home

source.cdnquest.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain source.cdnquest.com is registered by proxy through ENOM, INC. and was originally registered in March of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Sherman Oaks, California within the United States which resides on the Unitas Global LLC network.
Registrar:
ENOM, INC.

Server location:
California, United States (US)

Create date:
Wednesday, March 11, 2015

Expires date:
Saturday, March 11, 2017

Updated date:
Wednesday, February 10, 2016

ASN:
AS17025 ABOVENET-CUSTOMER - Abovenet Communications, Inc,US

Root domain:
cdnquest.com

Whois:
2 cdnquest.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Installer.WebBarMedia, PUP.WebBarMedia.Installer (M), PUP.WebDiscoverMedia.Installer.Meta (M), PUP.WebBarMedia.Optional.Installer.Meta (L), PUP.WebBarMe.Installer (M)
100.00%

Malwarebytes
PUP.Optional.WebBar.A
23.08%

Dr.Web
Adware.Conduit.266
23.08%

herdProtect (fuzzy)
a variant of 77643fcc58b323787f7bf0d4c08e3c49a5a92faf
7.69%

The domain source.cdnquest.com has been seen to resolve to the following IP address.

198.232.125.32
32-125-232-198.static.unitasglobal.net
January 2, 2016

File downloads found at URLs served by source.cdnquest.com.

1 / 68      (Adware)
http://source.cdnquest.com/.../setup_gtu.exe  (setup_air.exe)

1 / 68      (Adware)
http://source.cdnquest.com/.../setup_gtu.exe  (a25cee6e7de4f63e764f0328ab6d004c)

1 / 68      (PUP)
http://source.cdnquest.com/.../WebDiscoverBrowser_Setup.exe  (webdiscoverbrowser_setup_2.79.2_default.exe)

1 / 68      (PUP)
http://source.cdnquest.com/.../WebDiscoverBrowser_Setup.exe  (webdiscoverbrowser_setup_2.95.2_default.exe)

1 / 68      (PUP)
http://source.cdnquest.com/.../Web_Bar_Setup_is2.exe  (305c7907b0ceaca81c5ad952da0d8d16)

1 / 68      (Adware)
http://source.cdnquest.com/.../Web_Bar_Setup_2.0.5722.19854_6P50aedad5.exe  (web_bar_setup.exe)

3 / 68      (Adware)
http://source.cdnquest.com/.../Web_Bar_Setup_2.0.5730.18415_6P50aedad5.exe  (web_bar_setup.exe)

1 / 68      (Adware)
http://source.cdnquest.com/.../Web_Bar_Setup_is2.exe  (f520a3ad5c5ebbeabd2202885eb86361)

3 / 68      (Adware)
http://source.cdnquest.com/.../Web_Bar_Setup_2.0.5738.16519_6P50aedad5.exe  (web_bar_setup.exe)

1 / 68      (Adware)
http://source.cdnquest.com/.../Web_Bar_Setup_is2.exe  (web_bar_setup_2.0.5749.22382.exe)

1 / 68      (Adware)
http://source.cdnquest.com/.../Web_Bar_Setup.exe  (236959b2179914dd90fda44f97aed8a1)

1 / 68      (Adware)
http://source.cdnquest.com/.../Web_Bar_Setup_Control.exe  (web_bar_setup.exe)

4 / 68      (Adware)
http://source.cdnquest.com/.../Web_Bar_Setup.exe  (17cce28b90b040d388c3d8cc96f5a15c)

1 / 68      (Adware)
http://source.cdnquest.com/.../Web_Bar_Setup_is2.exe  (576e11a11e739a5abd17fb685890e7a0)

The following 187 files have been seen to comunicate with source.cdnquest.com in live environments.

TCP » 198.232.125.32:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.32:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.32:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.32:80
setup.exe (ImgBurn by Software Assistant)

TCP » 198.232.125.32:80
WebUpdater.exe (WebUpdater)

TCP » 198.232.125.32:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 198.232.125.32:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 198.232.125.32:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 198.232.125.32:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.32:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.32:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.32:80
setup.exe (ImgBurn by Software Assistant)

TCP » 198.232.125.32:443
online-guardian-v2.0.9.exe

TCP » 198.232.125.32:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.32:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 198.232.125.32:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.32:80
UCBrowser.exe (by UCWeb)

TCP » 198.232.125.32:80
stormwatchbrowser.exe

TCP » 198.232.125.32:80
UCBrowser.exe (by UCWeb)

TCP » 198.232.125.32:443
kometa.exe (Kometa by @COMPANY_FULLNAME@)

 
Latest 20 of 235 files

URL:
http://source.cdnquest.com/

Web server:
NetDNA-cache/2.2

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.