home

www.heartflashpresent.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
heartflashpresent.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Vittalia.QUICKIDEAS.Installer (M), PUP.installCore.MICROMAX.Installer (M)
100.00%

The domain www.heartflashpresent.com has been seen to resolve to the following 11 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 15, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 15, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 18, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 18, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 18, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 18, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 18, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 18, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 18, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 18, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 18, 2016

File downloads found at URLs served by www.heartflashpresent.com.

1 / 68      (PUP)
http://www.heartflashpresent.com/c?x=DDjbX2rmnycdRmxWx4ISk8cpnX3R5XuTisRrKAMCR34=&c=7m xM8rEp9uWfxN58gcew06xqTdPGRpJfU8IfeHh89Cwv2GG4LkSHKqlg0YxLHm1zV0O/4eCjZoylnewVFYEaKEE9vOPB6DGGCacNs1PzJlGY3KqtYqQzThr LuxG5w 0bRIunJvFQHBXovqkvwj aoV38I71o0a4mJicBDw0VA=&e=0&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (a84a9469a43348eaf1275c8bac1dc922)

1 / 68      (PUP)
http://www.heartflashpresent.com/c?x=NgIjS5yaxk3pt1zwqkvnptcveWvSrHPlJ2ieWuj1ib0=&c=Wc9e9am02JooE P9flHUeoiRcF/xa6WwHzoBONDSjHrBomJNYr7o4ExiSG bkmsdMekFs7UXTVtzkphc96ZSoPyRY7LTdfiybZzMjtMrpRVE8DmneCQMkep HV8pZ/Q8&fallback_url=http://res.hufftos.com/.../ChromeSetup_fr.exe  (0db8446535f3f7102a122c9f2bd60c27)

1 / 68      (PUP)
http://www.heartflashpresent.com/c?x=iwLlNYPmWOHy0Nl 2vFSmtohmm7RsPpVvIBG6GkhI6s=&c=Wc6/qm9edBKd2N9gclN5LGxwDkOkE8aQIOGeUkTJhO97hyV9BELr4444CmuuWucISKT2JzuaWU9oiR3lnGzuwQelGmoKBC9etOMiZHWJBZugaMkDvGyl9CoMYtkQzdxB&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe  (icreinstall_c.exe)

1 / 68      (PUP)
http://www.heartflashpresent.com/c?x=5c37TPkyse9o otx8Q4ubpgujFq8jelgscWF n2hMkQ=&c=Aq5ozL2VtF/CVd5bTebrXwWJo3KNicDiyKPev5InQZ0x3I18juAN7ZMeghgkZSD9RKCE 4mrucFD06hX1c6EplD2cPKvKEC9anvPy9WB71pzTJj9F/VUIpkzS168zjFH&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (ee4a1464b371a2149a80e7edde4e3e10)

1 / 68      (PUP)
http://www.heartflashpresent.com/c?x=iOAzA2ZiwGLkKEUow0xw39TLtievxsHVgjDf4JWCxrs=&c=4PWYGlQcYbBExaTO6y5mCkhyX8Mm3gkGu/v/ScZV1ci z74Kx7938znkUAFttCsWl8hPAC1CFIrz uiePtxcYMXPdXyOur5AO14LUp MzHrBgAnhkx2 X6DPTfEAUDx1&fallback_url=http://res.prograbay.com/.../PowerPointViewer_fr.exe  (a07d983781eedb5432c2d2b2d703a253)

1 / 68      (PUP)
http://www.heartflashpresent.com/c?x=k0z3vpOSsLpuTFj9pvnKq/ODvOLjIH5erMfBQJCpbgw=&c=6ynbCjPk30Ss1P3lCE526381 5nadpEBhpNEW kjz1Q/6zuAQNPyfAvfh4UNZtNA/2qTaAbiURoYL9hAzcZQPjMYTWjly5NWYFZWLM931DdljoIBRd9e0r9OIat5iloq58cS9BzQm978fpoLSfwPFSzPXP3s3GfldBve2h9Ox2U=&e=0&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (b69bc64090fc2a12b5ea79108912bb58)

1 / 68      (PUP)
http://www.heartflashpresent.com/c?x=8mv4AJaEx0rIh2AhfL8yeXo4PZQ2RxUxbLK16nBg16A=&c=mAaX8fnMhq9i5AtpzQ4A8D8afOmDEHCWtk2T3q24Sq1gP7HlucAD V8tvAbJ mc3GyhEr7weT/ g 27l18bGkrkLPdHqnLz5wAjuzgfSaiPiT6DLtsOh6GwEBvAWx/U1K/fACy/st2GebzajitJv0vrAwWHYmLhZ6Lu5ZzoIskY=&e=0&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (195d23f4b50dccce2e45dbed120463a1)

