d24u51ac8ybaqu.cloudfront.net

Amazon.com, Inc

Domain Information

The domain d24u51ac8ybaqu.cloudfront.net registered by Amazon.com, Inc was initially registered in April of 2008 through MARKMONITOR INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
MARKMONITOR INC.

Server location:
Virginia, United States (US)

Create date:
Friday, April 25, 2008

Expires date:
Tuesday, April 25, 2017

Updated date:
Tuesday, February 25, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Malware distribution  (96% detected)

Scan engine
Details
Detections

Emsisoft Anti-Malware
Gen:Variant.Mikey.27512, Gen:Variant.Mikey.27798, Gen:Variant.Mikey.28503, Gen:Variant.Mikey.28783, Gen:Variant.Graftor.259380, Gen:Variant.Zusy.175319
74.47%

Kaspersky
UDS:DangerousObject.Multi.Generic, Trojan-Downloader.Win32.Agent, Virus.Win32.Nimnul, Virus.Win32.Virut, Virus.Win32.Parite
55.32%

MicroWorld eScan
Gen:Variant.Mikey.27512, Gen:Variant.Mikey.27798, Gen:Variant.Mikey.28503, Gen:Variant.Mikey.28783, Gen:Variant.Graftor.259380, Gen:Variant.Zusy.176715
51.06%

Arcabit
Trojan.Mikey.D6B78, Trojan.Mikey.D6C96, Trojan.Mikey.D6F57, Trojan.Mikey.D706F, Trojan.Graftor.D3F534, Trojan.Zusy.D2B24B
51.06%

Bitdefender
Gen:Variant.Mikey.27512, Gen:Variant.Mikey.27798, Gen:Variant.Mikey.28503, Gen:Variant.Mikey.28783, Gen:Variant.Graftor.259380
51.06%

G Data
Gen:Variant.Mikey.27512, Gen:Variant.Mikey.27798, Gen:Variant.Mikey.28503, Gen:Variant.Mikey.28783, Gen:Variant.Graftor.259380
51.06%

McAfee
Artemis!BA856F6280A8, Trojan.Artemis!46AEBEB72CBA, Artemis!3252B0C737D0, Artemis!DDB4048373AB, Artemis!6BBEE534E3EA, Artemis!CE707BF197AE
42.55%

avast!
Win32:Malware-gen, Win32:PUP-gen [PUP], Win32:RmnDrp, Win32:Vitro, Win32:Parite
40.43%

Qihoo 360 Security
HEUR/QVM08.0.Malware.Gen, Win32/Trojan.aba, Win32/Trojan.b05, Win32/Trojan.Downloader.5de
40.43%

Panda Antivirus
Trj/Genetic.gen, Generic Suspicious, Trj/CI.A
38.30%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A, Threat.Undefined, TrojanDownloader:Win32/Phabeload.A
36.17%

F-Secure
Application:W32/Generic.70053c248f!Online, Gen:Variant.Mikey.28503, Gen:Variant.Graftor.259380, Variant.Zusy.175319, Win32.Parite.A
34.04%

F-Secure
Gen:Variant.Mikey.27512, Gen:Variant.Mikey.27798, Gen:Variant.Mikey.28503, Gen:Variant.Mikey.28783, Gen:Variant.Graftor.259380
34.04%

Avira AntiVirus
TR/Taranis.313, TR/Taranis.399, TR/Dldr.Agent.10752.168, TR/Dldr.Agent.10752.165, TR/Taranis.526, TR/Dldr.Agent.10240.101
34.04%

AhnLab V3 Security
PUP/Win32.CrossRider
34.04%

The domain d24u51ac8ybaqu.cloudfront.net has been seen to resolve to the following 211 IP addresses.

server-52-84-125-119.iad16.r.cloudfront.net
August 30, 2016

server-52-84-125-74.iad16.r.cloudfront.net
August 30, 2016

server-52-84-125-65.iad16.r.cloudfront.net
August 30, 2016

server-52-84-125-30.iad16.r.cloudfront.net
August 30, 2016

server-52-84-125-254.iad16.r.cloudfront.net
August 30, 2016

server-52-84-125-203.iad16.r.cloudfront.net
August 30, 2016

server-52-84-125-164.iad16.r.cloudfront.net
August 30, 2016

server-52-84-125-104.iad16.r.cloudfront.net
July 18, 2016

server-52-84-125-97.iad16.r.cloudfront.net
July 18, 2016

server-52-84-125-85.iad16.r.cloudfront.net
July 18, 2016

server-52-84-125-76.iad16.r.cloudfront.net
July 18, 2016

server-52-84-125-24.iad16.r.cloudfront.net
July 18, 2016

server-52-84-125-240.iad16.r.cloudfront.net
July 18, 2016

server-52-84-125-226.iad16.r.cloudfront.net
July 18, 2016

server-52-84-125-156.iad16.r.cloudfront.net
July 18, 2016

server-52-85-131-11.iad53.r.cloudfront.net
July 18, 2016

server-52-85-131-177.iad53.r.cloudfront.net
July 18, 2016

server-52-85-131-117.iad53.r.cloudfront.net
July 18, 2016

server-52-85-131-95.iad53.r.cloudfront.net
July 18, 2016

server-52-85-131-66.iad53.r.cloudfront.net
July 18, 2016

server-52-85-131-39.iad53.r.cloudfront.net
July 18, 2016

server-52-85-131-18.iad53.r.cloudfront.net
July 18, 2016

server-52-84-125-147.iad16.r.cloudfront.net
July 1, 2016

server-52-84-125-131.iad16.r.cloudfront.net
July 1, 2016

server-52-84-125-48.iad16.r.cloudfront.net
July 1, 2016

server-52-84-125-26.iad16.r.cloudfront.net
July 1, 2016

server-52-84-125-25.iad16.r.cloudfront.net
July 1, 2016

server-52-84-125-183.iad16.r.cloudfront.net
July 1, 2016

server-52-84-125-182.iad16.r.cloudfront.net
July 1, 2016

server-52-84-125-169.iad16.r.cloudfront.net
July 1, 2016

 
Showing 30 of 211 IP Addresses

File downloads found at URLs served by d24u51ac8ybaqu.cloudfront.net.

1 / 68      (Malware)

17 / 68    (PUP)

10 / 68    (PUP)

21 / 68    (PUP)

6 / 68      (PUP)

1 / 68      (Malware)
https://d24u51ac8ybaqu.cloudfront.net/.../setup_7a4bf9.exe  (api-ms-win-downlevel-shlwapi-l1-1-0.dll)

5 / 68      (PUP)

1 / 68      (Malware)

28 / 68    (Malware)

12 / 68    (Malware)

21 / 68    (PUP)
http://d24u51ac8ybaqu.cloudfront.net/.../setup_dbb422.exe  (d840a8fb1a3c03ab9739a49cd9e92603)

8 / 68      (Infected)

1 / 68      (Malware)

10 / 68    (Malware)

13 / 68    (Malware)

The following 95 files have been seen to comunicate with d24u51ac8ybaqu.cloudfront.net in live environments.

 
Latest 20 of 317 files

URL:
http://d24u51ac8ybaqu.cloudfront.net/

Network:
Amazon Cloudfront

SSL certificate subject:
CN=*.cloudfront.net, O="Amazon.com, Inc.", L=Seattle, S=Washington, C=US

SSL certificate issuer:
CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Web server:
AmazonS3