home

cfc0a138b2f3eb866cc5-294e38385f9360860c10763272f0ccfe.r6.cf2.rackcdn.com

Rackspace US, Inc.

Domain Information

The domain cfc0a138b2f3eb866cc5-294e38385f9360860c10763272f0ccfe.r6.cf2.rackcdn.com registered by Rackspace US, Inc. was initially registered in December of 2010 through CSC CORPORATE DOMAINS, INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Miami, Florida within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
CSC CORPORATE DOMAINS, INC.

Server location:
Florida, United States (US)

Create date:
Wednesday, December 15, 2010

Expires date:
Thursday, December 15, 2016

Updated date:
Saturday, December 12, 2015

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.,US

Root domain:
rackcdn.com

Whois:
1 rackcdn.com record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

Clam AntiVirus
Win.Trojan.Generickd-1025
50.00%

Vba32 AntiVirus
TrojanPSW.QQpass
50.00%

The domain cfc0a138b2f3eb866cc5-294e38385f9360860c10763272f0ccfe.r6.cf2.rackcdn.com has been seen to resolve to the following 2 IP addresses.

72.246.64.113
a72-246-64-113.deploy.akamaitechnologies.com
May 25, 2016

72.246.64.130
a72-246-64-130.deploy.akamaitechnologies.com
May 25, 2016

File downloads found at URLs served by cfc0a138b2f3eb866cc5-294e38385f9360860c10763272f0ccfe.r6.cf2.rackcdn.com.

3 / 68      (Malware)
http://cfc0a138b2f3eb866cc5-294e38385f9360860c10763272f0ccfe.r6.cf2.rackcdn.com/PDFImport_for_DraftSight_v13.0.0.270.exe  (58a550c8ff40fefc7de8e5fbc99de948)

1 / 68      (Malware)
http://cfc0a138b2f3eb866cc5-294e38385f9360860c10763272f0ccfe.r6.cf2.rackcdn.com/PDFImport_for_DraftSight_20140605.exe  (8e288f619f2aaf5656880e9b468b699d)

The following 9 files have been seen to comunicate with cfc0a138b2f3eb866cc5-294e38385f9360860c10763272f0ccfe.r6.cf2.rackcdn.com in live environments.

TCP » 72.246.64.113:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.246.64.113:80
whatsapptime.exe

TCP » 72.246.64.130:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.246.64.130:80
browser.exe (speed browser by Smart Applications)

TCP » 72.246.64.113:80
updateneurowise.exe

TCP » 72.246.64.113:80
client.exe (ClientWrapper)

TCP » 72.246.64.113:80
crossbrowse.exe (Crossbrowse)

TCP » 72.246.64.113:80
messengertime.exe

TCP » 72.246.64.130:80
apptrailers.exe

ancientdev.com

evocdn.co.uk

fugawi.com

powermapper.com

rackspacecloud.com

remosoftware.com

saharasupport.com

software2.co.uk

visiblebody.com

betweenlinesnow.com

driverspro.org

efilemagic.com

erply.com

graphicsland.com

hawkeslearning.com

insightwebstore.com

loaris.co

loaris.com

phaseone.com

soliddocuments.com

thrivethemes.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.