home

dxc8gomuhcz9w.cloudfront.net

Amazon.com, Inc

Domain Information

The domain dxc8gomuhcz9w.cloudfront.net registered by Amazon.com, Inc was initially registered in April of 2008 through MARKMONITOR INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
MARKMONITOR INC.

Server location:
Virginia, United States (US)

Create date:
Friday, April 25, 2008

Expires date:
Tuesday, April 25, 2017

Updated date:
Tuesday, February 25, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
cloudfront.net

Whois:
1 cloudfront.net record

Scanner detections:
Malware distribution  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
(M), Threat.Downloader.KY, PUP.Bundler (M), Threat.Win.Reputation.IMP, Adware.Dropper
70.00%

Emsisoft Anti-Malware
Trojan.GenericKD.2887967, Trojan.GenericKD.2999362, Gen:Variant.Graftor.266404, Gen:Variant.Razy.6774, Trojan.GenericKD.3023195, Gen:Variant.Application.Razy.4269, Trojan.GenericKD.3050189, Gen:Variant.Midie.7540, Trojan.GenericKD.3068137
40.00%

Norman
Trojan.GenericKD.2999362, Gen:Variant.Graftor.266404, Gen:Variant.Razy.6774, Gen:Variant.Application.Razy.4269, Trojan.GenericKD.3050189
34.00%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen, Win32/Trojan.Multi.daf, Win32/Trojan.e04
28.00%

F-Secure
Variant.Razy.6774, Variant.Application.Razy, Trojan.GenericKD.3050189, Trojan.GenericKD.3059225, Trojan.GenericKD.3060240, Trojan.GenericKD.3063486, Variant.Mikey.32315, Trojan.GenericKD.3077032, Trojan.GenericKD.3143956
24.00%

Kaspersky
Trojan-Dropper.Win32.Sysn, UDS:DangerousObject.Multi.Generic
22.00%

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F], PE:Malware.RDM.21!5.1B [F]
22.00%

MicroWorld eScan
Trojan.GenericKD.2887967, Trojan.GenericKD.2999362, Gen:Variant.Midie.7540, Trojan.GenericKD.3060240, Trojan.GenericKD.3063486
16.00%

Bitdefender
Trojan.GenericKD.2887967, Trojan.GenericKD.2999362, Gen:Variant.Midie.7540, Trojan.GenericKD.3060240, Trojan.GenericKD.3063486
16.00%

Lavasoft Ad-Aware
Trojan.GenericKD.2887967, Trojan.GenericKD.2999362, Gen:Variant.Midie.7540, Trojan.GenericKD.3060240, Trojan.GenericKD.3063486
16.00%

G Data
Trojan.GenericKD.2887967, Trojan.GenericKD.2999362, Gen:Variant.Midie.7540, Trojan.GenericKD.3060240, Trojan.GenericKD.3063486
16.00%

Arcabit
Trojan.Generic.D2C111F, Trojan.Generic.D2DC442, Trojan.Midie.D1D74, Trojan.Generic.D2EB210, Trojan.Generic.D2EBEBE, Trojan.Mikey.D7E3B
14.00%

avast!
Win32:Dropper-gen [Drp], Win32:Malware-gen, Win32:Evo-gen [Susp]
14.00%

Dr.Web
Trojan.MulDrop6.14481, Trojan.MulDrop6.24863, Trojan.MulDrop6.25161, Trojan.MulDrop6.31507, Trojan.MulDrop6.35304
12.00%

McAfee
Artemis!4F1C2D045BDF, Artemis!1D7F9ADAAD54, Artemis!EFE8481C3BAF, Artemis!28BA5BFA2189, Artemis!8A180C22FA25
10.00%

The domain dxc8gomuhcz9w.cloudfront.net has been seen to resolve to the following 123 IP addresses.

