The domain dnld.installcore.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in October of 2010. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Dublin City, Ireland (IE)
Wednesday, October 13, 2010
Tuesday, October 13, 2015
Monday, September 29, 2014
AS16509 AMAZON-02 - Amazon.com, Inc.
Detections (100% detected)
Click run software
Install Core Click run software
Win32/InstallCore.AF (variant), Win32/InstallCore.AJ (variant), Win32/InstallCore.AF potentially unwanted (variant)
Artemis!3BA57C5ED0F2, Artemis!B74690FA62ED, Artemis!E0EF30CA73F3
Threat.Win.Reputation.IMP, PUP.Installer.Clickrunsoftware.T, PUP.Installer.Clickrunsoftware.x, Threat.ironSource.Clickrunsoftware
The domain dnld.installcore.com has been seen to resolve to the following 5 IP addresses.
May 6, 2015
December 1, 2014
September 9, 2014
September 2, 2014
April 11, 2014
File downloads found at URLs served by dnld.installcore.com.
The following 8 files have been seen to comunicate with dnld.installcore.com in live environments.
Amazon Web Services (AWS)