1 / 68      (PUP)
http://www.heartflashpresent.com/c?x=wvVbFnnSOZbm1GMEb5eBZ5nhpwXXllfT22nUybGFTx8=&c=RbyGY8Tlsem489l6J4Upfc6BZteY6lKe9MXtVrQSxBQWRTO9WFWZwGV6x7LOSU2INfOCJG/rFip1Q/u9B/Sad VeK71WIvq uWXi 3Ih1lXjsWa/xPkS48fFIo50hV1v&downloadAs=0000003917_dl.zip&fallback_url=http://files.gooofull.com/resources/.../0000003917_dl.zip  (0000003917_dl.exe)

1 / 68      (PUP)
http://www.heartflashpresent.com/c?x=SbaL3E8jy1nPJSaBM9HZOuM1QqvIreIvm4oRl3rUMwM=&c=Tb9IdzphNkbB7tucN/ zTitmRIqudPocUPz7RxTRCKd/9eYF8A981avOXvjqdmgCVkt1j upcvVFB3DEefwB/67iN43Nk8F2ut9kyQLe0FqH0TOlkeAG9F Pulaht4ZRDBSo/KYhlRbPhM/Np7Ydl2NbcKYMDkPyEB6w2BNDT00=&e=0&fallback_url=http://res.mshist.com/.../FarmHeroes.exe  (a5ea54abfcef17d93e80cc813e11ec01)

1 / 68      (PUP)
http://www.heartflashpresent.com/WVl6OTRQV0phVFZWQk1HRnBXbTEwVG1zNVNWQm1SakJoZFdNMU9VRmxVV3BaV2xvNWNXRlNjVkZVTjFkWlIxVWxNMFFtWXowNWNWVnJWMUZtVkRSUE1XOTFTbkpzTjJod05raGtVMlZqWmtkQ1V6SXhZalZaZERCdGVUQktjR040VDI1NFRGcGlZVlpxTUVjMFpsRnNVa2N5WmlVeVFqTkZVMHAwTXlVeVFuSmpORVJqV20xc05sUkRUVFpsUkhNM05HRk1UR3h5YTJnMFQwTXpWSE5UVUhrMWVGVklSQ1V5UmpSaFQwTmhSMlo1VjBaTlNWQk9Ua3h6VlZVeVlVdEJNSEJ6YjBoM1ZrNXlOM1ZJYXprbE1rSkRaeVV6UkNVelJDWmxQVEFtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1ptYVd4bGN5NW5iMjl2Wm5Wc2JDNWpiMjBsTWtaeVpYTnZkWEpqWlhNbE1rWmlhVzVoY21sbGN5VXlSZz09  (hp_scanjet_2200c_scanner.exe)

1 / 68      (PUP)
http://www.heartflashpresent.com/WVl6OTRQVVI1YmxWTGVYa2xNa0k1ZW14TGVqbHZibUptV1VvMmJIRktkR1VsTWtaUFoyVlpkazU1YjJZMmQzZFdZVmhuSlRORUptTTlXbU5WT0hsU1ZYUlFWVGxSVDNZd1ozRkZZalZTTXpFMlUwUWxNa0p6SlRKQ0pUSkNlbTFtVm1rM1ZsUWxNa0psWjBwUGJXOUdhR28yTm14WFQwdFFWelp6YW1oU1dISXpaVU4yYUVSM1ZFMUdXR1ZRUXlVeVFrcExVa3hqZG1kc2RFNTFTM3BMUkhZeWRpVXlSbFJYYkVVeFJXRnFOamRUTW5WMVRrTTBTbGh6YVROVFYzb3llVEJGVEVvNVRXOVhWazFhVUVSc1RYWnpXSFV4ZDJSYU5IaEJKVE5FSlRORUptVTlNQ1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6UVNVeVJpVXlSbVpwYkdWekxtZHZiMjltZFd4c0xtTnZiU1V5Um5KbGMyOTFjbU5sY3lVeVJtSnBibUZ5YVdWekpUSkc=  (watch_tv_live.exe)

The following 6 files have been seen to comunicate with www.heartflashpresent.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.