home

49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com

Rackspace US, Inc.

Domain Information

The domain 49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com registered by Rackspace US, Inc. was initially registered in December of 2010 through CSC CORPORATE DOMAINS, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Los Angeles, California within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
CSC CORPORATE DOMAINS, INC.

Server location:
California, United States (US)

Create date:
Wednesday, December 15, 2010

Expires date:
Thursday, December 15, 2016

Updated date:
Saturday, December 12, 2015

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V., US

Root domain:
rackcdn.com

Whois:
1 rackcdn.com record

Scanner detections:
Detections  (91% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Extension.ChromePlugin, Adware.Plugin.Meta, (M), PUP.Montiera.KeepMySearch (M), PUP.OPTIADS (M), Threat.Win.Reputation.IMP, PUP.Babylon.Banylon.Installer (M), Adware.Toolbar
88.64%

Norman
Downloader, Trojan.GenericKD.3195977, Gen:Variant.Razy.46920, Trojan.GenericKD.3196158, Win32.Neshta.A
18.18%

F-Secure
Variant.Razy.46920, Trojan.GenericKD.3196158
9.09%

Qihoo 360 Security
Win32/Virus.Adware.331, HEUR/QVM42.1.Malware.Gen, Win32/Trojan.dff
6.82%

ESET NOD32
Win32/Toolbar.Montiera.Z potentially unwanted (variant), Win32/Toolbar.Montiera.AE potentially unwanted (variant), Win32/Toolbar.Montiera.G potentially unwanted (variant)
6.82%

Dr.Web
Adware.Searcher.2781, Adware.Searcher.2939, Win32.HLLP.Neshta
6.82%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4276445
6.82%

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.201006, Gen:Variant.Mikey.36279, Win32.Neshta
6.82%

AVG
Generic, Generic37, Win32.Generic.WC
6.82%

avast!
Win32:Malware-gen, Win32:Apanas [Trj], Win32:Adware-gen [Adw]
6.82%

Avira AntiVirus
Adware/AgentCV.A.10093, PUA/Montiera.Gen7
4.55%

MicroWorld eScan
Gen:Variant.Adware.Graftor.201006, Gen:Variant.Mikey.36279
4.55%

Malwarebytes
PUP.Optional.KeepMySearch.SID.A, PUP.Optional.KeytoSearch.A
4.55%

Bitdefender
Gen:Variant.Adware.Graftor.201006, Gen:Variant.Mikey.36279
4.55%

K7 AntiVirus
Unwanted-Program , Adware
4.55%

The domain 49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com has been seen to resolve to the following 17 IP addresses.

207.126.104.113
207.126.104.113.available.above.net
July 21, 2016

207.126.104.115
207.126.104.115.available.above.net
July 18, 2016

72.246.64.128
a72-246-64-128.deploy.akamaitechnologies.com
June 28, 2016

67.135.105.18
June 27, 2016

67.135.105.24
June 27, 2016

207.126.104.107
207.126.104.107.available.above.net
June 4, 2016

207.126.104.120
207.126.104.120.available.above.net
June 4, 2016

96.17.170.33
a96-17-170-33.deploy.akamaitechnologies.com
May 15, 2016

96.17.170.9
a96-17-170-9.deploy.akamaitechnologies.com
April 14, 2016

96.17.170.19
a96-17-170-19.deploy.akamaitechnologies.com
April 14, 2016

72.246.64.130
a72-246-64-130.deploy.akamaitechnologies.com
February 7, 2016

72.246.64.113
a72-246-64-113.deploy.akamaitechnologies.com
February 7, 2016

72.246.64.122
a72-246-64-122.deploy.akamaitechnologies.com
February 3, 2016

96.17.161.138
a96-17-161-138.deploy.akamaitechnologies.com
January 5, 2016

96.17.161.106
a96-17-161-106.deploy.akamaitechnologies.com
January 5, 2016

63.158.227.58
63-158-227-58.dia.static.qwest.net
January 4, 2016

63.158.227.16
63-158-227-16.dia.static.qwest.net
January 4, 2016

File downloads found at URLs served by 49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com.

