home

dnld.ironcustapps.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain dnld.ironcustapps.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in April of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Northern California) region datacenter.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Dublin City, Ireland (IE)

Create date:
Monday, April 22, 2013

Expires date:
Saturday, April 22, 2017

Updated date:
Wednesday, March 30, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:
ironcustapps.com

Whois:
3 ironcustapps.com records

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Vba32 AntiVirus
Downware.InstallCore
72.73%

Dr.Web
Trojan.Packed.24524, Trojan.Packed.25266, Trojan.MulDrop5.10078, Adware.InstallCore.122, infected with Trojan.Packed.24524
63.64%

Reason Heuristics
PUP.Installer.STMSetup.j, PUP.Installer.WorldSetup.CC, PUP.Installer.IronPremium.e, PUP.Installer.IronPremium.CC, PUP.installCore.Installer, Threat.ironSource.Bundler, Threat.Installer.iSNS, Win32.Generic
59.09%

VIPRE Antivirus
InstallCore.b, Trojan.Win32.Generic, Threat.4150696, Threat.4786018
54.55%

Avira AntiVirus
ADWARE/InstallCore.Gen7, ADWARE/InstallCore.Gen9, TR/Dropper.Gen, ADWARE/InstallCore.MUP, PUA/InstallCore.Gen, PUA/InstallCore.Gen7
54.55%

ESET NOD32
Win32/InstallCore.IJ (variant), Win32/InstallCore.DN (variant), Win32/InstallCore.OY (variant), Win32/InstallCore.OI (variant)
50.00%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594, PE:Backdoor.Hupigon!6.1FD, PE:Malware.InstallCore!6.4
50.00%

ESET NOD32
Win32/Injected.F trojan, Win32/InstallCore.BY potentially unwanted application, Win32/InstallCore.CA.gen potentially unwanted application, Win32/InstallCore.VW potentially unwanted application
50.00%

Sophos
Install Core Click run software, Generic PUA HB, PUA 'Install Core Click run software'
45.45%

F-Prot
W32/InstallCore.R3.gen, W32/InstallCore.R.gen, W32/A-2d45491d, W32/A-dbe1ec51, W32/Sality.gen2
45.45%

AVG
MalSign.InstallC, InstallCore, Generic, MalSign.Generic, Win32/Sality
45.45%

McAfee
Artemis!BC7B2B5A0BA6, Artemis!652FC8EE874A, Artemis!415034D26494, Trojan.Artemis!FDD6AEA9E781, Trojan.Artemis!DF33D9FE4B20, Program.Artemis!479C264F9A1E, Artemis!83CEF0112309
40.91%

Comodo Security
ApplicUnwnt, UnclassifiedMalware, Application.Win32.Installcore.BA, Application.Win32.InstallCore.MZIV, Application.Win32.InstallCore.DQ
36.36%

K7 AntiVirus
Unwanted-Program , Trojan
31.82%

Fortinet FortiGate
Riskware/InstallCore, Riskware/InstallCore_JE
31.82%

The domain dnld.ironcustapps.com has been seen to resolve to the following 13 IP addresses.

54.231.237.9
s3-us-west-1-w.amazonaws.com
May 23, 2016

54.231.237.47
s3-us-west-1-w.amazonaws.com
April 21, 2016

54.231.237.79
s3-us-west-1-w.amazonaws.com
April 20, 2016

54.231.235.87
s3-us-west-1-w.amazonaws.com
April 13, 2016

54.231.233.66
s3-us-west-1-w.amazonaws.com
December 18, 2014

54.231.232.194
s3-us-west-1-w.amazonaws.com
December 2, 2014

176.32.116.17
s3-us-west-1-w.amazonaws.com
September 18, 2014

176.32.112.33
s3-us-west-1-w.amazonaws.com
May 28, 2014

176.32.116.9
s3-us-west-1-w.amazonaws.com
May 1, 2014

176.32.116.33
s3-us-west-1-w.amazonaws.com
April 25, 2014

204.246.163.145
s3-us-west-1-w.amazonaws.com
March 15, 2014

204.246.162.225
s3-us-west-1-w.amazonaws.com
February 6, 2014

176.32.116.25
s3-us-west-1-w.amazonaws.com
February 3, 2014

File downloads found at URLs served by dnld.ironcustapps.com.

