dnld.ironcustapps.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain dnld.ironcustapps.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in April of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Northern California) region datacenter.
Remove Malware from dnld.ironcustapps.com - Powered by Reason Core Security
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Dublin City, Ireland (IE)

Create date:
Monday, April 22, 2013

Expires date:
Wednesday, April 22, 2015

Updated date:
Sunday, March 30, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Vba32 AntiVirus
Downware.InstallCore
83.33%

Dr.Web
Trojan.Packed.24524, Trojan.Packed.25266, Trojan.MulDrop5.10078, Adware.InstallCore.122, infected with Trojan.Packed.24524
61.11%

VIPRE Antivirus
InstallCore.b, Trojan.Win32.Generic, Threat.4150696, Threat.4786018
61.11%

McAfee Web Gateway
Artemis!BC7B2B5A0BA6, Artemis!652FC8EE874A, Artemis!415034D26494, RDN/Generic.dx!czt, Artemis!DF33D9FE4B20, Artemis!479C264F9A1E
61.11%

Avira AntiVirus
ADWARE/InstallCore.Gen7, ADWARE/InstallCore.Gen9, TR/Dropper.Gen, ADWARE/InstallCore.MUP, PUA/InstallCore.Gen, PUA/InstallCore.Gen7
61.11%

Reason Heuristics
PUP.Installer.STMSetup.j, PUP.Installer.WorldSetup.CC, PUP.Installer.IronPremium.e, PUP.Installer.IronPremium.CC, PUP.installCore.Installer, Threat.ironSource.Bundler, Threat.Installer.iSNS
61.11%

ESET NOD32
Win32/Injected.F trojan, Win32/InstallCore.BY potentially unwanted application, Win32/InstallCore.CA.gen potentially unwanted application, Win32/InstallCore.VW potentially unwanted application
55.56%

ESET NOD32
Win32/InstallCore.IJ (variant), Win32/InstallCore.DN (variant), Win32/InstallCore.OY (variant), Win32/InstallCore.OI (variant)
50.00%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594, PE:Backdoor.Hupigon!6.1FD, PE:Malware.InstallCore!6.4
50.00%

Sophos
Install Core Click run software, Generic PUA HB, PUA 'Install Core Click run software'
50.00%

AVG
MalSign.InstallC, InstallCore, Generic, MalSign.Generic
50.00%

F-Prot
W32/InstallCore.R3.gen, W32/InstallCore.R.gen, W32/A-2d45491d, W32/A-dbe1ec51
44.44%

McAfee
Artemis!BC7B2B5A0BA6, Artemis!652FC8EE874A, Artemis!415034D26494, Trojan.Artemis!FDD6AEA9E781, Trojan.Artemis!DF33D9FE4B20, Program.Artemis!479C264F9A1E, Artemis!83CEF0112309
38.89%

Comodo Security
ApplicUnwnt, UnclassifiedMalware, Application.Win32.Installcore.BA, Application.Win32.InstallCore.MZIV, Application.Win32.InstallCore.DQ
38.89%

K7 Gateway Antivirus
Unwanted-Program , Trojan
33.33%

The domain dnld.ironcustapps.com has been seen to resolve to the following 9 IP addresses.

s3-us-west-1-w.amazonaws.com
December 18, 2014

s3-us-west-1-w.amazonaws.com
December 2, 2014

s3-us-west-1-w.amazonaws.com
September 18, 2014

s3-us-west-1-w.amazonaws.com
May 28, 2014

s3-us-west-1-w.amazonaws.com
May 1, 2014

s3-us-west-1-w.amazonaws.com
April 25, 2014

s3-us-west-1-w.amazonaws.com
March 15, 2014

s3-us-west-1-w.amazonaws.com
February 6, 2014

s3-us-west-1-w.amazonaws.com
February 3, 2014

File downloads found at URLs served by dnld.ironcustapps.com.

7 / 68      (Adware)

13 / 68    (Adware)

19 / 68    (Adware)

5 / 68      (PUP)

5 / 68      (Adware)

23 / 68    (Adware)

7 / 68      (Adware)

10 / 68    (Adware)

9 / 68      (Adware)

7 / 68      (Adware)

14 / 68    (Adware)

17 / 68    (Adware)

10 / 68    (PUP)

9 / 68      (Adware)

17 / 68    (Adware)
http://dnld.ironcustapps.com/cust/.../IP_ScanV2.0.4.14039.exe  (icreinstall_ip_scanv2.0.4.14039.exe)

URL:
http://dnld.ironcustapps.com/

Network:
Amazon Web Services (AWS)

Web server:
AmazonS3

Remove Malware from dnld.ironcustapps.com - Powered by Reason Core Security