home

94a90e1ca67ca3123e06-178b36d266a7cddd094eb5d7c80c5cfd.r61.cf2.rackcdn.com

Rackspace US, Inc.

Domain Information

The domain 94a90e1ca67ca3123e06-178b36d266a7cddd094eb5d7c80c5cfd.r61.cf2.rackcdn.com registered by Rackspace US, Inc. was initially registered in December of 2010 through CSC CORPORATE DOMAINS, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Miami, Florida within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
CSC CORPORATE DOMAINS, INC.

Server location:
Florida, United States (US)

Create date:
Wednesday, December 15, 2010

Expires date:
Thursday, December 15, 2016

Updated date:
Saturday, December 12, 2015

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.,US

Root domain:
rackcdn.com

Whois:
1 rackcdn.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

MicroWorld eScan
Gen:Variant.Kazy.354022
100.00%

Quick Heal
Rogue.FakePAV.g3 (Not a Virus)
100.00%

McAfee
Generic-FAPG!F90391DF671E
100.00%

Malwarebytes
Trojan.Kelihos
100.00%

K7 AntiVirus
Adware
100.00%

NANO AntiVirus
Trojan.Win32.FakeAV.cuhjqj
100.00%

Norman
Suspicious_Gen4.FWEYC
100.00%

Trend Micro House Call
TROJ_FAKEAV.YSUX
100.00%

avast!
Win32:Hoblig-B [Heur]
100.00%

Kaspersky
HEUR:Trojan.Win32.Generic
100.00%

Bitdefender
Gen:Variant.Kazy.354022
100.00%

Agnitum Outpost
Trojan.Agent
100.00%

Lavasoft Ad-Aware
Gen:Variant.Kazy.354022
100.00%

Emsisoft Anti-Malware
Gen:Variant.Kazy.354022
100.00%

Comodo Security
TrojWare.Win32.Kryptik.BVVK
100.00%

The domain 94a90e1ca67ca3123e06-178b36d266a7cddd094eb5d7c80c5cfd.r61.cf2.rackcdn.com has been seen to resolve to the following 2 IP addresses.

72.246.64.114
a72-246-64-114.deploy.akamaitechnologies.com
May 27, 2016

72.246.64.128
a72-246-64-128.deploy.akamaitechnologies.com
May 27, 2016

File downloads found at URLs served by 94a90e1ca67ca3123e06-178b36d266a7cddd094eb5d7c80c5cfd.r61.cf2.rackcdn.com.

32 / 68    (PUP)
http://94a90e1ca67ca3123e06-178b36d266a7cddd094eb5d7c80c5cfd.r61.cf2.rackcdn.com/432d034a9a2565118c829bb1cc1c47f1.exe  (svc-mklb.exe)

The following 6 files have been seen to comunicate with 94a90e1ca67ca3123e06-178b36d266a7cddd094eb5d7c80c5cfd.r61.cf2.rackcdn.com in live environments.

TCP » 72.246.64.128:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.246.64.128:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.246.64.128:80
browser.exe (Browser)

TCP » 72.246.64.128:443
browser.exe (speed browser by Fast Applications)

TCP » 72.246.64.114:80
wgetx.exe

TCP » 72.246.64.128:80
TBNotifier.exe (Ask TBNotifier by APN)

arkive.org

designspark.info

duplicate-remover.com

easy-hide-ip.com

firetrust.com

globalgoals.org

graphicsland.com

lastalias.com

nintendo.com

pdfpro10.com

soliddocuments.com

thinkbuzan.com

topalt.com

atari.com

barcodegiant.com

battlelinegame.com

cedeti.cl

clping.com

elm-lang.org

get-antimalware.com

happyfoto.sk

icenium.com

moneysavingexpert.com

mundotkm.com

myhorsefriends.com

neuxpower.com

noticias24.com

okozo.com

pdfreader-10.com

reallusion.com

30 of 37 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.