10 / 68    (PUP)
http://dnld.ironcustapps.com/cust/.../Pivot_dnld_s_v2.0.exe  (0c592b8867636e3187fc0265c884c357)

1 / 68      (PUP)
http://dnld.ironcustapps.com/cust/FastCleanPro/.../Fast_Clean_ProSetup_v2.0.3.16646_400_PGRV2_signed_with_padding.exe  (2d59472fca52becafd3a2a00be58a1ec)

6 / 68      (PUP)
http://dnld.ironcustapps.com/cust/.../mHotspot_Setup_v2.0.1.10348_PGRV1.exe  (mhotspot-setup-v2.0.1.10348-pgrv1.exe)

18 / 68    (Adware)
http://dnld.ironcustapps.com/cust/.../Pivot_14042_s.exe  (94a1d12dd1df61cefbdfd8989b85a42d)

7 / 68      (Adware)
http://dnld.ironcustapps.com/cust/Norton/.../NortonSetup_v3.0.2.16155_772_PGRV3_ns.exe  (de0f6dccef02c776a5f2bfe7f9bd2960)

11 / 68    (Adware)
http://dnld.ironcustapps.com/cust/.../Fast_Clean_ProSetup_v1.0.6.19124_137_stub.exe  (3987d3506c304ab6d28a3ce3fdb8b523)

17 / 68    (Adware)
http://dnld.ironcustapps.com/cust/.../MD_Aff_Installer_Installer_v1.0.16.20236_386_demo.exe  (56731dfaafd18f1ab38237bda0bebc0d)

5 / 68      (Adware)
http://dnld.ironcustapps.com/cust/SimilarGroup/.../FlashlightBtns_d2m_Setup_v1.0.5.18248_demo.exe  (24916f1ee0694132d8954f90928bc84b)

5 / 68      (PUP)
http://dnld.ironcustapps.com/cust/.../Video_To_MP3_Setup_NortonSecurity3_d2m_demo.exe  (1fa66d9c6053b890bddf34a28f808ab6)

12 / 68    (Adware)
http://dnld.ironcustapps.com/cust/media_division/.../MD_Aff_Installer_CF_Installer_v1.0.1.21302_489_stub.exe  (2c5dd8bd9e6e53373ae71df760d8213a)

5 / 68      (Adware)
http://dnld.ironcustapps.com/cust/.../NortonSecurityCP1_D2M_Setup_v1.0.6.21875_749_demo.exe  (2f9ccc8f7bf052a07c3f7343243e1abc)

20 / 68    (Adware)
http://dnld.ironcustapps.com/cust/.../xvidSetup_v1.0.2.17661_061_stub.exe  (83cef0112309040edb5399f3e6ca7f26)

7 / 68      (Adware)
http://dnld.ironcustapps.com/cust/.../File_Viewer_Lite_Setup_v1.0.1.21313_467_stub.exe  (4c339258e8f99acca611c5bf9c0ef64b)

10 / 68    (Adware)
http://dnld.ironcustapps.com/cust/.../WinZip_Setup_v2.0.1.10210_PGRV1.exe  (a1b239de1de59ae22218a1f80294c719)

9 / 68      (Adware)
http://dnld.ironcustapps.com/cust/.../WinZip_Setup_v2.0.1.10210_PGRV1_OsTheme.exe  (509db1b7ee67232ff4b9dd1925b6b1e7)

6 / 68      (Adware)
http://dnld.ironcustapps.com/cust/.../GetmiroSetup_v2.0_pcf_signed_paded.exe  (479c264f9a1eefa9a5a6437afa4d95ea)

3 / 68      (PUP)
http://dnld.ironcustapps.com/cust/.../Pivot_StickFigure_Animator_Setup_v3.0.5.14828_773_stub.exe  (d0ae92c226fa0e68a27bd3a8de733d34)

0 / 68
http://dnld.ironcustapps.com/cust/.../Baixaki_Yahoo_no_checker_demo.exe  (7105b7ee1855f5722f8171a0a992a97a)

11 / 68    (Adware)
http://dnld.ironcustapps.com/cust/.../GetmiroSetup_v2.0.3.16800_699_padded.exe  (df33d9fe4b203653513dfde426f78365)

15 / 68    (Adware)
http://dnld.ironcustapps.com/cust/Pculture/.../GetmiroSetup_v2.0.6.18709_985_ready.exe  (fdd6aea9e781daf263871f593c28b301)

9 / 68      (PUP)
http://dnld.ironcustapps.com/cust/.../Pivot_dnld_s_v2.0.exe  (icreinstall_pivot_dnld_s_v2.0.exe)

7 / 68      (Adware)
http://dnld.ironcustapps.com/cust/pivotstick/.../Pivot_hrdc_ns.exe  (icreinstall_pivot_hrdc_ns.exe)

15 / 68    (Adware)
http://dnld.ironcustapps.com/cust/.../IP_ScanV2.0.4.14039.exe  (icreinstall_ip_scanv2.0.4.14039.exe)

The following 3 files have been seen to comunicate with dnld.ironcustapps.com in live environments.

TCP » 54.231.235.87:443
mp4tompg_setup.exe (Web generic by Program Soft Installer)

TCP » 54.231.237.79:443
webcampicturetaker_setup.exe (Internet by Software Internet)

TCP » 54.231.237.9:443
webcamrecorder_setup.exe (Software Program by web)

URL:
http://dnld.ironcustapps.com/

Network:
Amazon Web Services (AWS)

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.