down.ruanmei.com

Zhangkai

Domain Information

The domain down.ruanmei.com registered by Zhangkai was initially registered in May of 2006 through 35 TECHNOLOGY CO., LTD. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Hangzhou, Zhejiang within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
35 TECHNOLOGY CO., LTD

Server location:
Zhejiang, China (CN)

Create date:
Thursday, May 04, 2006

Expires date:
Thursday, May 04, 2017

Updated date:
Tuesday, March 25, 2014

ASN:
AS4134 CHINANET-BACKBONE No.31,Jin-rong Street,CN

Root domain:

Scanner detections:
Detections  (91% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.QingdaoRuanmeiNetworkTechnologyCoLtd.R, PUP.Installer.QingdaoRuanmeiNetworkTechnologyCoLtd.S, PUP.Installer.QingdaoRuanmeiNetworkTechnologyCoLtd.X, PUP.Installer.QingdaoRuanmeiNetworkTechnologyCoLtd.Q, PUP.QingdaoRuanmeiNetworkTechnology.Installer (M), PUP.QingdaoRuanmeiNetworkTechnology (M), PUP.QingdaoR.Installer (M), PUP (M)
95.45%

Rising Antivirus
PE:Trojan.Win32.Generic.1293B169!311669097, PE:Worm.Autorun!1.9EE3, PE:Malware.XPACK/RDM!5.1
40.91%

Dr.Web
Trojan.Moky.19, Trojan.Carberp.1395, Trojan.Siggen4.45560, DLOADER.Trojan
31.82%

McAfee
Artemis!83CE39AD3562, Artemis!A65FFC4B0913, Artemis!753032EC4D62, Artemis!0A237B244A59, Artemis!6C6B2676C944, Artemis!0E24B43D932B, Artemis!71D3CB1A708C
31.82%

McAfee Web Gateway
Artemis!83CE39AD3562, Artemis!A65FFC4B0913, Artemis!753032EC4D62, Artemis!0A237B244A59
22.73%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, BScope.Trojan.Agent
22.73%

Trend Micro House Call
TROJ_GEN.F47V0527, Suspicious_GEN.F47V0330, Suspicious_GEN.F47V0419
13.64%

IKARUS anti.virus
Trojan.SuspectCRC, Trojan.Win32.Agent, Virus.Win32.Sality
13.64%

G Data
Win32.Trojan.Agent.6YOJG1
9.09%

Bkav FE
W32.HfsAdware, HW32.Packed
9.09%

The Hacker
Posible_Worm32
4.55%

NANO AntiVirus
Trojan.Win32.Stanit.cuckfy
4.55%

Sophos
Address Tool Bar
4.55%

Antiy Labs AVL
Trojan[:HEUR]/Win32.AGeneric
4.55%

Zillya! Antivirus
Downloader.Agent.Win32.281665
4.55%

The domain down.ruanmei.com has been seen to resolve to the following 7 IP addresses.

May 2, 2015

January 5, 2015

June 22, 2014

April 14, 2014

March 15, 2014

December 29, 2013

December 29, 2013

File downloads found at URLs served by down.ruanmei.com.

1 / 68      (Adware)

1 / 68      (Adware)

6 / 68      (Adware)

3 / 68      (Adware)
http://down.ruanmei.com//.../rmup.exe  (ba097af238748fcd33a17f2f7576a9c4)

3 / 68      (Adware)
http://down.ruanmei.com//pcmaster/files/.../rmup.exe  (baecd4d060682f6416e5de90e03ce5a9)

1 / 68      (Adware)
http://down.ruanmei.com/.../pcmastersetup_5.07.exe  (a6838556a9de3df8aebb5802a8fffae5)

0 / 68

1 / 68      (Adware)

1 / 68      (Adware)
http://down.ruanmei.com/.../saayaasetup_3.36.exe  (8d2331c56503107af97099325d9fe56d)

8 / 68      (Adware)

5 / 68      (Adware)
http://down.ruanmei.com/.../tweakcubesetup_3.0.exe  (71d3cb1a708cc7b6fa3c9b61d23ae16d)

0 / 68
http://down.ruanmei.com/.../eicfg_removal_utility.zip  (7ca6a5172345dff8811c215850cb9c12)

2 / 68      (Adware)
http://down.ruanmei.com/.../win8mastersetup_1.08.exe  (9512c27d80469e4f60d88dfb1ebd7a45)

6 / 68      (Adware)

6 / 68      (Adware)
http://down.ruanmei.com/.../windows7mastersetup_1.80.exe  (6c6b2676c944e16a0f5d0ce1c7d83e69)

5 / 68      (Adware)

5 / 68      (Adware)
http://down.ruanmei.com/.../pcmastersetup_5.06_full.exe  (753032ec4d62c091159837953d4ee6a7)

3 / 68      (Adware)
http://down.ruanmei.com/.../pcmastersetup_5.05.exe  (2cd70c82f1e8d4f9cfa121ecd6412a52)

5 / 68      (Adware)

5 / 68      (Adware)
http://down.ruanmei.com/.../tweakcubesetup_3.39.exe  (83ce39ad3562e8fe0425881f7bf9ff2d)

1 / 68      (Adware)
http://down.ruanmei.com/.../windows7mastersetup_1.80.exe  (06bc0c45b8ab5b2f9cebf37f31129769)

2 / 68      (Adware)
http://down.ruanmei.com/.../pcmastersetup_5.08.exe  (b78d5d16d152e7920c78d367c2c5cf54)

2 / 68      (Adware)
http://down.ruanmei.com/.../pcmastersetup_5.02.exe  (80e1b747ed77bda4187d375423bef40c)

URL:
http://down.ruanmei.com/

Web server:
Microsoft-IIS/8.5 (ASP.NET)