The domain dnld.ironcustapps.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in April of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Northern California) region datacenter.
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Dublin City, Ireland (IE)
Monday, April 22, 2013
Saturday, April 22, 2017
Wednesday, March 30, 2016
AS16509 AMAZON-02 - Amazon.com, Inc.
Detections (96% detected)
Trojan.Packed.24524, Trojan.Packed.25266, Trojan.MulDrop5.10078, Adware.InstallCore.122, infected with Trojan.Packed.24524
PUP.Installer.STMSetup.j, PUP.Installer.WorldSetup.CC, PUP.Installer.IronPremium.e, PUP.Installer.IronPremium.CC, PUP.installCore.Installer, Threat.ironSource.Bundler, Threat.Installer.iSNS, Win32.Generic
InstallCore.b, Trojan.Win32.Generic, Threat.4150696, Threat.4786018
McAfee Web Gateway
Artemis!BC7B2B5A0BA6, Artemis!652FC8EE874A, Artemis!415034D26494, RDN/Generic.dx!czt, Artemis!DF33D9FE4B20, Artemis!479C264F9A1E
ADWARE/InstallCore.Gen7, ADWARE/InstallCore.Gen9, TR/Dropper.Gen, ADWARE/InstallCore.MUP, PUA/InstallCore.Gen, PUA/InstallCore.Gen7
Win32/InstallCore.IJ (variant), Win32/InstallCore.DN (variant), Win32/InstallCore.OY (variant), Win32/InstallCore.OI (variant)
PE:Malware.XPACK-LNR/Heur!1.5594, PE:Backdoor.Hupigon!6.1FD, PE:Malware.InstallCore!6.4
Win32/Injected.F trojan, Win32/InstallCore.BY potentially unwanted application, Win32/InstallCore.CA.gen potentially unwanted application, Win32/InstallCore.VW potentially unwanted application
Install Core Click run software, Generic PUA HB, PUA 'Install Core Click run software'
W32/InstallCore.R3.gen, W32/InstallCore.R.gen, W32/A-2d45491d, W32/A-dbe1ec51, W32/Sality.gen2
MalSign.InstallC, InstallCore, Generic, MalSign.Generic, Win32/Sality
Artemis!BC7B2B5A0BA6, Artemis!652FC8EE874A, Artemis!415034D26494, Trojan.Artemis!FDD6AEA9E781, Trojan.Artemis!DF33D9FE4B20, Program.Artemis!479C264F9A1E, Artemis!83CEF0112309
ApplicUnwnt, UnclassifiedMalware, Application.Win32.Installcore.BA, Application.Win32.InstallCore.MZIV, Application.Win32.InstallCore.DQ
K7 Gateway Antivirus
Unwanted-Program , Trojan
The domain dnld.ironcustapps.com has been seen to resolve to the following 13 IP addresses.
May 23, 2016
April 21, 2016
April 20, 2016
April 13, 2016
December 18, 2014
December 2, 2014
September 18, 2014
May 28, 2014
May 1, 2014
April 25, 2014
March 15, 2014
February 6, 2014
February 3, 2014
File downloads found at URLs served by dnld.ironcustapps.com.
The following 3 files have been seen to comunicate with dnld.ironcustapps.com in live environments.
Amazon Web Services (AWS)