dnld.ironcust.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain dnld.ironcust.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in September of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Remove Malware from dnld.ironcust.com - Powered by Reason Core Security
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Dublin City, Ireland (IE)

Create date:
Wednesday, September 05, 2012

Expires date:
Saturday, September 05, 2015

Updated date:
Monday, August 25, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Avira AntiVirus
ADWARE/InstallCore.Gen, ADWARE/InstallCore.Gen7, TR/ATRAPS.Gen2
86.36%

ESET NOD32
Win32/InstallCore.AZ potentially unwanted application, Win32/InstallCore.BH potentially unwanted application, Win32/InstallCore.BY potentially unwanted application, Win32/Kryptik.PWA trojan, Win32/Kryptik.PVK trojan
81.82%

F-Prot
W32/InstallCore.W.gen, W32/InstallCore.G4.gen, W32/InstallCore.R.gen, W32/InstallCore.S.gen, W32/InstallCore.I.gen
72.73%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594, PE:Malware.InstallCore!6.4, PE:Malware.DealPly!6.27D, PE:AdWare.Win32.InstallCore.i!1075350952
63.64%

Sophos
Install Core Click run software, InstallCore ToDownload
59.09%

Antiy Labs AVL
Trojan/Win32.Tgenic, Trojan[Dropper]/Win32.FrauDrop, Trojan/Win32.SGeneric, Trojan[Backdoor]/Win32.Banito
50.00%

Vba32 AntiVirus
Downware.InstallCore
50.00%

McAfee Web Gateway
BehavesLike.Win32.Generic.tc, BehavesLike.Win32.Generic.jc, BehavesLike.Win32.Sality.th, BehavesLike.Win32.Yahlover.th
40.91%

Malwarebytes
PUP.Optional.InstallCore
40.91%

K7 AntiVirus
Trojan , Unwanted-Program , Adware
36.36%

K7 Gateway Antivirus
Trojan , Unwanted-Program , Adware
36.36%

Dr.Web
Adware.InstallCore.122, Adware.InstallCore.239, Adware.InstallCore.53, Adware.InstallCore.82
31.82%

VIPRE Antivirus
Threat.4786018
27.27%

avast!
Win32:Installer-I [PUP]
27.27%

AVG
Generic
22.73%

The domain dnld.ironcust.com has been seen to resolve to the following 7 IP addresses.

s3-1-w.amazonaws.com
September 18, 2014

s3-1-w.amazonaws.com
September 18, 2014

s3-1-w.amazonaws.com
September 18, 2014

s3-1-w.amazonaws.com
September 18, 2014

s3-1-w.amazonaws.com
September 18, 2014

s3-1-w.amazonaws.com
September 18, 2014

s3-1-w.amazonaws.com
April 11, 2014

File downloads found at URLs served by dnld.ironcust.com.

3 / 68      (PUP)
http://dnld.ironcust.com/cust/.../Comodo_Internet_SecuritySetup_v1.0.1.6448_noOffer.exe  (icreinstall_comodo_internet_securitysetup_v1.0.1.6448_nooffer.exe)

6 / 68      (Adware)
http://dnld.ironcust.com/cust/.../Movie_Studio_PlatinumSetup_v1.0.3.5737_noOffer.exe  (icreinstall_movie_studio_platinumsetup_v1.0.3.5737_nooffer.exe)

8 / 68      (PUP)

5 / 68      (Malware)
http://dnld.ironcust.com/cust/.../Avira_Setup_Skin1.exe  (62b7d548cccce007b65f2dc62314acff)

5 / 68      (Adware)

7 / 68      (PUP)

8 / 68      (PUP)

8 / 68      (PUP)

9 / 68      (PUP)

11 / 68    (PUP)

11 / 68    (PUP)

9 / 68      (PUP)

12 / 68    (Adware)

10 / 68    (Adware)

9 / 68      (PUP)

10 / 68    (PUP)

10 / 68    (PUP)

18 / 68    (PUP)
http://dnld.ironcust.com/cust/.../yahoo_mobile_v3.exe  (ae10d6a84b30383b1dbcff833dbb9161)

5 / 68      (PUP)

The following 12 files have been seen to comunicate with dnld.ironcust.com in live environments.

URL:
http://dnld.ironcust.com/

Network:
Amazon Web Services (AWS)

Web server:
AmazonS3

Remove Malware from dnld.ironcust.com - Powered by Reason Core Security