home

www.capitaltowervault.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
capitaltowervault.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore.Fokakunu.Installer.Meta (M), PUP.InstallCore.AVSoftwa.Installer (M), PUP.InstallCore.RE11 (M)
100.00%

The domain www.capitaltowervault.com has been seen to resolve to the following 9 IP addresses.

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
June 5, 2016

52.33.165.25
ec2-52-33-165-25.us-west-2.compute.amazonaws.com
June 5, 2016

52.32.12.104
ec2-52-32-12-104.us-west-2.compute.amazonaws.com
June 5, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
May 20, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
May 20, 2016

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 20, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 20, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 20, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 20, 2016

File downloads found at URLs served by www.capitaltowervault.com.

1 / 68      (PUP)
http://www.capitaltowervault.com/c?x=iU3b2 oMB7971vi6bVh3CZonVztdlQu6neXn82VEayA=&c=Iijw5dUjl6mV IAj/aO/yY9TqASPy/ s2doCyZ/zOGtypPQupcV3t0i3dhHlBDdfDAK W79IBSkAE4JT vgAvUXjaxzxfUkjRlwrdPc2lDoQ8Lkj4R5vMwBFvcSMnFT6&downloadAs=SetUp.exe&fallback_url=http://.../setup1.19.exe  (3ccfbf0efd9556ead522a69b225fa79d)

1 / 68      (PUP)
http://www.capitaltowervault.com/c?x=ig3Y0uFer4zuwB7v79EckYVBDAJH/PM82yjEskIdW4I=&c=pMSE5EpIt9CT3oLM7IUmjxX0GoREow57J/j2G9DAYS kzD8lOhm206AgJ9FUk671vDoTMF1ScUUukOE fHl109ox0GRTECPgFM/9zVhIFml4m LDBvPKA5dc9BWnJLmK&downloadAs=EaseUS_Data_Recovery.exe&fallback_url=http://.../get.php?file=7109041d&m3  (icreinstall_easeus_data_recovery.exe)

1 / 68      (PUP)
http://www.capitaltowervault.com/c?x=qylLtXgKq/uttA YZ8tFFeZeLdaXgLrZurEd4SHk5SE=&c=8qXHroAF0LOLcsFbg6Bc6ECoeT2hSkzLwg3qQHo1GIhPN6cL05xkx8JHBFrzR0YHhToc4gJqxsbbn5tpog7WlZy04f9huJYUepWOIkbk0wmP8ofQm3zcP7ltyziNTdAS&downloadAs=fresh-software24blog.exe&fallback_url=http://.../get.php?file=b2083bae&m3  (icreinstall_fresh-software24blog.exe)

1 / 68      (PUP)
http://www.capitaltowervault.com/c?x=Uft0KSlfErLJ0iI5EopCTFI1rgNhwJE2sXiEWGcXzF8=&c=G7jV xTLBM5Ju1/GZKAUr561/OdQQ0C4Lvy6YZcsk/FqKdW4wwzhgkQSVmF6EVj123WYp4b0j09XopQKkaYs JQIBrXaDP0iWq LYj8wNWnS5uD6eKaHBDwpcfxiPvaH&downloadAs=VLC-Media-Player.exe&fallback_url=https://download.videolan.org/pub/videolan/vlc/2.2.1/.../vlc-2.2.1-win32.exe  (c.exe)

1 / 68      (PUP)
http://www.capitaltowervault.com/c?x=hHe/Mpun Z4/EjFU2m9IEUlzqukmpNHQ/wH5a x1UbM=&c=3jDfiuJKed1kaRbYQDZomNbkqY0ihvTUaw9B2ZIUTVkkCQSNrzjnf6UHmDnxFUwniekecBE2Ql8kQhhYdzjKf5l2 8AM0twSFzgJ 2EmNW2Uaxii1zL6sT6RqgJZZgfz&downloadAs=kuyhaa-android19comd.exe&fallback_url=http://.../get.php?file=3310d1f1&m3  (9de43eaf01869da738e1d483af1d16da)

1 / 68      (PUP)
http://www.capitaltowervault.com/c?x=YvcmyDODcXbE3hxWZP3 fsPlXHhhQeFI0qSElHmrlrY=&c=fY2ygyMS9Rl nZZyvsFEa PQqoNX2CmoSQtBPyYY87mtyddkbp1uS5Xl1y11tp RxrezblOXasOO/X43wxCnQsZxVYNOcKDuzq6if1TW6/lJf 4wWOfSs YwuDF9QemW&downloadAs=recoverytar.exe&fallback_url=http://.../get.php?file=c8d13c2b&m3  (49b8652db34c20fe3ac417b4c9aea428)

1 / 68      (PUP)
http://www.capitaltowervault.com/c?x=090ERPWjmBtZf4ukxU1KtVS3fozEz8eM7dpa Xi23fg=&c=hSN5JSCjwplOX87uGdPQo533wy2rzFuneh2fC0lrifObSmQGT4PzztG//ISNHMAvO0cRbtAp55ZuEg4PQyF9ZXTeitCyHs60cmId6pS8uTY1gBaO3eOZGJ5 XJRufQ3K&downloadAs=JIFFY_WAYT_-_SWISH_U.exe&fallback_url=http://.../get.php?file=94e718a6&m3  (d1b7870555682b836c750c18c5a7faa9)

1 / 68      (PUP)
http://www.capitaltowervault.com/c?x=6seD2wxGVIwc8Bx/WEgrvfPKeVz68GFa1tsDHHmg/0s=&c=FLli/S8/VInP4ED3IDjx0aivsWvLaDVkVqraNxTueT201 oGYt/obzuDakbAerqXwXrRisc0KZTMDD0DvoY7kyM5VrxM5hLx56ROCL u8vFBZl7F0CyChNXvBqgeKQM4&downloadAs=QQPlayer39936USB.exe&fallback_url=http://.../get.php?file=4edc3612&m3  (541832fedc5ee5a08d8c11d555f7085d)

The following 18 files have been seen to comunicate with www.capitaltowervault.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.38.209.219:80
3.9.0.128_20140916045038.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
e5be.tmp

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

TCP » 52.38.209.219:80
client.exe

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.38.209.219:80
kmplayer 3.8.0.117 -[www.patoghu.com].exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
KMPlayer_3.9.0.126.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
3.9.0.125_20140702035547.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.38.209.219:80
online-guardian-v2.0.9.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.