cdn.openthefile.net

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain cdn.openthefile.net is registered by proxy through NAME.COM, INC. and was originally registered in May of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
NAME.COM, INC.

Server location:
Virginia, United States (US)

Create date:
Monday, May 19, 2014

Expires date:
Thursday, May 19, 2016

Updated date:
Thursday, April 09, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.installCore, PUP.installCore, PUP.Bundler.installCore, PUP.installCore.GloritySoftware.Installer (M)
100.00%

Avira AntiVirus
ADWARE/InstallCore.Gen9
81.82%

Trend Micro House Call
TROJ_GEN.R02SC0OJP14, Suspicious_GEN.F47V1213, Suspicious_GEN.F47V1218, Suspicious_GEN.F47V0107
63.64%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
63.64%

Sophos
Generic PUA MH, Generic PUA KK, Generic PUA DK, Generic PUA AG, Generic PUA BJ
63.64%

ESET NOD32
Win32/InstallCore.QW (variant), Win32/InstallCore.RG (variant), Win32/InstallCore.SX (variant), Win32/InstallCore.SX potentially unwanted (variant)
63.64%

McAfee
Artemis!EB02E8603265, Artemis!9165FC53B41A, Artemis!45363E8641CD, Artemis!6929EF963C44, Artemis!B06DD8DC654C
54.55%

Baidu Antivirus
Adware.Win32.InstallCore
54.55%

Fortinet FortiGate
Riskware/InstallCore
54.55%

K7 AntiVirus
Trojan
54.55%

Qihoo 360 Security
Win32/Virus.Adware.f22
45.45%

G Data
Win32.Application.InstallCore.BP, Win32.Application.Agent.YW1GOK, Win32.Application.Agent.7UJ2HR
36.36%

NANO AntiVirus
Riskware.Win32.InstallCore.dfgops, Riskware.Win32.InstallCore.dmhfys
36.36%

Dr.Web
MULDROP.Trojan, Adware.InstallCore.491
27.27%

Trend Micro
TROJ_GEN.R02SC0OJP14, TROJ_GEN.R0C1C0OB815
27.27%

The domain cdn.openthefile.net has been seen to resolve to the following 49 IP addresses.

server-54-230-19-89.iad12.r.cloudfront.net
March 28, 2015

server-54-230-18-221.iad12.r.cloudfront.net
March 28, 2015

server-54-230-18-206.iad12.r.cloudfront.net
March 28, 2015

server-54-230-17-22.iad12.r.cloudfront.net
March 28, 2015

server-54-230-16-29.iad12.r.cloudfront.net
March 26, 2015

server-54-240-160-112.iad12.r.cloudfront.net
March 26, 2015

server-54-230-18-43.iad12.r.cloudfront.net
March 26, 2015

server-54-230-18-23.iad12.r.cloudfront.net
March 26, 2015

server-54-230-18-22.iad12.r.cloudfront.net
March 26, 2015

server-54-230-17-217.iad12.r.cloudfront.net
March 26, 2015

server-54-230-16-180.iad12.r.cloudfront.net
March 26, 2015

server-54-230-16-171.iad12.r.cloudfront.net
March 26, 2015

server-54-230-18-13.iad12.r.cloudfront.net
March 13, 2015

server-54-230-16-54.iad12.r.cloudfront.net
March 13, 2015

server-54-240-160-239.iad12.r.cloudfront.net
March 13, 2015

server-54-230-19-184.iad12.r.cloudfront.net
March 13, 2015

server-54-230-19-116.iad12.r.cloudfront.net
March 13, 2015

server-54-230-18-212.iad12.r.cloudfront.net
March 13, 2015

server-54-230-102-216.iad2.r.cloudfront.net
March 13, 2015

server-54-230-19-181.iad12.r.cloudfront.net
February 7, 2015

server-54-230-19-173.iad12.r.cloudfront.net
February 7, 2015

server-54-230-18-219.iad12.r.cloudfront.net
February 7, 2015

server-54-230-18-129.iad12.r.cloudfront.net
February 7, 2015

server-54-230-16-150.iad12.r.cloudfront.net
February 7, 2015

server-54-230-16-83.iad12.r.cloudfront.net
February 7, 2015

server-54-240-160-176.iad12.r.cloudfront.net
February 7, 2015

server-54-240-160-118.iad12.r.cloudfront.net
February 7, 2015

server-54-230-18-78.iad12.r.cloudfront.net
February 2, 2015

server-54-230-17-243.iad12.r.cloudfront.net
February 2, 2015

server-54-230-17-49.iad12.r.cloudfront.net
February 2, 2015

 
Showing 30 of 49 IP Addresses

File downloads found at URLs served by cdn.openthefile.net.

0 / 68
http://cdn.openthefile.net/.../Soda_PDF_6_Installer.exe  (94cb4af52b3715daa82261d96800353e)

1 / 68      (Adware)
http://cdn.openthefile.net/.../WinRAR520_Installer.exe  (a1cc46ae4e035eecb921b00def9fee08)

17 / 68    (Adware)
http://cdn.openthefile.net/.../ChromeSetup.exe  (b06dd8dc654c5062b660596bb5a575ca)

15 / 68    (Adware)
http://cdn.openthefile.net/.../WinRAR520_Installer.exe  (96d650852b1d857861c021e3e9e707cb)

10 / 68    (Adware)
http://cdn.openthefile.net/.../7z920_Installer.exe  (f94a9e8c837c6ba22a994e050783bd10)

18 / 68    (Adware)
http://cdn.openthefile.net/.../OpenOffice_4.4.1_Setup.exe  (6929ef963c448c934374ea9d3e66814e)

6 / 68      (Adware)
http://cdn.openthefile.net/.../Soda_PDF_6_Setup.exe  (b4b67457c9f8bd2700a0d4b68f26db00)

10 / 68    (Adware)
http://cdn.openthefile.net/.../VLC_2.1.5_Installer.exe  (45363e8641cd9394a6796bd889bed1df)

14 / 68    (Adware)
http://cdn.openthefile.net/.../Soda_PDF_6_Installer.exe  (eb02e86032654cd883e835e13141f7c2)

8 / 68      (Adware)
http://cdn.openthefile.net/.../Soda_PDF_6_Installer.exe  (9165fc53b41adb0f11e1179db803b98b)

3 / 68      (Adware)
http://cdn.openthefile.net/.../FAHSetup-1.2.225.exe  (b612097ad60c5de38bd56390b74f2a00)

The following 5 files have been seen to comunicate with cdn.openthefile.net in live environments.