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/babylon_2.2.0.0_cn.exe  (6_offer_5.exe)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/babylon_2.2.4.0_cn.exe  (b7c29adb20099549e5a5c746eca12a39)

1 / 68      (Adware)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/max-start_p.exe  (7f665c29764fa5a8a5a30fe082391d4d)

0 / 68
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/bbjoin1_1.3.26.6_cn.exe  (join.exe)

9 / 68      (Malware)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/buenosearch_2.2.0.0_cn.exe  (tbclient.exe)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/delta_2.2.4.0_cn.exe  (delta toolbarupdt.exe)

2 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/mixidj_2.1.0.0_cn.exe  (mixidj toolbarupdt.exe)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/dalesearch_2.2.4.0_cn.exe  (dalesearchupdt.exe)

1 / 68      (Adware)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/Max-Start-Setup.exe  (488e4006374fed96073faf5fb7c6e473)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/buenosearch_2.2.4.0_cn.exe  (buenosearchupdt.exe)

19 / 68    (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/chrome-delta_2.2.3.0_cn.exe  (ba58a9ddbe7eff4f16f5014af04a9f3d)

3 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/chrome-delta_2.2.0.0_cn.exe  (tbclient.exe)

1 / 68      (inconclusive)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/BaiduAV.exe  (bav_setup.exe)

3 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/dalesearch_2.2.0.0_cn.exe  (f5b0ae4128597eb285f57f411e82ec2c)

0 / 68
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/delta_2.1.0.0_cn.exe  (tbclient.exe)

1 / 68      (Adware)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/vlcDis4U.exe  (9401bb9aa24c43a851cae50f40d3526c)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/claro_2.0.1.0_cn.exe  (claro toolbarupdt.exe)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/claro_2.1.0.0_cn.exe  (claro toolbarupdt.exe)

0 / 68
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/btclient_1.3.25.0_cn.exe  (join.exe)

3 / 68      (Malware)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/chrome-delta_2.2.0.1_cn.exe  (c8381aa8f733d517672b3076817e44cc)

2 / 68      (Malware)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/delta_2.2.0.0_cn.exe  (52418830fda0d496c871ad7bd93aed43)

1 / 68      (Adware)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/vlcDisAmb.exe  (fbbcf00322b581d07a548e76f8d54db0)

4 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/BAV.exe  (bav_setup.exe)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/safeads_1.3.28.0_cn.exe  (6_offer_5.exe)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/claro_1.4.5.0_cn.exe  (tbclient.exe)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/dalesearch_2.1.0.0_cn.exe  (tbclient.exe)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/mixidj_2.0.1.1_cn.exe  (mixidj toolbarupdt.exe)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/babylon_2.1.0.0_cn.exe  (tbclient.exe)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/buenosearch_2.1.0.0_cn.exe  (9056c9b5283d0513f17d3f42fbb092ff)

1 / 68      (PUP)
http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/searchgol_2.0.1.1_cn.exe  (searchgol toolbarupdt.exe)

 
Latest 30 of 64 download URLs

The following 19 files have been seen to comunicate with 49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com in live environments.

TCP » 72.246.64.113:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 96.17.170.33:80
browser.exe (Speed Browser by Long Mile Solutions)

TCP » 72.246.64.113:80
whatsapptime.exe

TCP » 72.246.64.130:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 96.17.170.9:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 72.246.64.130:80
browser.exe (speed browser by Smart Applications)

TCP » 96.17.170.19:80
free ride games.exe (FreeRide Games by Exent Technologies)

TCP » 72.246.64.128:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 96.17.170.19:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 96.17.170.33:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.246.64.128:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.246.64.128:80
browser.exe (Browser)

TCP » 72.246.64.128:443
browser.exe (speed browser by Fast Applications)

TCP » 96.17.170.19:443
browser.exe (Browser)

TCP » 72.246.64.113:80
updateneurowise.exe

TCP » 72.246.64.113:80
client.exe (ClientWrapper)

TCP » 96.17.170.33:80
browser.exe (Browser)

TCP » 72.246.64.113:80
crossbrowse.exe (Crossbrowse)

TCP » 72.246.64.113:80
messengertime.exe

TCP » 72.246.64.128:80
TBNotifier.exe (Ask TBNotifier by APN)

 
Latest 20 of 33 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.