home

cdn4.downloadjelly.com

Moniker Privacy Services  (Proxy Registrant)

Domain Information

The domain cdn4.downloadjelly.com is registered by proxy through Moniker Online Services and was originally registered in February of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Seattle, Washington within the United States. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
Moniker Online Services

Server location:
Washington, United States (US)

Create date:
Monday, February 9, 2015

Expires date:
Thursday, February 9, 2017

Updated date:
Sunday, January 24, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
downloadjelly.com

Whois:
1 downloadjelly.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize, not-a-virus:AdWare.Win32.Amonetize, UDS:DangerousObject.Multi.Generic
50.00%

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen, HEUR/QVM10.1.Malware.Gen, Win32/Trojan.Multi.daf
50.00%

Reason Heuristics
(M), Adware.Amonetize.Installer.Meta (M), Threat.Win.Reputation.IMP, Adware.Amonetize.123.Meta (M)
43.75%

Emsisoft Anti-Malware
Gen:Variant.Graftor.254051, Gen:Variant.Mikey.27312, Trojan.GenericKD.2862718, Gen:Variant.Adware.Mikey.28454, Gen:Heur.Conjar
37.50%

Baidu Antivirus
Adware.Win32.Amonetize, PUA.Win32.Amonetize
37.50%

Avira AntiVirus
ADWARE/Amonetize.463360, W32/Chir.B, TR/Dropper.Gen, TR/Dropper.Gen2, ADWARE/Adware.Gen7, ADWARE/Amonetize.Gen7
37.50%

Bitdefender
Gen:Variant.Graftor.254051, Gen:Variant.Mikey.27312, Trojan.GenericKD.2862718, Gen:Variant.Adware.Mikey.28454, Gen:Heur.Conjar.6
31.25%

avast!
Win32:Dropper-gen [Drp], Win32:Malware-gen, Win32:Adware-gen [Adw]
31.25%

MicroWorld eScan
Gen:Variant.Graftor.254051, Trojan.GenericKD.2862718, Gen:Variant.Adware.Mikey.28454, Gen:Heur.Conjar.6
25.00%

G Data
Gen:Variant.Graftor.254051, Trojan.GenericKD.2862718, Gen:Variant.Adware.Mikey.28454, Gen:Heur.Conjar
25.00%

ESET NOD32
Win32/Amonetize.LB potentially unwanted (variant), Win32/Amonetize.ET potentially unwanted (variant), Win32/Amonetize.NL potentially unwanted (variant)
25.00%

Arcabit
Trojan.Mikey.D6AB0, Trojan.Generic.D2BAE7E, Trojan.Adware.Mikey.D6F26, Trojan.Conjar.6
25.00%

ESET NOD32
Win32/Amonetize.ET potentially unwanted application, Win32/Amonetize.PC potentially unwanted application
25.00%

Malwarebytes
PUP.Optional.Amonetize
25.00%

Lavasoft Ad-Aware
Gen:Variant.Graftor.254051, Gen:Variant.Mikey.27312, Trojan.GenericKD.2862718
18.75%

The domain cdn4.downloadjelly.com has been seen to resolve to the following 60 IP addresses.

