home

dl2.iqdownload.com

REACTIVATION PERIOD

Domain Information

The domain dl2.iqdownload.com registered by REACTIVATION PERIOD was initially registered in March of 2011 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Limelight Networks, Inc. network.
Registrar:
ENOM, INC.

Server location:
Virginia, United States (US)

Create date:
Thursday, March 17, 2011

Expires date:
Friday, March 17, 2017

Updated date:
Friday, March 18, 2016

ASN:
AS22822 LLNW-AS Limelight Networks, INC. proxy AS object

Root domain:
iqdownload.com

Whois:
4 iqdownload.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.W3i.K, PUP.Installer.W3i.M, PUP.Installer.W3i.g, Threat.InstallX.Installer, PUP.InstallX.W3i.Installer (M)
100.00%

Avira AntiVirus
APPL/InstallIQ.Gen5
40.00%

ESET NOD32
Win32/InstallIQ (variant)
40.00%

Trend Micro House Call
TROJ_GEN.F47V1231, TROJ_GEN.R047H0AIR13, TROJ_GEN.F47V1219
30.00%

Dr.Web
Adware.W3i.32
30.00%

VIPRE Antivirus
InstallIQ Installer
30.00%

Malwarebytes
PUP.Optional.InstallIQ.A
30.00%

Baidu Antivirus
Trojan.Win32.InstallIQ, Adware.Win32.InstallIQ
30.00%

Comodo Security
UnclassifiedMalware, Application.Win32.InstallIQ.NTZK
30.00%

Rising Antivirus
PE:PUF.InstallIQ!1.9E4F
20.00%

Trend Micro
Mal_Naix-5
20.00%

Prevx
High Risk Cloaked Malware
10.00%

Bkav FE
W32.Clod0ae.Trojan
10.00%

McAfee
Artemis!B4CD8262E255
10.00%

K7 AntiVirus
Unwanted-Program
10.00%

The domain dl2.iqdownload.com has been seen to resolve to the following 5 IP addresses.

204.11.56.48
August 25, 2016

98.124.243.44
February 4, 2016

64.74.223.44
January 4, 2016

208.111.161.254
cdn-208-111-161-254.iad.llnw.net
November 13, 2014

208.111.160.6
cdn-208-111-160-6.iad.llnw.net
November 13, 2014

File downloads found at URLs served by dl2.iqdownload.com.

18 / 68    (Adware)
http://dl2.iqdownload.com/lm/.../musicoasis.exe  (de4cf33ce6edb497c81d418f04ba26f6)

4 / 68      (Adware)
http://dl2.iqdownload.com/lm/.../mediaspacevideoplayer.exe  (5b30273affca9d0bdc7f6ebf5ce75f26)

1 / 68      (Adware)
http://dl2.iqdownload.com/lm/.../jenkatarcade.exe  (56dd9b9319fc9645ba2082af87e10789)

1 / 68      (Adware)
http://dl2.iqdownload.com/lm/.../whales.exe  (d3ca96b35110c698a15f0a78876e30ee)

11 / 68    (Adware)
http://dl2.iqdownload.com/lm/.../musicoasis.exe  (dbe968bab086c039cb8dba341c4ffb30)

1 / 68      (Adware)
http://dl2.iqdownload.com/lm/.../intunemp3.exe  (3e9255c355c0e37c8aa1988fa5876293)

1 / 68      (Adware)
http://dl2.iqdownload.com/lm/.../whales.exe  ({721b8b78-117f-487b-b253-273868b383ff})

1 / 68      (Adware)
http://dl2.iqdownload.com/lm/.../Audacity_40.exe  (d1d26b270ac52981aa6984c975a5f903)

8 / 68      (Adware)
http://dl2.iqdownload.com/lm/.../facepaint.exe  (13d5865aa011019279c1ed87d21784d4)

1 / 68      (Adware)
http://dl2.iqdownload.com/lm/.../jenkatarcade.exe  (4d0f64a0aefd90a141146fd7c26b557b)

The following 87 files have been seen to comunicate with dl2.iqdownload.com in live environments.

TCP » 208.111.161.254:80
AppVerifierapc.exe (AppApcVerifier)

TCP » 208.111.160.6:80
AppVerifierapc.exe (AppApcVerifier)

TCP » 208.111.161.254:80
crossbrowse.exe (Crossbrowse)

TCP » 208.111.160.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.161.254:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.161.254:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 208.111.160.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.160.6:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 208.111.160.6:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.161.254:80
Patcher.exe (Audition Patcher by Axeso5.com)

TCP » 208.111.161.254:80
sysmon.exe (SysMon)

TCP » 208.111.160.6:80
SimpleMalwareProtector.exe (Simple Malware Protector by SimpleStar)

TCP » 208.111.161.254:80
AdvancedSystemProtector.exe (ASP)

TCP » 208.111.160.6:80
AdvancedSystemProtector.exe (ASP)

TCP » 208.111.161.254:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.160.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.160.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.161.254:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.160.6:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.161.254:443
vosteran.exe

 
Latest 20 of 137 files

URL:
http://dl2.iqdownload.com/

Google Analytics:
UA-2249740

Title:
“Iqdownload.com”

Description:
“Find Cash Advance, Debt Consolidation and more at Iqdownload.com. Get the best of Insurance or Free Credit Report, browse our section on Cell Phones or learn about Life Insurance. Iqdownload.com is the site for Cash Advance.”

Web server:
Microsoft-IIS/8.5 (ASP.NET) (Version: 4.0.30319)

07zbu0gt6.com

08i8b4384.com

0g32br5rsg.com

0hnuuf2.com

0j2fxpvon.com

0k8wezr.com

0nosjf31uh.com

0o99hbzi.com

0p78qfr8q7.com

0softwaredreams.com

0uezhjx.com

0vin60f6.com

0x1m8x59b.com

1-vinstaller.com

1000descargas.com

123-telecharger.com

18v3y9y0ob.com

1btvoy0pn.com

1mmkkv2sfi.com

1r2qzosuf.com

1sfrtvms6.com

1tvonline.net

2-vinstaller.com

225bkry1.com

22aaf3.com

27call.com

27q2gqueo.com

29u3wfmjg.com

2k18x8b34s.com

2m891odz.com

30 of 685 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.