Page 1 of 2

iLivid network

Posted: Wed Sep 26, 2012 10:30 pm
by evilfantasy
This is a continuation from this topic: Please Check Out This Odd Couple TV Series Message Board

Part of the iLivid network of websites serving adware, malware and spam.

The iLivid network (Internet Live Video Player). They offer bundled downloads that include adware and malware. The iLivid WOT Scorecard has many negative remarks and ratings.

VirusTotal results for - Detection ratio: 6 / 30

List of domains/hosts

RE: iLivid network

Posted: Mon Oct 01, 2012 6:59 am
by Myxt
Search poisoning too. I thought I would try Googling> iLivid
and every return "seemed" to include that term, yet it is not found on the page.
Then I tried searching, and the SERPs look like Microsoft is all about iLivid.

There are some parked domains, named something else, with title tags = http(etc)
One of those,, is on an IP with 235,300 other screwy-looking hosts - e.g.

Here is (one of) the owner(s):

Another domain:

RE: iLivid network

Posted: Mon Oct 01, 2012 3:27 pm
by Jazspeak
The Virus Total report in the OP certainly raises some interesting observations about the malware and the inability of so many AV companies to identify the malware. With the ratio as strong as 6/30 it can be strongly suggested that there is malware. So why was Avira able to identify the presence of malware? Why were BitDefender and Sucuri unable to do so?

RE: Bandoo Media

Posted: Mon Oct 01, 2012 5:00 pm
by Amobirius
Ilivid is owned by "Bandoo Media" and " Musiclab, LLC" and "iMesh Inc". Which is meant to be just one company. -_-
Who owns:
And possibly more

List of domains/hosts

RE: iLivid network

Posted: Mon Oct 01, 2012 7:13 pm
by evilfantasy

List of domains/hosts

RE: Bandoo Media

Posted: Tue Oct 02, 2012 12:47 am
by Jazspeak
<quote user="amobirius">

Yes, I have come across these characters before, some time ago, and I recall getting an AV alert from malware on one of their sites.

RE: iLivid network

Posted: Tue Oct 02, 2012 3:42 am
by evilfantasy
<quote user="jazspeak">Yes, I have come across these characters before, some time ago, and I recall getting an AV alert from malware on one of their sites.[/quote]

Bearshare and iMesh have been around for many, many years (Bearshare December 2000). I'm surprised they are still "flying the same flag" and getting away with it. Limewire had also been around forever (May 2000) but they have had to shut down development when the online copyright laws caught up to the software. Just check out the Limewire Homepage. Frostwire (September 2004), a clone of Limewire, is still up and thriving though. Why just Limewire had to comply is beyond me. There is a new version of Limewire available under different programmers, on another website, but I will not mention the name here.

Back to Bandoo Media, Inc...

>>In my digging I found Koyote-Lab, Inc. Another website hosted on the same IP owned by Bandoo Media Inc. including adware and/or spyware in the software installer. <<


VirusTotal results 1 / 30 (Antiy-AVL - Malware site) - The registration for Koyote-Lab, Inc. is private and uses the same name servers as does iLivid, jZip and the others and hosted in the same country.

Part of the iLivid network.

Screenshots of Free Flv Converter install and pre-checked adware and/or spyware.
By default the installation of Free Flv Converter includes:
  • homepage
  • as default search
  • Torch Browser
  • Torch as default browser

List of domains/hosts

A few of these may be duplicates and others ARE mentioned in other WOT topics so if using the MRT place a check mark next to "Don't replace my earlier comments to avoid parsing your previous comments.

Some of the websites are listed in another topic.

List of domains/hosts

Note: is listed in some of the links in this topic (, but is not owned or hosted by Bandoo Media Inc. It's the help desk and live chat software that Bandoo Media Inc. uses and I have not found anything indicating the company is doing anything wrong or unethical.

RE: iLivid network

Posted: Tue Oct 02, 2012 4:07 am
by c۞g
From 2009: / Discordia Limited
might be worth check those old domains to see which are still active and associated to Discordia Limited.

Here are the domains which are hosted on IP:

List of domains/hosts
Random example:

Code: Select all
Download link points to: hXXp://
VT URL scan
BandooV8.exe - VT file scan

No Spyware / No Adware / No Trojans / No Popups
Web pages are rewritten as opposed to using pop-ups, pop-unders, etc.
No Adware?
- controlled advertisements are incorporated into the rewritten HTML as announced in the Terms of Use

You hereby acknowledge that the Applications use various tools to enhance Your view of Web pages which You browse by adding Bandoo features to them, such as, for example, emoticons, winks and ads. In order to provide such enhancements, the Applications automatically apply certain JavaScript code and/or other elements provided by Bandoo to the Web pages you view. By using this Site and/or the Applications, You agree and consent to having the Applications automatically apply such modifications to Web pages which you view for the purpose of adding (in Bandoo's sole discretion) any and all features and functionality currently provided by Bandoo and/or provided by Bandoo in the future.

I'm surprised hpHosts does not have this group of domains listed adware/spyware

Exploitation defined

RE: iLivid network

Posted: Tue Oct 02, 2012 4:58 am
by evilfantasy
Extra note:

I just noticed that Free Flv Converter placed a shortcut on my desktop for "Get The Best Facebook Chat Messenger" from hxxp:// Kind of funny as the shortcut does not work...

VirusTotal results 3 / 30

The website is owned by Koyote-Lab Inc., part of the iLivid network.

List of domains/hosts

RE: iLivid network

Posted: Tue Oct 02, 2012 5:23 am
by MysteryFCM
I've sent an email to the contacts I've got for iMesh/iLivid, as these issues were supposed to have been resolved.