home

dfe8370a2961598fcf36-78e3d3d82d3ad0a3905742af01c7c45f.r91.cf5.rackcdn.com

Rackspace US, Inc.

Domain Information

The domain dfe8370a2961598fcf36-78e3d3d82d3ad0a3905742af01c7c45f.r91.cf5.rackcdn.com registered by Rackspace US, Inc. was initially registered in December of 2010 through CSC CORPORATE DOMAINS, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
CSC CORPORATE DOMAINS, INC.

Server location:
Massachusetts, United States (US)

Create date:
Wednesday, December 15, 2010

Expires date:
Thursday, December 15, 2016

Updated date:
Saturday, December 12, 2015

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.,US

Root domain:
rackcdn.com

Whois:
1 rackcdn.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.PitayaTech.J, PUP.PitayaTech.D, PUP.AcaiTech.D
100.00%

G Data
Gen:Variant.Kazy.461155, Gen:Variant.Graftor.160428, Win32.Trojan.Agent.GBUBO2
80.00%

Avira AntiVirus
TR/Rogue.86352, TR/Graftor.429368
80.00%

Vba32 AntiVirus
TrojanDownloader.Agent
80.00%

MicroWorld eScan
Gen:Variant.Kazy.461155, Gen:Variant.Graftor.160428
60.00%

Agnitum Outpost
Trojan.DL.Agent
60.00%

Bitdefender
Gen:Variant.Kazy.461155, Gen:Variant.Graftor.160428
60.00%

Lavasoft Ad-Aware
Gen:Variant.Kazy.461155, Gen:Variant.Graftor.160428
60.00%

Emsisoft Anti-Malware
Gen:Variant.Kazy.461155, Gen:Variant.Graftor.160428
60.00%

F-Secure
Gen:Variant.Kazy.461155, Gen:Variant.Graftor.160428
60.00%

Malwarebytes
PUP.Optional.PitayaTech.A
60.00%

McAfee
Artemis!2AF27D1CE67F, Artemis!6A5B12DD0884
40.00%

Trend Micro House Call
Suspicious_GEN.F47V1111, Suspicious_GEN.F47V1127
40.00%

Dr.Web
Trojan.DownLoader11.40958, Adware.Shopper.821
40.00%

ESET NOD32
Win32/Toolbar.BitCocktail (variant)
40.00%

The domain dfe8370a2961598fcf36-78e3d3d82d3ad0a3905742af01c7c45f.r91.cf5.rackcdn.com has been seen to resolve to the following 6 IP addresses.

65.222.200.56
May 15, 2016

65.222.200.35
May 15, 2016

63.158.227.49
63-158-227-49.dia.static.qwest.net
February 28, 2016

63.158.227.17
63-158-227-17.dia.static.qwest.net
February 28, 2016

72.246.64.131
a72-246-64-131.deploy.akamaitechnologies.com
February 6, 2016

72.246.64.114
a72-246-64-114.deploy.akamaitechnologies.com
February 6, 2016

File downloads found at URLs served by dfe8370a2961598fcf36-78e3d3d82d3ad0a3905742af01c7c45f.r91.cf5.rackcdn.com.

3 / 68      (Adware)
http://dfe8370a2961598fcf36-78e3d3d82d3ad0a3905742af01c7c45f.r91.cf5.rackcdn.com/.../hbk.exe  (fd9e32a49695733bf3a03d305aa78b53)

13 / 68    (Adware)
http://dfe8370a2961598fcf36-78e3d3d82d3ad0a3905742af01c7c45f.r91.cf5.rackcdn.com/.../hbk.exe  (6a5b12dd088404e1133a3510d669590a)

21 / 68    (Adware)
http://dfe8370a2961598fcf36-78e3d3d82d3ad0a3905742af01c7c45f.r91.cf5.rackcdn.com/.../dls.exe  (setup_362.exe)

11 / 68    (Adware)
http://dfe8370a2961598fcf36-78e3d3d82d3ad0a3905742af01c7c45f.r91.cf5.rackcdn.com/.../hbk.exe  (24fc099cc65e11c3c51e39dab96ae008)

10 / 68    (Adware)
http://dfe8370a2961598fcf36-78e3d3d82d3ad0a3905742af01c7c45f.r91.cf5.rackcdn.com/.../hbk.exe  (0efe9b75f1dc8ca43913ff6df330d617)

The following 11 files have been seen to comunicate with dfe8370a2961598fcf36-78e3d3d82d3ad0a3905742af01c7c45f.r91.cf5.rackcdn.com in live environments.

TCP » 72.246.64.131:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 65.222.200.35:80
lklnegomnecpomabmmgbnfipelioppmi.crx

TCP » 65.222.200.35:80
deajbcbepihlagjgajnfgfhcfeeljebi.crx

TCP » 65.222.200.35:80
nlkedfcldaipcnicnokanljihfkfamkl.crx

TCP » 65.222.200.56:80
febkdjgmamneemglhikdhgmoejlneehc.crx

TCP » 65.222.200.56:80
pmkdchokpegklckhiggdmjfjfdlkgmmg.crx

TCP » 65.222.200.56:80
onhneonmpnpfmjdcpjbcbafhahjajjpk.crx

TCP » 65.222.200.56:80
eggfmmoglagpoianpdkdhlcfchlenlkp.crx

TCP » 65.222.200.56:80
pjaohfkneikamjkhimdlfgbeooiofaen.crx

TCP » 72.246.64.114:80
wgetx.exe

TCP » 72.246.64.131:80
browser.exe (Co Rom+ Browser by Itim Technologies Co.)

easy-hide-ip.com

remosoftware.com

arkive.org

designspark.info

duplicate-remover.com

firetrust.com

globalgoals.org

graphicsland.com

lastalias.com

nintendo.com

pdfpro10.com

soliddocuments.com

thinkbuzan.com

topalt.com

betweenlinesnow.com

cnet.com

diablosport.com

driverspro.org

get-antimalware.com

hawkeslearning.com

jupiterfiles.com

loaris.co

loaris.com

rackspacecloud.com

splashid.com

sync2.com

whitepeaksoftware.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.