52.84.125.151
server-52-84-125-151.iad16.r.cloudfront.net
July 1, 2016

52.84.125.128
server-52-84-125-128.iad16.r.cloudfront.net
July 1, 2016

52.84.125.102
server-52-84-125-102.iad16.r.cloudfront.net
July 1, 2016

52.84.125.93
server-52-84-125-93.iad16.r.cloudfront.net
July 1, 2016

52.84.125.66
server-52-84-125-66.iad16.r.cloudfront.net
July 1, 2016

52.84.125.48
server-52-84-125-48.iad16.r.cloudfront.net
July 1, 2016

52.84.125.38
server-52-84-125-38.iad16.r.cloudfront.net
July 1, 2016

52.84.125.189
server-52-84-125-189.iad16.r.cloudfront.net
July 1, 2016

52.85.131.135
server-52-85-131-135.iad53.r.cloudfront.net
June 7, 2016

52.85.131.10
server-52-85-131-10.iad53.r.cloudfront.net
June 6, 2016

52.85.142.59
server-52-85-142-59.iad12.r.cloudfront.net
May 18, 2016

52.85.142.43
server-52-85-142-43.iad12.r.cloudfront.net
May 18, 2016

52.85.142.35
server-52-85-142-35.iad12.r.cloudfront.net
May 18, 2016

52.85.142.199
server-52-85-142-199.iad12.r.cloudfront.net
May 18, 2016

52.85.142.166
server-52-85-142-166.iad12.r.cloudfront.net
May 18, 2016

52.85.142.163
server-52-85-142-163.iad12.r.cloudfront.net
May 18, 2016

52.85.142.118
server-52-85-142-118.iad12.r.cloudfront.net
May 18, 2016

52.85.131.112
server-52-85-131-112.iad53.r.cloudfront.net
May 15, 2016

52.85.131.18
server-52-85-131-18.iad53.r.cloudfront.net
May 15, 2016

52.85.131.15
server-52-85-131-15.iad53.r.cloudfront.net
May 15, 2016

52.85.131.227
server-52-85-131-227.iad53.r.cloudfront.net
May 15, 2016

52.85.131.216
server-52-85-131-216.iad53.r.cloudfront.net
May 15, 2016

52.85.131.215
server-52-85-131-215.iad53.r.cloudfront.net
May 15, 2016

52.85.131.132
server-52-85-131-132.iad53.r.cloudfront.net
May 15, 2016

52.85.131.171
server-52-85-131-171.iad53.r.cloudfront.net
April 22, 2016

52.85.142.217
server-52-85-142-217.iad12.r.cloudfront.net
April 15, 2016

52.85.142.146
server-52-85-142-146.iad12.r.cloudfront.net
April 15, 2016

52.85.142.133
server-52-85-142-133.iad12.r.cloudfront.net
April 15, 2016

52.85.142.58
server-52-85-142-58.iad12.r.cloudfront.net
April 15, 2016

52.85.142.12
server-52-85-142-12.iad12.r.cloudfront.net
April 15, 2016

 
Showing 30 of 123 IP Addresses

File downloads found at URLs served by dxc8gomuhcz9w.cloudfront.net.

3 / 68      (PUP)
http://dxc8gomuhcz9w.cloudfront.net/.../brastub6ab_guttn_inst.exe  (4e7a.tmp)

3 / 68      (inconclusive)
http://dxc8gomuhcz9w.cloudfront.net/.../tdnistub19c_guttn_inst.exe  (tdnistub19c_amotn_inst.exe)

2 / 68      (Malware)
http://dxc8gomuhcz9w.cloudfront.net/.../tdnistub_guttn_inst.exe  (tdnistub_tuttn_inst.exe)

1 / 68      (Malware)
http://dxc8gomuhcz9w.cloudfront.net/.../tdnigo_guttn_inst.exe  (tdnigo_ftptn_inst.exe)

1 / 68      (Malware)
http://dxc8gomuhcz9w.cloudfront.net/.../tdnistub26c_guttn_inst.exe  (tdnigut_guttn_inst.exe)

2 / 68      (Malware)
http://dxc8gomuhcz9w.cloudfront.net/.../tdnistub25c_guttn_inst.exe  (tdnigut_guttn_inst.exe)

27 / 68    (Malware)
http://dxc8gomuhcz9w.cloudfront.net/.../tdnigutstub18c_guttn_inst.exe  (4f1c2d045bdf10a96b2d90c39812d6e4)

The following 58 files have been seen to comunicate with dxc8gomuhcz9w.cloudfront.net in live environments.

TCP » 52.85.142.35:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.224:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.166:80
beamrise.exe (Beamrise by The Beamrise Authors)

TCP » 52.85.142.217:80
se.exe

TCP » 52.85.142.133:80
beamrise.exe (Beamrise by The Beamrise Authors)

TCP » 54.192.195.235:443
online-guardian.exe

TCP » 52.85.142.18:80
jingling.exe

TCP » 52.85.142.156:80
se.exe

TCP » 54.192.195.235:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.156:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.135:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.18:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.66:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.116:80
se.exe

TCP » 52.85.142.116:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.59:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.54:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.116:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 52.84.125.128:80
browser.exe (Browser)

TCP » 52.85.142.12:443
browser.exe (Browser)

 
Latest 20 of 142 files

URL:
http://dxc8gomuhcz9w.cloudfront.net/

Network:
Amazon Cloudfront

SSL certificate subject:
CN=*.cloudfront.net, O="Amazon.com, Inc.", L=Seattle, S=Washington, C=US

SSL certificate issuer:
CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Web server:
Microsoft-IIS/7.5 (ASP.NET)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.