» www.cityclearvault.com
Overview
Analysis
IPs Addresses (16)
Downloads (8)
Network (36)

www.cityclearvault.com

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

cityclearvault.com

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.installCore.MICROMAX.Installer (M)

100.00%

The domain www.cityclearvault.com has been seen to resolve to the following 16 IP addresses.

ec2-52-36-112-186.us-west-2.compute.amazonaws.com

August 23, 2016

ec2-54-200-224-121.us-west-2.compute.amazonaws.com

August 23, 2016

ec2-54-148-183-210.us-west-2.compute.amazonaws.com

August 23, 2016

ec2-52-33-46-229.us-west-2.compute.amazonaws.com

June 29, 2016

ec2-54-191-246-249.us-west-2.compute.amazonaws.com

June 29, 2016

ec2-54-149-195-20.us-west-2.compute.amazonaws.com

June 29, 2016

ec2-52-41-114-34.us-west-2.compute.amazonaws.com

June 29, 2016

ec2-52-38-209-219.us-west-2.compute.amazonaws.com

June 5, 2016

ec2-52-33-165-25.us-west-2.compute.amazonaws.com

June 5, 2016

ec2-52-32-12-104.us-west-2.compute.amazonaws.com

June 5, 2016

ec2-54-148-57-212.us-west-2.compute.amazonaws.com

May 23, 2016

ec2-54-69-198-37.us-west-2.compute.amazonaws.com

May 23, 2016

ec2-54-69-11-66.us-west-2.compute.amazonaws.com

May 23, 2016

ec2-52-88-159-85.us-west-2.compute.amazonaws.com

May 23, 2016

ec2-52-25-41-73.us-west-2.compute.amazonaws.com

May 23, 2016

ec2-52-24-26-116.us-west-2.compute.amazonaws.com

May 23, 2016

File downloads found at URLs served by www.cityclearvault.com.

1 / 68 (PUP)

http://www.cityclearvault.com/WVl6OTRQVXRsZWpSYWRDVXlRa1pJV0ZsbFNrcFRiSG8yZFdaMEpUSkNRblZRZURsQ2VqUmhZVUZyTjNwbk1ETm5UV05GSlRORUptTTlKVEpHYkROUGJUSjRiVUUxWVhSVk5GaDRPV3BsZURrMWVqUkRPSFZSV0dkS1kwVldRV1F3WXpnd1VGcEpVMkpJWVcwbE1rSjBXREpwZVhkMWVrVjVjMkpyVWtGeGJYWXhhVE5YWWtaSlEyTllOek5PZFZGNmFIVnpWVFZKVW13d1V6ZFVOVUZ0TVU5MlkzQnNjMlZ3TjBoVGRWZGpOMEZzU1ZOeWFsSTRkVkZ4T1VkTWJGbG5OMGh6UlZaamNFNTRhWEZ5UzNJME9GTkdRU1V6UkNVelJDWmxQVEVtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1p5WlhNdWFXdHJibWt1WTI5dEpUSkdZMmh5YjIxbEpUSkdRMmh5YjIxbFUyVjBkWEJmWlc0dVpYaGw= (chromesetup_en.exe)

1 / 68 (PUP)

http://www.cityclearvault.com/c?x=233are5AdE63xD0w4/D5hspAE4CoAJ0Wu8wuSn3OE54=&c=aEnLAJ1Mqu1Ip7Ma7 qI3xSxZ5FLbX4tsgYNjycNYAAV9JhQAkWl3ltoJy4pk0Hx5/FPQ3dQWAMvC6nM39TcPqPLwTMIIy4xpkIxGjQ7Yk1Baife3LTUcgOSoj2lfvsk&fallback_url=http://res.hufftos.com/.../ChromeSetup_fr.exe (7a6ebb756a1ad81c85f49e9b830c8b99)

