home

www.contentvaultscapital.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
contentvaultscapital.com

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.Installer.Installer (M)
100.00%

The domain www.contentvaultscapital.com has been seen to resolve to the following 10 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 16, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 16, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 16, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 16, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 12, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 12, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 12, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 12, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 12, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 12, 2016

File downloads found at URLs served by www.contentvaultscapital.com.

1 / 68      (Adware)
http://www.contentvaultscapital.com/c?x=iWsy3Y1eoxvZBPTwCbMGrCDAbRka3kHAej281hezC2E=&c=UTsBqIrEyOpHmw4UHFUwiXRnwTEELev8Jy2ms1VXBZGORoiQA 0YQL9W/Dz5W/9rpvkoxsKNxI45YHhIj9sAmfnlfmEXYRyQ80y6v8lPhh7Y5cST3r7aQYreXfIUX7J5&downloadAs=FreeFileViewerSetup.exe&fallback_url=http://www.freefileviewer.com/.../newest.exe  (cd0e00612b527b30522b158b27ac9d49)

1 / 68      (Adware)
http://www.contentvaultscapital.com/c?x=Lgj75SJOKa9HsF5gWiqiG3RG/vNN5/76TDthAkHBjp4=&c=hSinkR2wNusZSvUy0MWN/G1C4hBk4xQX7r57ql1VD4M9peJtQcub8ETwj5qrmuP0Beq4wGaYp8zaJJd/WCBahulPutVJ82mu07iNZ08YOfBNoLcDOHoJIR/KJH7VpyIN&downloadAs=BitZipper2015Setup.exe&fallback_url=http://www.bitzipper.com/.../newest.exe  (icreinstall_bitzipper2015setup.exe)

1 / 68      (Adware)
http://www.contentvaultscapital.com/c?x=zDtlpniWoFTbZyIeXQ43i4AbBaWqVbOlpjF3brbZll0=&c=YDKaGQqElO7zHlXw6vm9Kgg26jCyvluJK0ofIDPepAKRgzA4JrAyz1WQSNlNGcMG 2g4ZUK8D 13 yCAKe/jID2RJ7bd0gLhjWsCdLtlpMipX8ZV4D6Qn86pcoxa/SIi&downloadAs=FreeFileViewerSetup.exe&fallback_url=http://www.freefileviewer.com/.../newest.exe  (cd0e00612b527b30522b158b27ac9d49)

1 / 68      (Adware)
http://www.contentvaultscapital.com/c?x=aqAKzq25A6PWwGW86stYV8YKrxiOhbWSbM4uzfbWRh8=&c=dnSY88L o2q4ps3iwpIUsYwJLOeeMzNlBWY3l0l NlIh1EnMYAVZS2g/6rxdbpHDW6Aj5G2Enin2mSOBGaWXKSucA1MesUclkB 5dao6 paYtBk30xJ2GcqBpWFk9Gk&downloadAs=FreeFileViewerSetup.exe&fallback_url=http://www.freefileviewer.com/.../newest.exe  (cd0e00612b527b30522b158b27ac9d49)

1 / 68      (Adware)
http://www.contentvaultscapital.com/c?x=GUpvUrIxADhFlkk0SAtPLB4h5MYPkTj0MzcgHQ18qDQ=&c=FUuGK4fVN PcI7U/G 78BMc9D5xSt/B1bchtVh6Bs/33YRY5TLTboQCXf9lhLL02DnaTiVqyXTOeln15D84QaBxk9xAOyVrZgxsQS0IrFeyxOI/m1IVss/7TcmAkRIFi&downloadAs=FinalMediaPlayer2014U1Setup.exe&fallback_url=http://www.finalmediaplayer.com/.../newest.exe  (icreinstall_finalmediaplayer2014u1setup.exe)

1 / 68      (Adware)
http://www.contentvaultscapital.com/c?x=4pGsIVZCk5pvzsH8bpwGNNztgT0Owo3O/df6pRZXox4=&c=0w1Jg/OxhwHlA8e7tMK08b1czLn/AJVAkDB6nYEiTpZ4VpbgieSlxb8PgAEyDRTDYHGj5JtJpQPG7NZ78Fsg9ikp35y1nC7tVdUAgOzfr2EafNjAfaq2lRuw0OTv6gGG&downloadAs=BitZipper2015Setup.exe&fallback_url=http://www.bitzipper.com/.../newest.exe  (icreinstall_bitzipper2015setup.exe)

1 / 68      (Adware)
http://www.contentvaultscapital.com/c?x=uVdf9gvw2Eyv8dKJnqyNn327f9ZJQSnFQb PqoHLpn0=&c=ZfQGAZ6hxJixLgJhtaPbbXwq8mfCQujM0OZJgEXFqt uL7BieFpgKoPcmhnOf ddV0TMT8lfWKQJ/kzZEMzqdsdvTkUTOt24DUJc2G203 61 qiuTrfKctY0TMlByDur&downloadAs=FreeFileViewerSetup.exe&fallback_url=http://www.freefileviewer.com/.../newest.exe  (cd0e00612b527b30522b158b27ac9d49)

1 / 68      (Adware)
http://www.contentvaultscapital.com/c?x=uGAXjUTe5xE9cYfBZpDW9yrqG4N3M24Cz9IedOaHlno=&c=LF5B3/Ws6vBl4Ggho14PtkP1OpXk0Mm4TGXsjg1KbJn7cNyp QIRQiD1qzBDMQwN8ksvGDxfGqPIRPxiOr1T MiKHg41XQ3kIqmy/D5Uf6ytllH5FevkfwbU53WgyhET&downloadAs=BitZipper2015Setup.exe&fallback_url=http://www.bitzipper.com/.../newest.exe  (icreinstall_bitzipper2015setup.exe)

0 / 68
http://www.contentvaultscapital.com/WVl6OTRQWEpTVDFWbk9VWlZWVmcwUm5CUFEyOXRKVEpDY1doR2RHOUVSVTVWTVhKS2RucE9NV0ZwTTFjM09EUWxNa0pSSlRORUptTTlaa1U0WTJwU2NuZFlSa050TW5KelZFMTNjbko1VDFjelIzWTJRMFEzVTJGSlFYcG5ja3BVSlRKR1JuazNlVkJUVG5WYU9GbHhTbVpUVFZSV1dHSlBOMnBNUkc5VldrdzJkU1V5UmpSRmFsRTBNVE5tVlZGdVIxSkpjR2haUjJsSmJrNVhUek0xVlhodkpUSkdKVEpHUW5ORlkwY3hRVFZ3ZDJkaFR6TlpTMXBrU0d3eGVHcEJXQ1prYjNkdWJHOWhaRUZ6UFVaeVpXVkdhV3hsVm1sbGQyVnlVMlYwZFhBdVpYaGxKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5CSlRKR0pUSkdkM2QzTG1aeVpXVm1hV3hsZG1sbGQyVnlMbU52YlNVeVJtUnZkMjVzYjJGa2N5VXlSbTVsZDJWemRDNWxlR1U9  (freefileviewersetup.zip)

The following 6 files have been seen to comunicate with www.contentvaultscapital.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.