home

fd170082d0045087dd67-7fa66252718886078db4428bf01238fe.r42.cf6.rackcdn.com

Domain Information

Server location:
Florida, United States (US)

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.,US

Root domain:
rackcdn.com

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

F-Prot
W32/Threat-HLLIE-based, W32/Sality.gen2
100.00%

avast!
Win32:Dropper-gen [Drp], Win32:SaliCode
100.00%

Emsisoft Anti-Malware
Gen:Variant.Kazy.537936, Win32.Sality
100.00%

Kaspersky
Trojan.Win32.Sasfis, Virus.Win32.Sality
100.00%

Bkav FE
HW32.Packed
50.00%

MicroWorld eScan
Gen:Variant.Kazy.537936
50.00%

Trend Micro House Call
TROJ_GEN.R047H09BO15
50.00%

Bitdefender
Gen:Variant.Kazy.537936
50.00%

Lavasoft Ad-Aware
Gen:Variant.Kazy.537936
50.00%

F-Secure
Gen:Variant.Kazy.537936
50.00%

VIPRE Antivirus
Trojan.Win32.Generic
50.00%

Avira AntiVirus
TR/Kazy.2782720
50.00%

G Data
Gen:Variant.Kazy.537936
50.00%

McAfee
Artemis!259B612B11D4
50.00%

IKARUS anti.virus
Win32.SuspectCrc
50.00%

The domain fd170082d0045087dd67-7fa66252718886078db4428bf01238fe.r42.cf6.rackcdn.com has been seen to resolve to the following 4 IP addresses.

72.246.64.128
a72-246-64-128.deploy.akamaitechnologies.com
August 17, 2016

72.246.64.122
a72-246-64-122.deploy.akamaitechnologies.com
August 17, 2016

23.15.9.10
a23-15-9-10.deploy.static.akamaitechnologies.com
March 15, 2015

23.15.9.72
a23-15-9-72.deploy.static.akamaitechnologies.com
March 15, 2015

File downloads found at URLs served by fd170082d0045087dd67-7fa66252718886078db4428bf01238fe.r42.cf6.rackcdn.com.

8 / 68      (Infected)
http://fd170082d0045087dd67-7fa66252718886078db4428bf01238fe.r42.cf6.rackcdn.com/f/.../performance.exe  (daca956a0cab1e16bf9d42fc9be37893)

24 / 68    (Malware)
http://fd170082d0045087dd67-7fa66252718886078db4428bf01238fe.r42.cf6.rackcdn.com/f/.../performance.exe  (259b612b11d4a9f9150393e5670b2c09)

The following 10 files have been seen to comunicate with fd170082d0045087dd67-7fa66252718886078db4428bf01238fe.r42.cf6.rackcdn.com in live environments.

TCP » 72.246.64.128:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.15.9.72:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.246.64.128:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.246.64.128:80
browser.exe (Browser)

TCP » 72.246.64.128:443
browser.exe (speed browser by Fast Applications)

TCP » 23.15.9.72:443
beamrise.exe (Beamrise by The Beamrise Authors)

TCP » 23.15.9.10:80
jmpbphbkagblipdcpamhbciblaofbgim.crx

TCP » 23.15.9.10:80
igjkdljhcikicbfinlbjpbhmfcgbcblm.crx

TCP » 23.15.9.10:80
gdjeihkmglmapgifllngcdlaoeemaacf.crx

TCP » 72.246.64.128:80
TBNotifier.exe (Ask TBNotifier by APN)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.