home

www.flashtoursvaults.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
flashtoursvaults.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore.MICROMAX.Installer (M)
100.00%

The domain www.flashtoursvaults.com has been seen to resolve to the following 6 IP addresses.

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
May 18, 2016

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 18, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 18, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 18, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 18, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
May 18, 2016

File downloads found at URLs served by www.flashtoursvaults.com.

1 / 68      (PUP)
http://www.flashtoursvaults.com/c?x=WNAlOHgI0Ki5i7AP07k5DtQEW58IAkm4kLLebWu7acw=&c=EvtpbZ8WlwiGXHWchjTF9W9yHB P4UZsZy86Etfq96FDSnVNqYp1m8ZBoKugTXyGEDZWcoQXE9Xy 6BTq429Kw70yQ03G0JgxfKiMpSMJGY9SpK3wc5gaGFchz8SP9bJomd4tP 1MylG9KoDDpEj71U4uDGnYdgoH/bZUhn 0rk=&e=1&fallback_url=http://res.mshist.com/.../ClashOfClans.exe  (05fa10a7d091e8fe142342fae3381c0d)

1 / 68      (PUP)
http://www.flashtoursvaults.com/c?x=aja3Gbe1KxIfsF8QrYwGFFAyKG3X AeRZgRe ieqYa4=&c=xdjh36a9SpOAF2oD67T6kfiZI0ZriATy7YiuFgiQPG05Npbl7cD6kBC1dqTLIT2eWaixvugqTPPWNONd3o1PiBoR1OQfrJhsesa9AZv8H/9MH2c3WHxTwtvTw4kyktrS&fallback_url=http://res.mshist.com/.../LeagueofLegends_EUW_Installer_9_15_2014.exe  (e594585b177a109eff88c8805ed866b1)

1 / 68      (PUP)
http://www.flashtoursvaults.com/c?x=YT67XydY5dWcYHjML/c9FyojtHbei1Ujm2q4EoizvVU=&c=bEIfEmRID6AqR6LzJudxc3oDcAsOn3kon OtlbfODvffjceSh7KCg3JgAsGZDAucmrBF3 jhyvZ7bhBRYkbu r/Zwq6XIO5n2nxx2MEP3a4Wmd1G0rDEokkIqe W5k9Q&fallback_url=http://res.mshist.com/.../Snapchat.exe  (8debfe4b0a165a08d38a53ee5d9063ac)

1 / 68      (PUP)
http://www.flashtoursvaults.com/c?x=6ux0j9W4gSwmHJSJoRwp4cc0s0YGmHVD3r7IzkYCBrc=&c=TRJwAoflFHMIfYqVPrKU6ugfS3FrbgRivUwA40jz/ZuTA21ybkLKWkPeTosuR08x1YURfz50v2NCwpHohatyIEOlxHrusNJG8r bkhNFeXDN/TrWB8VebyRA5hdSrLTH&fallback_url=http://res.hufftos.com/.../audacity-win-2.0.2.exe  (2f07c313f99310dedaeeca1d22550805)

1 / 68      (PUP)
http://www.flashtoursvaults.com/c?x=4950LH/YJ/eYb5czFFkmT0a H7GMI0Ondbwg07A3eWA=&c=iiUxETWCJJpU2coWtNdjQ1qU29w5KVLdArdP5LWjMQThLJ4y 6h4J9q6AnFTEF17m5iGt4zv/dLzhQIxekXHjqNTxO9y8mNvvAbEviHwd95tbJx6Oe0QOb0mXMdEFiCC&fallback_url=http://res.hufftos.com/.../ChromeSetup_fr.exe  (c3e15e71a3f7bbd2f30b0d3b348bde02)

1 / 68      (PUP)
http://www.flashtoursvaults.com/c?x=5AcV8FRPXURPwp1TB9wbMNnxiCuidNpjahGqtzAyXuc=&c=WV2G1W7qFMIST50ZDkIlX9ySccQRRBqzyYTYcvOj8V87HSdlSa4V2JuGipIjHCMHKAy3Yt76Tcfrol Lkr9FLagCPFLMEhLIv3VYa/GLrTiZswWzjFjjwX/qXlagbrnJ&fallback_url=http://res.mshist.com/.../ClashRoyale.exe  (eb6282c8796b1da23018c16d52dd11b2)

1 / 68      (PUP)
http://www.flashtoursvaults.com/c?x=biZp0jlLhjfzuTPs69xargznZNHjz0hlr/fmZCRa86A=&c=w Mx8VkZ/2f41lvZtFEeuOSSAOw2VvmfAkAGZE0wwxPW8RgZjZ38Xlv/iHPZCxUDy8aSvCvcaIa6tZnAoGM1RKuzGGIYhutyJ5 UE4meHJRCJUKmPqJUjGuIG7dLfZY3&fallback_url=http://res.mshist.com/.../LeagueofLegends_EUW_Installer_9_15_2014.exe  (e594585b177a109eff88c8805ed866b1)

1 / 68      (PUP)
http://www.flashtoursvaults.com/c?x=pZ41YnZd1AL ut OcnCy5Prp2ridk esAzAfmveRzlo=&c=tnl4XnsH7tDvUnb8trDZ OwUS1BpIs4EIEdVzVoFPRKcAhS8Ed5qqbHHAyt8FX9BOik4vO5D/WJKYHX4ztCDmlxccHdJML1JnzrVtqmm8M 6xlEDHc2bsB3gULC9a2q5Z8jduOj11blrwDoC9SCipUH0pjeT3e1RRSS1CwfmAp0=&e=1&fallback_url=http://res.hufftos.com/.../AdBlockPro.exe  (5ebfe2dc6372a0f15bf2926da311f5db)

1 / 68      (PUP)
http://www.flashtoursvaults.com/c?x=49CUOAwb82Ig0SSqP18X3CnQt olOv7ZT66bn6Of4co=&c=CFRuajWZNF YJdgj7ZdD/t0leSujz1zi/SNA3C BcOEAvUPcWjCsU8ikHjvfQVPLKAQgW1rUOL bwKePysHp2Li6QTQ8SCVbUjQAABxmKruTKWBt/nVGxdxOJoIP5LGY&fallback_url=http://res.hufftos.com/.../ChromeSetup_fr.exe  (c1f0c6bc418bafd76741e6b7561ca75c)

The following 6 files have been seen to comunicate with www.flashtoursvaults.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.