

Malwarebytes
PUP.Optional.InstallCore
59.18%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
59.18%

K7 AntiVirus
Trojan , Unwanted-Program
55.10%

Sophos
InstallCore ToDownload, Generic PUA JL, Install Core, Install Core Click run software
53.06%

AhnLab V3 Security
PUP/Win32.InstallCore, ASD.Prevention, Adware/Win32.InstallCore
51.02%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud), Win32.Troj.Agent.ac.(kcloud), Win32.Troj.InstallCore.(kcloud)
51.02%

Comodo Security
ApplicUnwnt.Win32.AdWare.Agent.~A, UnclassifiedMalware, Application.Win32.InstallCore.~A
48.98%

K7 Gateway Antivirus
Trojan , Unwanted-Program , Unwanted-File
46.94%

McAfee
Artemis!19EF503B0319, Artemis!803C759F7457, Artemis!B895F5F41BEF, Artemis!87C27D8A3D41, Artemis!3DF0A845B746, Artemis!B87A715E3A96, Artemis!2D6FE1E4DF49
46.94%

The domain cdnus.ironcdn.com has been seen to resolve to the following 7 IP addresses.

May 6, 2015

May 6, 2015

February 6, 2014

November 16, 2013

50.115.122.45.static.westdc.net
November 16, 2013

hosted-by.leaseweb.com
November 16, 2013

hosted-by.leaseweb.com
November 16, 2013

File downloads found at URLs served by cdnus.ironcdn.com.

1 / 68      (PUP)
http://cdnus.ironcdn.com/FreeRadioBarSetup.exe  (d49ed4fb90c04bcb6f0d30cf72076335)

1 / 68      (Malware)
http://cdnus.ironcdn.com/.../uTorrent.exe  (icreinstall_utorrent.exe)

1 / 68      (Adware)
http://cdnus.ironcdn.com/.../AVG.exe  (bc2e96a3b89013049527d225b5115205)

20 / 68    (Adware)
http://cdnus.ironcdn.com/.../Skype.exe  (icreinstall_skype.exe)

10 / 68    (PUP)
http://cdnus.ironcdn.com/.../Adobe-Flash-Player.exe  (366174f655be0eacf2111cb43d2dce71)

2 / 68      (PUP)
http://cdnus.ironcdn.com/.../Samsung-Kies.exe  (cf107a156943cf2614ab5965911f2be5)

13 / 68    (PUP)
http://cdnus.ironcdn.com/.../ITunes.exe  (63ee102b9b56a901281ae00af7e6773a)

1 / 68      (Malware)
http://cdnus.ironcdn.com/.../iTunes-64b.exe  (bae4801d3af79ba476b51d0258792940)

1 / 68      (Adware)
http://cdnus.ironcdn.com/.../Adobe-Flash-Player-64b.exe  (d00490f6bf33c5fef93750d9d88c0c2a)

5 / 68      (Adware)
http://cdnus.ironcdn.com/.../San-Andreas-Multiplayer.exe  (icreinstall_san-andreas-multiplayer.exe)

1 / 68      (Malware)
http://cdnus.ironcdn.com/.../Photoscape.exe  (3d7ec7ee50299ee2e478ed09a7fb64de)

1 / 68      (Adware)
http://cdnus.ironcdn.com/.../Nero12.exe  (bddcae7d7c72724a60363c1708da55ce)

25 / 68    (PUP)
http://cdnus.ironcdn.com/.../Opera.exe  (adobe-flash-player.exe)

1 / 68      (Adware)
http://cdnus.ironcdn.com/.../Winrar-393.exe  (d5977164f574aecfa670b9af0da71091)

1 / 68      (Adware)
http://cdnus.ironcdn.com/.../Winrar-420.exe  (0a2e4d659c0a91f55f5097ee6850f6fa)

18 / 68    (PUP)

9 / 68      (Adware)
http://cdnus.ironcdn.com/.../Adobe-Reader-X.exe  (20d5589057cff8357de0e2872ef68034)

23 / 68    (PUP)
http://cdnus.ironcdn.com/.../Daemon-Tools-Lite.exe  (2d6fe1e4df497715bab2ec14ecb4127b)

6 / 68      (PUP)
http://cdnus.ironcdn.com/.../Picasa.exe  (735395abb88a0f7e2e7c870c7fe1efb9)

22 / 68    (PUP)
http://cdnus.ironcdn.com/.../Winrar.exe  (212bbab83f5e068fcac2a3ab91ee0a55)

6 / 68      (PUP)
http://cdnus.ironcdn.com/.../Free-Video-Converter.exe  (7eae096e847717d70f5689e0c0f1b8fc)

22 / 68    (PUP)
http://cdnus.ironcdn.com/.../7ZIP.exe  (9f94f2dced9c6b1acc6c59284463f7aa)

9 / 68      (PUP)

26 / 68    (Adware)
http://cdnus.ironcdn.com/.../Rogue-Killer.exe  (ec9c1c2adc329f48a5709f5c34bf95c1)

26 / 68    (Adware)
http://cdnus.ironcdn.com/.../SopCast.exe  (b87a715e3a96335c62860ab478e31e72)

26 / 68    (Adware)
http://cdnus.ironcdn.com/.../TeamSpeak.exe  (9a0cb6aab8fe9fb0efa4488a37b411bc)

25 / 68    (Adware)
http://cdnus.ironcdn.com/.../HTTrack.exe  (3df0a845b746371c23282b63cee38f39)

26 / 68    (Adware)
http://cdnus.ironcdn.com/.../Nokia-PC-Suite.exe  (ccf41328d7cc88c2e502770a7f92d002)

26 / 68    (Adware)
http://cdnus.ironcdn.com/.../Visionneuse-PP-2007.exe  (ed766e4502461db58988c7fce27ee67b)

25 / 68    (Adware)
http://cdnus.ironcdn.com/.../Samsung-PC-Studio.exe  (803c759f7457876f0c43f6b3fabc1d0c)

 
Latest 30 of 76 download URLs

The following 449 files have been seen to comunicate with cdnus.ironcdn.com in live environments.

 
Latest 20 of 649 files

URL:
http://cdnus.ironcdn.com/

Web server:
nginx/1.0.10