home

download.rafotech.com

Qing Ye Ke Ji Bei Jing You Xian Ze Ren Gong Si

Domain Information

The domain download.rafotech.com registered by Qing Ye Ke Ji Bei Jing You Xian Ze Ren Gong Si was initially registered in January of 2015 through HICHINA ZHICHENG TECHNOLOGY LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Washington, District of Columbia within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
HICHINA ZHICHENG TECHNOLOGY LTD.

Server location:
District of Columbia, United States (US)

Create date:
Thursday, January 8, 2015

Expires date:
Monday, January 8, 2018

Updated date:
Thursday, January 8, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
rafotech.com

Whois:
2 rafotech.com records

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Fafo.MB (M)
87.50%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
31.25%

Trend Micro House Call
Suspicious_GEN.F47V0522, Suspicious_GEN.F47V0515
12.50%

Dr.Web
Adware.Mutabaha.787, Adware.Mutabaha.787, Win32.Parite.2
12.50%

Norman
Win32.Parite.B, Gen:Variant.Adware.Ghoskwa.1
12.50%

F-Prot
W32/Parite.B
6.25%

Emsisoft Anti-Malware
Win32.Parite
6.25%

ESET NOD32
Win32/Parite.B virus
6.25%

avast!
Win32:Parite
6.25%

Microsoft Security Essentials
Threat.Undefined
6.25%

McAfee
Virus.W32/Pate.b
6.25%

F-Secure
Win32.Parite.B
6.25%

Kaspersky
Virus.Win32.Parite
6.25%

The domain download.rafotech.com has been seen to resolve to the following IP address.

158.85.62.197
c5.3e.559e.ip4.static.sl-reverse.com
February 9, 2016

File downloads found at URLs served by download.rafotech.com.

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.zVVl4go7q7-PaQQBUTLHJy&guid=bf9069e7-4cdb-cb20-e38d-be78cea5a8d  (mustang_setup_aed_jmc1152.3063fdfgvs-paqqbutlhjy_1.42.90.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.8uNHrjfznf-PaPHBURsHRc&guid=4a4686bd-bf60-736a-c767-3a4a5ce71d9c  (mustang_setup_landpage_5ba0f843-02f4-b6f6-a780-f5f01d15e846_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.Hw95yyyE5S-PaQQBUTLHJy&guid=ade8608c-f400-f28f-9692-e177948ee70b  (mustang_setup_aed_jec1145.1ndz..iwt.-paqqbutlhjy_1.0.exe)

2 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=ad2game&s2sid=&guid=a72385d0-8d5b-c3ea-516f-8d987db73596  (mustang_setup_ad2game__1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1182.fXZusgeOKv-PaPHBURsIVt&guid=cd0f2fd6-8d66-6aa5-9d03-8cb7b74884d2  (mustang_setup_landpage_3090ce06-ff0c-9d43-bc05-256b083a972c_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.uKRxsC3y7X-PaQQBUTLHJy&guid=99781ddf-1ac9-fb68-4131-fe35f69c4b9  (mustang_setup_bxk_1.0.exe)

1 / 68      (inconclusive)
http://download.rafotech.com/.../download.php?cid=landpage&s2sid=88C08E0C-C877-98B2-80E2-EBAD1BFF6BE1&guid=1c95256f-46d1-4e6b-3d14-cc9d6e131  (mustang_setup_landpage_88c08e0c-c877-98b2-80e2-ebad1bff6be1_1.0.exe)

2 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=ad2game&s2sid=&guid=55f24eb8-3ab5-cd6e-696a-801083e00d7b  (mustang_setup_ad2game__1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.RtQE86KL1.-PaQQBUTLHJy&guid=390e90e-6286-345d-3bc4-a07c6da67b76  (mustang_setup_landpage_5ba0f843-02f4-b6f6-a780-f5f01d15e846_1.0.exe)

2 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JFC1315.cPJtx.WA1c-PaQQBUTLHJy&guid=c30432c6-5d66-bbce-6518-2a75a585a63b  (mustang_setup_aed_jmc1259.hw95yyye5s-paqqbutlhjy_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.Hw95yyyE5S-PaQQBUTLHJy&guid=38cd1960-160d-7679-ff8e-b880c1143def  (mustang_setup_landpage_3090ce06-ff0c-9d43-bc05-256b083a972c_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.tQ7JOmrICj-PaQQBUTLHJy&guid=8fc8e884-5da8-177b-af99-568cf24e96d6  (mustang_setup_landpage_3090ce06-ff0c-9d43-bc05-256b083a972c_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1152.Hw95yyyE5S-PaQQBUTLHJy&guid=ffb981f1-01e8-6570-36a6-fb3c6ad00a7e  (mustang_setup_aed_jec1145.1ndz..iwt.-paqqbutlhjy_1.0.exe)

