home

cdn.reasonsecurity.com

Reason Software Company Inc.

Domain Information

The domain cdn.reasonsecurity.com registered by Reason Software Company Inc. was initially registered in January of 2015 through GODADDY.COM, LLC. Currently this domain has been known to host various forms of malware. The hosted servers are located in Ashburn, Virginia within the United States. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US East (Northern Virginia) region datacenter.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Friday, January 23, 2015

Expires date:
Monday, January 23, 2017

Updated date:
Sunday, January 24, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
reasonsecurity.com

Whois:
2 reasonsecurity.com records

Scanner detections:
Malware distribution  (60% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore (M), Threat.Win.Reputation.IMP
50.00%

F-Prot
W32/Autorun.ZF, W32/HLLP.41472
50.00%

ESET NOD32
Win32/AutoRun.Delf.LV worm, Win32/Neshta.A virus
50.00%

Microsoft Security Essentials
Threat.Undefined
50.00%

avast!
Win32:AutoRun-CWJ [Trj], Win32:Crypt-SKC [Trj], Win32:Apanas [Trj]
50.00%

Dr.Web
Trojan.Siggen6.55368, Win32.HLLP.Neshta
50.00%

VIPRE Antivirus
Threat.4150696, Threat.4276445
33.33%

Emsisoft Anti-Malware
Win32.Neshta
33.33%

F-Secure
Trojan.Generic.KDV.391478
16.67%

Norman
Trojan.Generic.KDV.391478
16.67%

AVG
Worm/Delf.FF
16.67%

Kaspersky
Virus.Win32.Neshta
16.67%

The domain cdn.reasonsecurity.com has been seen to resolve to the following 22 IP addresses.

104.20.45.197
September 2, 2016

104.20.24.197
September 2, 2016

104.27.113.111
September 1, 2016

104.27.112.111
September 1, 2016

54.231.10.116
s3-website-us-east-1.amazonaws.com
April 21, 2016

54.231.113.194
s3-website-us-east-1.amazonaws.com
April 21, 2016

54.231.114.201
s3-website-us-east-1.amazonaws.com
April 21, 2016

54.231.49.106
s3-website-us-east-1.amazonaws.com
April 20, 2016

54.231.16.204
s3-website-us-east-1.amazonaws.com
April 20, 2016

54.231.50.25
s3-website-us-east-1.amazonaws.com
April 19, 2016

54.231.19.12
s3-website-us-east-1.amazonaws.com
April 18, 2016

54.231.8.228
s3-website-us-east-1.amazonaws.com
April 18, 2016

54.231.113.210
s3-website-us-east-1.amazonaws.com
April 17, 2016

54.231.49.42
s3-website-us-east-1.amazonaws.com
April 17, 2016

54.231.19.52
s3-website-us-east-1.amazonaws.com
April 16, 2016

54.231.50.97
s3-website-us-east-1.amazonaws.com
April 16, 2016

54.231.48.98
s3-website-us-east-1.amazonaws.com
April 16, 2016

54.231.49.90
s3-website-us-east-1.amazonaws.com
April 15, 2016

104.25.242.6
October 26, 2015

104.25.243.6
October 26, 2015

108.162.204.90
May 6, 2015

108.162.203.90
May 6, 2015

File downloads found at URLs served by cdn.reasonsecurity.com.

0 / 68
http://cdn.reasonsecurity.com/resources/.../reason-core-security-setup.exe  (c26541b30ee3b59deb1f2d404de26cae)

0 / 68
http://cdn.reasonsecurity.com/resources/.../reason-core-security-setup_1.1.1.0.exe  (bec83dfe5a5bf086cce09e82d595e788)

The following 136 files have been seen to comunicate with cdn.reasonsecurity.com in live environments.

TCP » 54.231.50.25:80
disco_games_updating_service.exe

TCP » 54.231.49.106:80
disco_games_notification_service.exe (FileProperties_ProductName by FileProperties_CompanyName)

TCP » 54.231.49.106:80
disco_games_updating_service.exe

TCP » 54.231.50.25:80
3eaa9b9e-31d5-4f50-a21f-cc4883b90f81-7.exe (CinemaPlus-3.2cV22.06 by Cinema PlusV22.06)

TCP » 54.231.113.210:80
131a7799-41ab-4a66-89a9-9deb782316be-10.exe (MyBrowser 1.0.2V09.11)

TCP » 54.231.113.210:80
fdb98e0a-d21a-4173-8529-313ae0bfb3cf-1-7.exe (CinemaPlus-4.2vV18.10 by Cinema PlusV18.10)

TCP » 54.231.50.97:80
disco_games_notification_service.exe (FileProperties_ProductName by FileProperties_CompanyName)

TCP » 54.231.50.25:80
7821188c-4a5e-4a31-b4ae-9b16aa9211c5-10.exe (MyBrowser 1.0.2V22.10)

TCP » 54.231.50.25:80
updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 54.231.113.194:80
f7dab28f-9769-4a5d-9f56-e45da253027f-1-7.exe (CinemaP-1.9cV31.07 by Cinema PlusV31.07)

TCP » 54.231.50.97:80
f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-7.exe (CinemaPlus-3.2cV29.07 by Cinema PlusV29.07)

TCP » 54.231.113.210:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.231.50.25:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.231.49.90:80
disco_games_notification_service.exe (FileProperties_ProductName by FileProperties_CompanyName)

TCP » 54.231.49.90:80
e96f85c8-a84a-4632-b813-2db74c08c880-10.exe (SavePass 1.1 by OB)

TCP » 54.231.49.90:80
822d377d-8e61-4e96-b9b1-8bd35a2ec52d-6.exe (MyBrowser 1.0.2V30.10)

TCP » 54.231.49.106:80
internet speed checker-codedownloader.exe (Internet Speed Checker by Speedchecker)

TCP » 54.231.50.25:80
disco_games_notification_service.exe (FileProperties_ProductName by FileProperties_CompanyName)

TCP » 54.231.49.90:80
36b1394f-0883-4f11-a856-f741a34c60a5-1-7.exe (iWebar by Webby)

TCP » 54.231.50.25:80
98a04408-3268-4d71-a613-b6ff51e6f666-1-7.exe (CinemaPlus-3.2cV13.08 by Cinema PlusV13.08)

 
Latest 20 of 166 files

URL:
http://cdn.reasonsecurity.com/

Network:
Amazon Web Services (AWS)

SSL certificate subject:
CN=ssl279439.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx (ASP.NET)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.