It looks like the string "dnrweqffuwjtx.cloudfront.net" resembles a generic Amazon CloudFront domain name (randomly generated prefix + .cloudfront.net ). However, that specific subdomain likely doesn’t exist or has been deleted — CloudFront distributions are typically longer, and this looks like random keystrokes or a placeholder.

But to give you a about investigating a CloudFront subdomain like this: Story: The Case of the Phantom CDN

A security analyst, Alex, noticed an alert: an internal server was making DNS queries to dnrweqffuwjtx.cloudfront.net . The domain wasn’t in any asset inventory.

Sometimes attackers register dead CloudFront subdomains for domain fronting or C2, but here, the domain was never registered. However, Alex used nslookup to see if any CNAME records pointed to it — none. CloudFront’s TLS certificate check also failed.