2 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=gam&s2sid=landpage&guid=bac82c0b-221d-a294-5cfa-7c26d5e87bd7  (mustang_setup_gam_landpage_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.Hw95yyyE5S-PaQQBUTLHJy&guid=89011e9c-f905-7505-ad54-1caeb1acf66b  (mustang_setup_landpage_3090ce06-ff0c-9d43-bc05-256b083a972c_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=landpage&s2sid=359A47BC-254C-718E-921E-DE71EB8F3A16&guid=bab79e74-aa2-7fcf-e98f-7b27243394fc  (mustang_setup_landpage_a7a4ab61-8fd1-f2c4-2316-c26d1a8c9d89_1.0.exe)

3 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=gam&s2sid=landpage&guid=76e47bb5-c67b-0ce2-8bb7-162dfbc6592d  (mustang_setup_gam_landpage_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.Hw95yyyE5S-PaQQBUTLHJy&guid=18a96358-e824-3830-7cb-4efea61b5632  (mustang_setup_bxk_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=bxk  (mustang_setup_landpage_3090ce06-ff0c-9d43-bc05-256b083a972c_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=landpage&s2sid=1D306F7A-4852-C9A4-8DDA-F1CFAE3465F3&guid=d99a76dd-6963-7d1e-c941-8c082abc4b  (mustang_setup_landpage_a7a4ab61-8fd1-f2c4-2316-c26d1a8c9d89_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=landpage&s2sid=0A52309D-15F6-5305-8439-921539312C17&guid=67fecff1-d687-4fca-de06-b0a9a1de9f40  (mustang_setup_landpage_a7a4ab61-8fd1-f2c4-2316-c26d1a8c9d89_1.0.exe)

10 / 68    (PUP)
http://download.rafotech.com/.../download.php?cid=ad2game&s2sid=&guid=430c37a2-460e-fd52-5881-931fc9ab91f3  (mustang_setup_ad2game__1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JFC720.Gpj2cdZYqJ-PaPHBURsHRc&guid=fd206525-e07c-9d25-92c6-8537a42fb01c  (mustang_setup_landpage_5ba0f843-02f4-b6f6-a780-f5f01d15e846_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1145.p2Npjp8pvE-PaQQBUTLHJy&guid=96a02713-89-6e5a-9a24-b2ca3312e498  (mustang_setup_landpage_5ba0f843-02f4-b6f6-a780-f5f01d15e846_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.on3zXLBYGb-PaQQBUTLHJy&guid=3c6e9c65-8499-3c9c-be02-2310159db1e2  (mustang_setup_aed_jmc1152.3063fdfgvs-paqqbutlhjy_1.42.90.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.Hw95yyyE5S-PaQQBUTLHJy&guid=7b6f9e7b-dccf-a68b-ce79-fbcf05bff759  (mustang_setup_offical_offical_1.0.exe)

2 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=ad2game&s2sid=&guid=d31702b8-b523-67c9-c033-a4776a02461b  (mustang_setup_ad2game__1.0.exe)

3 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=gam&s2sid=FE759C06-06EC-E50B-1B5A-86DF8EA32AB7&guid=c58f053d-2490-1751-34dd-2b60f1cb7328  (mustang_setup_dlsite_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JEC1259.a.ETdT3c8A-PaQQBUTLHJy&guid=cbc9cca0-1439-24d7-c338-86f661aa8ef5  (mustang_setup_bxk_1.0.exe)

1 / 68      (PUP)
http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1151.snlMPdEYO.-PaPHBURsHRc&guid=3eab29e2-1ec8-5178-ac6b-76636ad35e8b  (mustang_setup_landpage_5ba0f843-02f4-b6f6-a780-f5f01d15e846_1.0.exe)

 
Latest 30 of 40 download URLs

The following 9 files have been seen to comunicate with download.rafotech.com in live environments.

TCP » 158.85.62.197:80
mustang_setup_dlsite.sft_1.44.46.6.exe (Mustang Browser by Rafotech)

TCP » 158.85.62.197:80
mustang_setup_landpage_5f5757db-ff40-3850-bf14-bb67f8cfa8ca_1.0.exe (Mustang Browser by Rafotech)

TCP » 158.85.62.197:80
mustang uinst.exe (Mustang Browser by Rafotech)

TCP » 158.85.62.197:80
mustang uinst.exe (Mustang Browser by Rafotech)

TCP » 158.85.62.197:80
mustang_offline_setup_offical_offical_1.0.exe (Mustang Browser by Rafotech)

TCP » 158.85.62.197:80
mustang_setup_bxk_1.0.exe (Mustang Browser by Rafotech)

TCP » 158.85.62.197:80
mustang uinst.exe (Mustang Browser by Rafotech)

TCP » 158.85.62.197:80
mustang_offline_setup_landpage_fa5fb730-938f-acf0-39e1-b2c777255a4f_1.0.exe (Mustang Browser by Rafotech)

TCP » 158.85.62.197:80
mustang uinst.exe (Mustang Browser by Rafotech)

URL:
http://download.rafotech.com/

Web server:
nginx/1.8.0

dealwifi.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.