d23d12h09rr1pi.cloudfront.net

Amazon.com, Inc

Domain Information

The domain d23d12h09rr1pi.cloudfront.net registered by Amazon.com, Inc was initially registered in April of 2008 through MARKMONITOR INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Seattle, Washington within the United States. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
MARKMONITOR INC.

Server location:
Washington, United States (US)

Create date:
Friday, April 25, 2008

Expires date:
Thursday, April 25, 2019

Updated date:
Thursday, May 5, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

Scanner detections:
Malware distribution  (82% detected)

Scan engine
Details
Detections

avast!
Win32:Malware-gen, Win32:Adware-gen [Adw], Win32:Virtu-A, Win32:RmnDrp, Win32:Kukacka, Win32:Vitro
77.78%

ESET NOD32
MSIL/Adware.Imali.C application, Win32/Virut.NBP virus, Win32/Ramnit.H virus, Win32/Sality.NBA virus
66.67%

Dr.Web
Trojan.Crossrider1.58013, Win32.Virut.56, Trojan.DownLoader21.51407, Win32.Sector.30
66.67%

Emsisoft Anti-Malware
Gen:Variant.Razy.18672, Win32.Virtob.Gen.12, Win32.Ramnit.N, Win32.Sality
44.44%

Norman
Gen:Variant.Razy.18672, Win32.Virtob.Gen.12, Win32.Ramnit.N, Win32.Sality.3
44.44%

F-Prot
W32/Virut.AM, W32/Ramnit.B!Generic, W32/Sality.gen2, W32/Virut.E.gen
44.44%

Microsoft Security Essentials
Threat.Undefined
44.44%

Reason Heuristics
Adware.Downloader, Threat.Win.Reputation.IMP, Adware.Downloader (M)
33.33%

AVG
Win32/Virut, Win32/Zbot.G, Win32/Sality
33.33%

Kaspersky
Virus.Win32.Virut, Virus.Win32.Nimnul, Virus.Win32.Sality
33.33%

McAfee
Virus.W32/Virut.n.gen, Virus.W32/Ramnit.a
22.22%

VIPRE Antivirus
Threat.4737366
11.11%

The domain d23d12h09rr1pi.cloudfront.net has been seen to resolve to the following 57 IP addresses.

server-52-84-125-220.iad16.r.cloudfront.net
August 26, 2016

server-52-84-125-200.iad16.r.cloudfront.net
August 26, 2016

server-52-84-125-199.iad16.r.cloudfront.net
August 26, 2016

server-52-84-125-184.iad16.r.cloudfront.net
August 26, 2016

server-52-84-125-56.iad16.r.cloudfront.net
August 26, 2016

server-52-84-125-39.iad16.r.cloudfront.net
August 26, 2016

server-52-84-125-6.iad16.r.cloudfront.net
August 26, 2016

server-52-84-125-238.iad16.r.cloudfront.net
August 26, 2016

server-54-192-19-108.iad12.r.cloudfront.net
August 23, 2016

server-54-192-19-85.iad12.r.cloudfront.net
August 23, 2016

server-54-192-19-80.iad12.r.cloudfront.net
August 23, 2016

server-54-192-19-52.iad12.r.cloudfront.net
August 23, 2016

server-54-192-19-31.iad12.r.cloudfront.net
August 23, 2016

server-54-192-19-13.iad12.r.cloudfront.net
August 23, 2016

server-54-192-19-225.iad12.r.cloudfront.net
August 23, 2016

server-54-192-19-121.iad12.r.cloudfront.net
August 23, 2016

server-54-192-19-130.iad12.r.cloudfront.net
July 4, 2016

server-54-192-19-217.iad12.r.cloudfront.net
July 4, 2016

server-52-84-125-51.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-35.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-23.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-254.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-221.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-149.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-54.iad16.r.cloudfront.net
July 4, 2016

server-54-192-19-164.iad12.r.cloudfront.net
June 29, 2016

server-54-192-19-159.iad12.r.cloudfront.net
June 29, 2016

server-54-192-19-77.iad12.r.cloudfront.net
June 29, 2016

server-54-192-19-41.iad12.r.cloudfront.net
June 29, 2016

server-54-192-19-40.iad12.r.cloudfront.net
June 29, 2016

 
Showing 30 of 57 IP Addresses

File downloads found at URLs served by d23d12h09rr1pi.cloudfront.net.

1 / 68      (Malware)

5 / 68      (Malware)

11 / 68    (Malware)

9 / 68      (Infected)

10 / 68    (Infected)

1 / 68      (PUP)

3 / 68      (PUP)

The following 262 files have been seen to comunicate with d23d12h09rr1pi.cloudfront.net in live environments.

 
Latest 20 of 495 files

URL:
http://d23d12h09rr1pi.cloudfront.net/

Network:
Amazon Cloudfront

SSL certificate subject:
CN=*.cloudfront.net, O="Amazon.com, Inc.", L=Seattle, S=Washington, C=US

SSL certificate issuer:
CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Web server:
AmazonS3