The domain dnld.ironcustapps.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in April of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Northern California) region datacenter.
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Dublin City, Ireland (IE)
Monday, April 22, 2013
Wednesday, April 22, 2015
Sunday, March 30, 2014
AS16509 AMAZON-02 - Amazon.com, Inc.
Detections (95% detected)
Trojan.Packed.24524, Trojan.Packed.25266, Trojan.MulDrop5.10078, Adware.InstallCore.122, infected with Trojan.Packed.24524
InstallCore.b, Trojan.Win32.Generic, Threat.4150696, Threat.4786018
McAfee Web Gateway
Artemis!BC7B2B5A0BA6, Artemis!652FC8EE874A, Artemis!415034D26494, RDN/Generic.dx!czt, Artemis!DF33D9FE4B20, Artemis!479C264F9A1E
ADWARE/InstallCore.Gen7, ADWARE/InstallCore.Gen9, TR/Dropper.Gen, ADWARE/InstallCore.MUP, PUA/InstallCore.Gen, PUA/InstallCore.Gen7
PUP.Installer.STMSetup.j, PUP.Installer.WorldSetup.CC, PUP.Installer.IronPremium.e, PUP.Installer.IronPremium.CC, PUP.installCore.Installer, Threat.ironSource.Bundler, Threat.Installer.iSNS
Win32/Injected.F trojan, Win32/InstallCore.BY potentially unwanted application, Win32/InstallCore.CA.gen potentially unwanted application, Win32/InstallCore.VW potentially unwanted application
Win32/InstallCore.IJ (variant), Win32/InstallCore.DN (variant), Win32/InstallCore.OY (variant), Win32/InstallCore.OI (variant)
PE:Malware.XPACK-LNR/Heur!1.5594, PE:Backdoor.Hupigon!6.1FD, PE:Malware.InstallCore!6.4
Install Core Click run software, Generic PUA HB, PUA 'Install Core Click run software'
MalSign.InstallC, InstallCore, Generic, MalSign.Generic
W32/InstallCore.R3.gen, W32/InstallCore.R.gen, W32/A-2d45491d, W32/A-dbe1ec51
Artemis!BC7B2B5A0BA6, Artemis!652FC8EE874A, Artemis!415034D26494, Trojan.Artemis!FDD6AEA9E781, Trojan.Artemis!DF33D9FE4B20, Program.Artemis!479C264F9A1E, Artemis!83CEF0112309
ApplicUnwnt, UnclassifiedMalware, Application.Win32.Installcore.BA, Application.Win32.InstallCore.MZIV, Application.Win32.InstallCore.DQ
K7 Gateway Antivirus
Unwanted-Program , Trojan
The domain dnld.ironcustapps.com has been seen to resolve to the following 9 IP addresses.
December 18, 2014
December 2, 2014
September 18, 2014
May 28, 2014
May 1, 2014
April 25, 2014
March 15, 2014
February 6, 2014
February 3, 2014
File downloads found at URLs served by dnld.ironcustapps.com.
Amazon Web Services (AWS)