home

install-cdn.pacfunction.info

Yontoo LLC  (via a Proxy Registrant)

Domain Information

install-cdn.pacfunction.info is operated by Sambreel's (now QuestPoint) subsidiary Yontoo. The domain install-cdn.pacfunction.info is registered by proxy through GoDaddy.com, LLC. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network. The domain is associated with the publisher Yontoo LLC who is located in Carlsbad, California in the United States.
Registrar:
GoDaddy.com, LLC

Server location:
Massachusetts, United States (US)

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.,US

Root domain:
pacfunction.info

Whois:
1 pacfunction.info record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

McAfee
Artemis!310AD0915A18, Artemis!CD907D967AED, Artemis!1D50B6E30BF1, Artemis!68DE90679E70
100.00%

Malwarebytes
PUP.Optional.PacFunction.A
100.00%

SUPERAntiSpyware
Adware.BrowseFox/Variant
100.00%

Trend Micro House Call
TROJ_GEN.F47V0316, TROJ_GEN.F47V0329, TROJ_GEN.F47V0325
100.00%

Kaspersky
not-a-virus:AdWare.Win32.Agent
100.00%

NANO AntiVirus
Riskware.Win32.Agent.cqvnby
100.00%

Sophos
Generic PUA EB, Generic PUA KE, Generic PUA IN
100.00%

Comodo Security
Application.Win32.Altbrowse.AK
100.00%

Dr.Web
Trojan.BPlug.37
100.00%

VIPRE Antivirus
Yontoo
100.00%

Vba32 AntiVirus
AdWare.Agent
100.00%

ESET NOD32
Win32/BrowseFox (variant)
100.00%

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
100.00%

Fortinet FortiGate
Adware/Agent
100.00%

Reason Heuristics
PUP.Installer.PacFunction.R, PUP.Installer.PacFunction.F
100.00%

The domain install-cdn.pacfunction.info has been seen to resolve to the following 8 IP addresses.

104.96.221.82
a104-96-221-82.deploy.static.akamaitechnologies.com
July 24, 2016

104.96.221.73
a104-96-221-73.deploy.static.akamaitechnologies.com
July 24, 2016

104.112.235.17
a104-112-235-17.deploy.static.akamaitechnologies.com
July 22, 2016

104.96.220.225
a104-96-220-225.deploy.static.akamaitechnologies.com
July 22, 2016

184.51.126.67
a184-51-126-67.deploy.static.akamaitechnologies.com
May 20, 2016

184.51.126.9
a184-51-126-9.deploy.static.akamaitechnologies.com
May 20, 2016

184.51.126.104
a184-51-126-104.deploy.static.akamaitechnologies.com
May 15, 2016

184.51.126.82
a184-51-126-82.deploy.static.akamaitechnologies.com
May 15, 2016

File downloads found at URLs served by install-cdn.pacfunction.info.

26 / 68    (Adware)
http://install-cdn.pacfunction.info/setup.exe  (cd907d967aeddf51457cd2f1a533ea97)

28 / 68    (Adware)
http://install-cdn.pacfunction.info/setup.exe  (1d50b6e30bf17784c3d32027eb604473)

15 / 68    (Adware)
http://install-cdn.pacfunction.info/setup.exe  (pacfunction_setup.exe)

27 / 68    (Adware)
http://install-cdn.pacfunction.info/setup.exe  (68de90679e70bc55b371cfb658a7260f)

The following 165 files have been seen to comunicate with install-cdn.pacfunction.info in live environments.

TCP » 184.51.126.104:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.82:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.82:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.104:80
plugin.exe

TCP » 184.51.126.104:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.82:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.104:443
tortuga.exe (Tortuga by The Tortuga Authors)

TCP » 184.51.126.9:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.67:80
browser.exe (Browser)

TCP » 184.51.126.104:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.104:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.82:80
plugincontainer.exe

TCP » 184.51.126.82:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 184.51.126.67:80
apptrailers.exe

TCP » 184.51.126.82:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 184.51.126.67:80
apptrailers.exe

TCP » 104.112.235.17:80
online-guardian-v2.exe

TCP » 184.51.126.104:80
arcreader_for_windows_104_149430.exe (Behec)

TCP » 184.51.126.104:80
plugin.exe

TCP » 184.51.126.104:443
kometa.exe (Kometa by Kometa Authors)

 
Latest 20 of 176 files

URL:
http://install-cdn.pacfunction.info/

Web server:
Microsoft-IIS/7.5 (ASP.NET)

yontoo.com

luckyleap.net

amasvc.com

dropdowndeals.com

jeetyetmedia.com

jumpflip.net

webconnect.co

outobox.net

browsefox.com

whilokii.net

browsesmart.net

lemurleap.info

divapton.biz

secretsauce.biz

betterbrowse.net

greygray.biz

diamondata.net

glindorus.net

websparkle.biz

kozaka.net

clingclang.biz

serialtrunc.com

batbrowse.com

pagerage.com

facebooklayouts.com

buzzdock.com

surftastic.net

myfindright.com

lookinglink.info

viewplay.net

30 of 37 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.