» down.ruanmei.com
Overview
Analysis
IPs Addresses (7)
Downloads (23)
Website Detail
Related Domains (27)

down.ruanmei.com

Zhangkai

Domain Information

The domain down.ruanmei.com registered by Zhangkai was initially registered in May of 2006 through 35 TECHNOLOGY CO., LTD. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Hangzhou, Zhejiang within China which resides on the Asia Pacific Network Information Centre network.

Registrant:

Zhangkai

Registrar:

35 TECHNOLOGY CO., LTD

Server location:

Zhejiang, China (CN)

Create date:

Thursday, May 4, 2006

Expires date:

Thursday, May 4, 2017

Updated date:

Tuesday, March 25, 2014

ASN:

AS4134 CHINANET-BACKBONE No.31,Jin-rong Street,CN

Root domain:

ruanmei.com

Whois:

3 ruanmei.com records

Scanner detections:

Detections (91% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Installer.QingdaoRuanmeiNetworkTechnologyCoLtd.R, PUP.Installer.QingdaoRuanmeiNetworkTechnologyCoLtd.S, PUP.Installer.QingdaoRuanmeiNetworkTechnologyCoLtd.X, PUP.Installer.QingdaoRuanmeiNetworkTechnologyCoLtd.Q, PUP.QingdaoRuanmeiNetworkTechnology.Installer (M), PUP.QingdaoRuanmeiNetworkTechnology (M), PUP.QingdaoR.Installer (M), PUP (M)

95.45%

Rising Antivirus

PE:Trojan.Win32.Generic.1293B169!311669097, PE:Worm.Autorun!1.9EE3, PE:Malware.XPACK/RDM!5.1

40.91%

Dr.Web

Trojan.Moky.19, Trojan.Carberp.1395, Trojan.Siggen4.45560, DLOADER.Trojan

31.82%

McAfee

Artemis!83CE39AD3562, Artemis!A65FFC4B0913, Artemis!753032EC4D62, Artemis!0A237B244A59, Artemis!6C6B2676C944, Artemis!0E24B43D932B, Artemis!71D3CB1A708C

31.82%

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h, BScope.Trojan.Agent

22.73%

Trend Micro House Call

TROJ_GEN.F47V0527, Suspicious_GEN.F47V0330, Suspicious_GEN.F47V0419

13.64%

IKARUS anti.virus

Trojan.SuspectCRC, Trojan.Win32.Agent, Virus.Win32.Sality

13.64%

G Data

Win32.Trojan.Agent.6YOJG1

9.09%

Bkav FE

W32.HfsAdware, HW32.Packed

9.09%

NANO AntiVirus

Trojan.Win32.Stanit.cuckfy

4.55%

Sophos

Address Tool Bar

4.55%

Zillya! Antivirus

Downloader.Agent.Win32.281665

4.55%

ESET NOD32

Win32/MyDesk.A potentially unwanted

4.55%

Fortinet FortiGate

Riskware/MyDesk

4.55%

Qihoo 360 Security

Malware.QVM11.Gen

4.55%

The domain down.ruanmei.com has been seen to resolve to the following 7 IP addresses.

May 2, 2015

January 5, 2015

June 22, 2014

April 14, 2014

March 15, 2014

December 29, 2013

December 29, 2013

File downloads found at URLs served by down.ruanmei.com.

1 / 68 (Adware)

http://down.ruanmei.com/tweakcube/.../pcmastersetup_u8.exe (c8280b88d0511522464a6735ff8b1822)

1 / 68 (Adware)

http://down.ruanmei.com/tweakcube/.../pcmastersetup_u92.exe (pcmastersetup_6.1.9.0.exe)

5 / 68 (Adware)

http://down.ruanmei.com/tweakcube/.../pcmastersetup_u117.exe (a0f7f0e58cbea94a08dce05f064f8de1)

2 / 68 (Adware)

http://down.ruanmei.com//.../rmup.exe (ba097af238748fcd33a17f2f7576a9c4)

3 / 68 (Adware)

http://down.ruanmei.com//pcmaster/files/.../rmup.exe (baecd4d060682f6416e5de90e03ce5a9)

1 / 68 (Adware)

http://down.ruanmei.com/.../pcmastersetup_5.07.exe (a6838556a9de3df8aebb5802a8fffae5)

0 / 68

http://down.ruanmei.com/tweakcube/.../pcmastersetup_u92.exe (62b16a5bbeea3666f26b7386a9821fe8)

1 / 68 (Adware)

http://down.ruanmei.com/tweakcube/.../tweakcubesetup_u142.exe (pcmastersetup_u142.exe)

1 / 68 (Adware)

http://down.ruanmei.com/.../saayaasetup_3.36.exe (8d2331c56503107af97099325d9fe56d)

8 / 68 (Adware)

http://down.ruanmei.com/tweakcube/.../tweakcubesetup_u85.exe (pcmastersetup_u85.exe)

5 / 68 (Adware)

http://down.ruanmei.com/.../tweakcubesetup_3.0.exe (71d3cb1a708cc7b6fa3c9b61d23ae16d)

0 / 68

http://down.ruanmei.com/.../eicfg_removal_utility.zip (7ca6a5172345dff8811c215850cb9c12)

2 / 68 (Adware)

http://down.ruanmei.com/.../win8mastersetup_1.08.exe (9512c27d80469e4f60d88dfb1ebd7a45)

6 / 68 (Adware)

http://down.ruanmei.com/tweakcube/.../pcmastersetup_u8.exe (0e24b43d932b6f54eb00ac7660057d26)

5 / 68 (Adware)

http://down.ruanmei.com/.../windows7mastersetup_1.80.exe (6c6b2676c944e16a0f5d0ce1c7d83e69)

4 / 68 (Adware)

http://down.ruanmei.com/tweakcube/.../pcmastersetup_u8.exe (0a237b244a5959eb0d9499996f349d3e)

4 / 68 (Adware)

http://down.ruanmei.com/.../pcmastersetup_5.06_full.exe (753032ec4d62c091159837953d4ee6a7)

3 / 68 (Adware)

http://down.ruanmei.com/.../pcmastersetup_5.05.exe (2cd70c82f1e8d4f9cfa121ecd6412a52)

4 / 68 (Adware)

http://down.ruanmei.com/.../pcmastersetup_5.10.exe (pcmastersetup_59.exe)

4 / 68 (Adware)

http://down.ruanmei.com/.../tweakcubesetup_3.39.exe (83ce39ad3562e8fe0425881f7bf9ff2d)

1 / 68 (Adware)

http://down.ruanmei.com/.../windows7mastersetup_1.80.exe (06bc0c45b8ab5b2f9cebf37f31129769)

2 / 68 (Adware)

http://down.ruanmei.com/.../pcmastersetup_5.08.exe (b78d5d16d152e7920c78d367c2c5cf54)

2 / 68 (Adware)

http://down.ruanmei.com/.../pcmastersetup_5.02.exe (80e1b747ed77bda4187d375423bef40c)

URL:

http://down.ruanmei.com/

Web server:

Microsoft-IIS/8.5 (ASP.NET)

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.