52.84.22.52
server-52-84-22-52.sea32.r.cloudfront.net
June 8, 2016

52.84.22.40
server-52-84-22-40.sea32.r.cloudfront.net
June 8, 2016

52.84.22.140
server-52-84-22-140.sea32.r.cloudfront.net
June 8, 2016

52.84.22.138
server-52-84-22-138.sea32.r.cloudfront.net
June 8, 2016

52.84.22.121
server-52-84-22-121.sea32.r.cloudfront.net
June 8, 2016

52.84.22.116
server-52-84-22-116.sea32.r.cloudfront.net
June 8, 2016

52.84.22.88
server-52-84-22-88.sea32.r.cloudfront.net
June 8, 2016

52.84.22.85
server-52-84-22-85.sea32.r.cloudfront.net
June 8, 2016

52.85.142.218
server-52-85-142-218.iad12.r.cloudfront.net
May 18, 2016

52.85.142.196
server-52-85-142-196.iad12.r.cloudfront.net
May 18, 2016

52.85.142.110
server-52-85-142-110.iad12.r.cloudfront.net
May 18, 2016

52.85.142.100
server-52-85-142-100.iad12.r.cloudfront.net
May 18, 2016

52.85.142.87
server-52-85-142-87.iad12.r.cloudfront.net
May 18, 2016

52.85.142.239
server-52-85-142-239.iad12.r.cloudfront.net
May 18, 2016

52.85.142.234
server-52-85-142-234.iad12.r.cloudfront.net
May 18, 2016

52.85.142.231
server-52-85-142-231.iad12.r.cloudfront.net
May 18, 2016

52.85.131.198
server-52-85-131-198.iad53.r.cloudfront.net
April 6, 2016

52.85.131.224
server-52-85-131-224.iad53.r.cloudfront.net
April 4, 2016

52.85.131.155
server-52-85-131-155.iad53.r.cloudfront.net
April 4, 2016

52.85.131.120
server-52-85-131-120.iad53.r.cloudfront.net
April 4, 2016

52.85.131.67
server-52-85-131-67.iad53.r.cloudfront.net
April 4, 2016

52.85.131.43
server-52-85-131-43.iad53.r.cloudfront.net
April 4, 2016

52.85.131.18
server-52-85-131-18.iad53.r.cloudfront.net
April 4, 2016

52.85.131.7
server-52-85-131-7.iad53.r.cloudfront.net
April 4, 2016

52.85.131.253
server-52-85-131-253.iad53.r.cloudfront.net
April 4, 2016

54.192.195.232
server-54-192-195-232.iad53.r.cloudfront.net
March 3, 2016

54.192.195.224
server-54-192-195-224.iad53.r.cloudfront.net
March 3, 2016

54.192.195.24
server-54-192-195-24.iad53.r.cloudfront.net
February 27, 2016

54.192.195.162
server-54-192-195-162.iad53.r.cloudfront.net
February 27, 2016

54.192.195.154
server-54-192-195-154.iad53.r.cloudfront.net
February 27, 2016

 
Showing 30 of 60 IP Addresses

File downloads found at URLs served by cdn4.downloadjelly.com.

5 / 68      (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (program_d.exe)

1 / 68      (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (0193b9c8eecc57748eae483e9626dddc)

4 / 68      (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (1875d40ec04a250433148bd6e6e1cc2a)

2 / 68      (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (67cef0bd5e5ce39f3b2de02bc78f772b)

3 / 68      (Malware)
http://cdn4.downloadjelly.com/.../Bundle.exe  (programan.exe)

5 / 68      (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (ee76a168b1f66ab00463b91d5ef03ae6)

5 / 68      (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (Setup.exe)

29 / 68    (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (program_d.exe)

9 / 68      (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (nst52f7.tmp)

13 / 68    (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (d153b217331358688c33e0d41759e609)

3 / 68      (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (Setup.exe)

3 / 68      (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (b1ba388f5b638828c755cb472457ed9d)

1 / 68      (Malware)
http://cdn4.downloadjelly.com/.../Bundle.exe  (dismcore.dll)

10 / 68    (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (nsrdf58.tmp)

13 / 68    (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (ic-0.bd789a1aacc5a.exe)

4 / 68      (PUP)
http://cdn4.downloadjelly.com/.../Bundle.exe  (setup.exe)

The following 50 files have been seen to comunicate with cdn4.downloadjelly.com in live environments.

TCP » 54.192.195.32:443
online-guardian-v2.0.9.exe

TCP » 54.192.195.232:443
online-guardian-v2.0.9.exe

TCP » 52.85.142.218:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.192.195.231:443
online-guardian-v2.0.9.exe

TCP » 54.192.195.158:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.195.111:443
online-guardian-v2.0.9.exe

TCP » 54.192.195.158:443
onlineguardian-v2.exe

TCP » 54.192.195.235:443
online-guardian.exe

TCP » 54.192.195.235:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.218:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.110:80
jingling.exe

TCP » 54.192.195.111:443
apptrailers.exe

TCP » 52.85.142.100:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.100:80
browser.exe (Browser)

TCP » 54.192.195.158:443
online-guardian.exe

TCP » 52.85.142.196:80
mobogenieP2sp.exe (mobogenie by mobogenie.com)

TCP » 52.85.142.110:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.195.231:443
apptrailers.exe

TCP » 52.84.22.85:80
spassist.exe (SoftPlanet Software Assistant by Secure Download)

TCP » 52.85.142.110:80
UCBrowser.exe (UC Browser by UCWeb)

 
Latest 20 of 89 files

URL:
http://cdn4.downloadjelly.com/

Network:
Amazon Cloudfront

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.