1 / 68 (PUP)

http://www.cityclearvault.com/c?x=J9hfWFKghQifdqwmKU6wfpyzeBlPct7OBRPCVDFMqJo=&c=c HPDd791LGwmX48MmZZ6azYCa3Orm0TSL/vVrADVC0PU0DvolNU8dnHznAxrlBzAVV0UHvM0HMBrvNWfl3Tlpwwk2ERqcBOa474R5PwWd8eXbvVpRgHqolyMkNVo2xh1Qh4pTkgYe574j1ENT8EL/OAKCPwRw6DC2zDqoWHYMw=&e=1&fallback_url=http://res.mshist.com/.../FalloutShelter.exe (a5b7e8e542d0e587b8c29f013c865d2c)

1 / 68 (PUP)

http://www.cityclearvault.com/c?x=lbUZbY3cV/J0dhSnciYsNkV9HdKcKTcXptToOUoY8uk=&c=Ncl9y52a AfQxW6HGz1bRROM/HI6B1DGPf7jc/B98OPQ42bq oT6jZvAAw0LIEOK1IxzRO7Ovo85A9s1us aUBvK EHT65KQw8pCblaTcm6dyPB9wmQh9rOK2mVDsYl56X3T2lGKlDCD2K3bwCNwL3VYnjdle9O9Sq/Rkbo8hkH3bPWcmXlRfAKiUJY00Hah&e=1&downloadAs=skype.exe&fallback_url=http://res.kchuss.com/.../SkypeSetupFull.msi (icreinstall_skype.exe)

1 / 68 (PUP)

http://www.cityclearvault.com/c?x=W/yjaqhcRSdkBwNrS7qG5FqaeBHTcXOy3d m4A1uplc=&c=RoIX2WhXKjBvS7ok ua DVvnwQVQorT5BhyQcafzvB55NcyyS2GvlR 95K6Fq7T0bRMQ kG32q4ADrH2CwWaDKTO9NdBUlEbkqTgLpedfV UwMZ8/zRuuqIBelGgQ1xv&fallback_url=http://res.hufftos.com/.../ChromeSetup_fr.exe (7a6ebb756a1ad81c85f49e9b830c8b99)

1 / 68 (PUP)

http://www.cityclearvault.com/c?x=eFmOWQjtFF7YFjo60r0JEinOA 9KdDAe/pOZvFmHLkw=&c=R9ZqJB2yprKAdgPfSaFw8C2Ir8MyImDNeC9VxlsO3iuURU9SNwlfmk44JQ/r0YbB/qJHBUu1P6ouhXKo41GRV41fSpVbKYPKDy6Ij AC6ThzzbP uhMUOUHDIw82xFiNTgmvyp8yaCuuwjnl13CVNOiwbiQ1z4TIklMZDHbCxQY=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (ad7f25e9f23f816ab4e53f2d29ea1f79)

1 / 68 (PUP)

http://www.cityclearvault.com/c?x=ScOdNNscozBfXuEQSlRSTuKl G08JG4O7bOxRs1K7qE=&c=DbEitNAYUSFPWTJew0wlNgzXkQe6 rTFsQKHRgRUEowJ IwMEVmS GoK9SjtzSuPA510E0Q0znPO3im5ohn2z ttTMZo9/iYkcXVJN9gVfQzxvuDJ/N8lEVmyJSqyzDf&fallback_url=http://res.hufftos.com/.../ChromeSetup_fr.exe (7a6ebb756a1ad81c85f49e9b830c8b99)

1 / 68 (PUP)

http://www.cityclearvault.com/c?x=OaXJM8ZZqXjyk4xAQGmeqvNrQMRoEGzlPQTw74pB1gE=&c=EcRt5 gFEowo1xDo0HE/xirIDsP/KMSKj23 tkXjoJ4EzYYtDJBDb /EDQmuG7svZiUc GtlpwQa8fYzy64hkpvt6dLuXN25/pSD9UtbVrJpzQ8CXxpKUzsOGhTkKJ1V&fallback_url=http://res.mshist.com/.../SimCity.exe (337be3eb058cf22172d240e37e07e669)

The following 36 files have been seen to comunicate with www.cityclearvault.com in live environments.

TCP » 52.38.209.219:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80

browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80

browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80

browser.exe (Browser)

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80

kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80

browser.exe (Browser)

TCP » 52.33.46.229:80

citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80

ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80

browser.exe (Browser)

TCP » 52.33.46.229:80

TCP » 54.200.224.121:80

kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80

ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.