home

content.ignitioninstaller.com

PERFECT PRIVACY, LLC  (Proxy Registrant)

Domain Information

The domain content.ignitioninstaller.com is registered by proxy through Network Solutions, LLC and was originally registered in January of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
Network Solutions, LLC

Server location:
Virginia, United States (US)

Create date:
Friday, January 25, 2013

Expires date:
Wednesday, January 25, 2017

Updated date:
Wednesday, November 26, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
ignitioninstaller.com

Whois:
3 ignitioninstaller.com records

Scanner detections:
Detections  (83% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.IgnitionInstaller.M, PUP.Installer.BundloreLimited.F, PUP.Installer.IgnitionInstaller.F, PUP.IgnitionInstaller.e, PUP.IgnitionInstaller.CC, PUP.Installer.DigitalPluginSL.F, PUP.Systweak.ThePhone.Installer.Meta (L), DownloadManager.Air Software, PUP.Adknowledge.FileMonarch.Bundler (M), PUP.Verti.IgnitionInstaller.Installer (M), PUP.installCore.FriedCookie.Installer (M), PUP.Tuguu.TuguuU.Bundler (M), PUP.Bundlore.INTERMED.Bundler (M)
96.77%

VIPRE Antivirus
Ignition Installer, Bundlore, Threat.4790114, Threat.4150696, Iminent, Optimum Installer
70.97%

Malwarebytes
PUP.Optional.Ignition.A, PUP.Optional.Bundlore, PUP.Optional.DomaIQ, PUP.Optional.AirAdInstaller, PUP.Optional.OptimunInstaller
45.16%

Trend Micro House Call
TROJ_GEN.F47V0920, TROJ_GEN.F47V0403, TROJ_GEN.F47V0703, ADW_BHO, TROJ_GE.957BE1AA, TROJ_GEN.F47V1121, TROJ_GEN.F47V1204
41.94%

Dr.Web
Adware.Downware.1732, Adware.Downware.2039, Adware.Downware.1758, Trojan.Packed.28257, Adware.Downware.9532, Trojan.DownLoader11.30629
41.94%

ESET NOD32
Win32/Bundlore (variant), MSIL/Verti (variant), Win32/SoftPulse (variant)
35.48%

AVG
Skodna.Generic_c, MalSign.Bundlo, Adware AdPlugin
19.35%

Agnitum Outpost
Riskware.Agent, PUA.AirAd, Trojan.Agent
19.35%

McAfee
Artemis!7FA7B38A12E2, Artemis!4DC7D10FB20C, Program.SoftPulse, Trojan.Artemis!757FB24A0964, Trojan.Artemis!46F8749DEF37
16.13%

Avira AntiVirus
SPR/Bundlore.A, TR/Dropper.Gen, TR/Trash.Gen, ADWARE/Adware.Gen, Adware/iBryte.bxoh
16.13%

IKARUS anti.virus
PUA.Bundlore, PUA.DigiPlug, PUA.MSIL.Verti, AdWare.AirAdInstaller, Trojan.Win32.Buzus
16.13%

Comodo Security
Application.Win32.Bundlore.A, Application.Win32.SoftPulse.E, Packed.Win32.MUPX.Gen, Application.Win32.AgentCV.HWYE
12.90%

herdProtect (fuzzy)
a variant of 1eed21943b1447e01b6eda98d8971d4465380b53, a variant of 4053b90dbc12acf4edd661d7438ea9172be2a443, a variant of 013b22077efbcb94f2e828cbaeec68597c47eea1
12.90%

K7 AntiVirus
Trojan , Unwanted-Program
12.90%

NANO AntiVirus
Trojan.Win32.Softpulse.dcouet, Riskware.Win32.BitCoinMiner.dcqpup, Riskware.Win32.AirAdInstaller.dlqckn, Trojan.Win32.IBryte.ddwawl
12.90%

The domain content.ignitioninstaller.com has been seen to resolve to the following 187 IP addresses.

52.84.125.232
server-52-84-125-232.iad16.r.cloudfront.net
July 21, 2016

52.84.125.230
server-52-84-125-230.iad16.r.cloudfront.net
July 21, 2016

52.84.125.123
server-52-84-125-123.iad16.r.cloudfront.net
July 21, 2016

52.84.125.89
server-52-84-125-89.iad16.r.cloudfront.net
July 21, 2016

52.84.125.71
server-52-84-125-71.iad16.r.cloudfront.net
July 21, 2016

52.84.125.61
server-52-84-125-61.iad16.r.cloudfront.net
July 21, 2016

52.84.125.38
server-52-84-125-38.iad16.r.cloudfront.net
July 21, 2016

54.192.19.152
server-54-192-19-152.iad12.r.cloudfront.net
July 15, 2016

54.192.19.144
server-54-192-19-144.iad12.r.cloudfront.net
July 15, 2016

54.192.19.89
server-54-192-19-89.iad12.r.cloudfront.net
July 15, 2016

54.192.19.39
server-54-192-19-39.iad12.r.cloudfront.net
July 15, 2016

54.192.19.29
server-54-192-19-29.iad12.r.cloudfront.net
July 15, 2016

54.192.19.24
server-54-192-19-24.iad12.r.cloudfront.net
July 15, 2016

54.192.19.9
server-54-192-19-9.iad12.r.cloudfront.net
July 15, 2016

54.192.19.165
server-54-192-19-165.iad12.r.cloudfront.net
July 15, 2016

52.84.125.240
server-52-84-125-240.iad16.r.cloudfront.net
June 28, 2016

52.84.125.236
server-52-84-125-236.iad16.r.cloudfront.net
June 28, 2016

52.84.125.211
server-52-84-125-211.iad16.r.cloudfront.net
June 28, 2016

52.84.125.177
server-52-84-125-177.iad16.r.cloudfront.net
June 28, 2016

52.84.125.146
server-52-84-125-146.iad16.r.cloudfront.net
June 28, 2016

52.84.125.32
server-52-84-125-32.iad16.r.cloudfront.net
June 28, 2016

52.84.125.18
server-52-84-125-18.iad16.r.cloudfront.net
June 28, 2016

52.84.125.15
server-52-84-125-15.iad16.r.cloudfront.net
June 28, 2016

52.85.142.95
server-52-85-142-95.iad12.r.cloudfront.net
May 24, 2016

52.85.142.73
server-52-85-142-73.iad12.r.cloudfront.net
May 24, 2016

52.85.142.52
server-52-85-142-52.iad12.r.cloudfront.net
May 24, 2016

52.85.142.46
server-52-85-142-46.iad12.r.cloudfront.net
May 24, 2016

52.85.142.224
server-52-85-142-224.iad12.r.cloudfront.net
May 24, 2016

52.85.142.181
server-52-85-142-181.iad12.r.cloudfront.net
May 24, 2016

52.85.142.158
server-52-85-142-158.iad12.r.cloudfront.net
May 24, 2016

 
Showing 30 of 187 IP Addresses

File downloads found at URLs served by content.ignitioninstaller.com.

4 / 68      (Adware)
http://content.ignitioninstaller.com/stub/.../Whitesmoke_IgnitionInstaller.exe  (27fe097077ecf6a81fb4af0559a2f122)

1 / 68      (Adware)
http://content.ignitioninstaller.com/stub/.../setup.exe  (900b7e1f4e9411cdee7810377c683781)

4 / 68      (Adware)
http://content.ignitioninstaller.com/stub/.../NextGenMediaPlayer_IgnitionInstaller.exe  (6f03a19942ef01931a5704b3820bb001)

The following 255 files have been seen to comunicate with content.ignitioninstaller.com in live environments.

TCP » 52.85.142.224:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.39:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.195.158:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.146:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.192.19.9:80
ed2k.exe (aMuleall by http://www.amuleall.org/)

TCP » 54.192.19.24:80
saber.exe

TCP » 54.192.19.29:443
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.195.158:443
onlineguardian-v2.exe

TCP » 54.192.19.144:80
uncheckitupdate.exe (Uncheckit Module by EVANGEL TECHNOLOGY (HK) LIMITED)

TCP » 52.84.125.61:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.29:80
smu.exe (W by Search Module)

TCP » 54.192.19.152:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.84.125.211:443
clearscreenplayerbrowser.exe

TCP » 52.84.125.18:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.230.51.228:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.39:443
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.19.144:80
uvconverter.exe

TCP » 54.192.19.24:80
wfini.exe (Trend Service by Trend)

TCP » 52.84.125.71:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.85.142.104:80
UCBrowser.exe (UC Browser by UCWeb)

 
Latest 20 of 390 files

URL:
http://content.ignitioninstaller.com/

Network:
Amazon Cloudfront

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.