» www.laboratoryvaultsfun.com
Overview
Analysis
IPs Addresses (13)
Downloads (12)
Network (32)

www.laboratoryvaultsfun.com

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

laboratoryvaultsfun.com

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Vittalia.QUICKIDEAS.Installer (M), PUP.installCore.MICROMAX.Installer (M)

100.00%

Dr.Web

Trojan.DownLoader14.31152

10.00%

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

10.00%

The domain www.laboratoryvaultsfun.com has been seen to resolve to the following 13 IP addresses.

ec2-52-36-112-186.us-west-2.compute.amazonaws.com

August 23, 2016

ec2-54-200-224-121.us-west-2.compute.amazonaws.com

August 23, 2016

ec2-54-148-183-210.us-west-2.compute.amazonaws.com

August 23, 2016

ec2-52-41-114-34.us-west-2.compute.amazonaws.com

August 23, 2016

ec2-52-38-209-219.us-west-2.compute.amazonaws.com

June 5, 2016

ec2-52-33-165-25.us-west-2.compute.amazonaws.com

June 5, 2016

ec2-52-32-12-104.us-west-2.compute.amazonaws.com

June 5, 2016

ec2-54-148-57-212.us-west-2.compute.amazonaws.com

May 24, 2016

ec2-54-69-198-37.us-west-2.compute.amazonaws.com

May 24, 2016

ec2-54-69-11-66.us-west-2.compute.amazonaws.com

May 24, 2016

ec2-52-88-159-85.us-west-2.compute.amazonaws.com

May 24, 2016

ec2-52-25-41-73.us-west-2.compute.amazonaws.com

May 24, 2016

ec2-52-24-26-116.us-west-2.compute.amazonaws.com

May 24, 2016

File downloads found at URLs served by www.laboratoryvaultsfun.com.

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=oQLXB2LF0GVr3iTJTBewDEkISr1fgl1O/aHY0tFRsZA=&c=DWgVaKqFBvoPT2e5dmP8eMbZDkW5nrTzhBy oLMEPyf76A9lRHih5rI7Z4Ez1cSj0OVKlPQ4kXbYRymnl6hbMc/b6dIjv8n58ujx8uR3xtm36P4dkmaDb6 wJfldAsGE42R3/BeLOGxfaejZ4yQNJLiIEahmoNGvp9/pXFI PTZgG8/K5NJVDtBSm 2Cv/l/&e=1&fallback_url=http://res.hufftos.com/.../install_flashplayer11x32_mssd_aih_other.exe (5c69ba91e41ccac9ca29a6a7ae087153)

3 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=55YBLq1BMMyCuC0VCKb3HqW/JJVvZ5nk6d6ApXkM10E=&c=FYG8UWW1iaqO7dLnHWrmoXvzIV7Q9EYOs3FnbrKQMxFQ/IY h7XPeT3TllDmlinqqHNS1x6WvWXfrf9TokHUOBzahBVrxbx318fr2KdZ4PAdhdhClfK1BK4QPVG2PkM8nbnAOLD4fL5MGOjo5rQIbjv/ZwKVbKK5wpDwbEwizoA=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (36a54462_stp.exe)

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=nnqGaGnP9P9PQJXMunSmhV1yrKzVvDYNON OTsA60PQ=&c=eZxoQcB1k7SDzC07aCzxpddDdgt0ZFkHbeSc63uhdOAN08eJC9g96aCzpyWtReEbx2M3JPe0jBiZiY8a2AlZLUfHF6L0zyFp21ksizm0COObznhJVCJcjVoD/i 2RU2gCsMxWlYmTcpW6SMAyT3aBmQiEVFeCHgzfXgx2gn/seg=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (247c17bc6c58484a997a0555e4b042ad)

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=rtZkkLveTYIC/vlFEopdNCOUQBkCdPSPLtMtNl1pHJA=&c=hQKcXAINHp 8eGMh99oiocrgNm6j2P8u0Z3jEFbXPIfIKfl66cKjfN08vGYFl2j3rZRKOosbk/WGPZpIyOaX68kJy28oM6jGwSkCUCNpcuc8cWph4iHrKShtMyFm24Cr&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (8a70d41180de71ac54f42d6b9d074de5)

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=SBaM knpXYvRTHIjV8OQCmHfukmh9cGINsB4WYG45oI=&c=j4TVVQDGFWv3VrbPbHf88VtgBrElxtMKwrNqfHvTy98A3rpKMsh3AkLJJbZfIwG7ec8xE17Gdt9H17hrpoLMvMUcQhBPEw DU6mk8o/cvLjDaPR/YbibrLe6xXM2NE/x&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (1408bbe0f2a8e5ecaed7b899fef7dc44)

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=mKlk3kAW WxutcmgVvRdpndrJFb3v6/Rr9pMokfNFUI=&c=q6L7eoJGu3RfmkzJmaLWeUlcFvVzzLXO25PN4/3hiuN00x3IDIoyfXV2FVnrJWblxmltZlAnUw0NyQfCK dkuvKWWpHkmCbi/MsAmNTLwdrfpwXllKC72TvTytdX02DR1XedJ45Eqfu18iECQUJAwhAu5NxTCmBhDoenH5TJQKU=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (f2c0907fda37bf63d3d94edf3152b57e)

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=NhHr3L1zvUEnmb8IOjKk3d7L9foinFQiXVgEbk4xvhc=&c=lFHSpRcs6krpwzowRYYHUOap/9Ke2u7FDQZKbnUcyPYzDdoKYk80SGO50N2EojqzgGyFH8GOO66vos IDH E3AI2/HoxJObR5JT2/dg1tTlWUSF7NujEO tuweJRhqyg&fallback_url=http://res.hufftos.com/.../install_flashplayer11x32_mssd_aih_other.exe (77f34c4b0987ae34c896cd9e13c267c8)

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=04ypIayKVAcV88PUboqtNFowv7mxb9NFNFuehiFqi0Y=&c=STMgrAqvT98bRlzY/ShG2MBojoiPLDwTjIvNoDP1M4vB80F5Sq0gO1ufk7f5sesw 2ozZmH0eoruWGtXaKxgJ8IiMvRcm2H3x ow2oIkUMabQZp5dNwnF4mbXGRbJZv6&downloadAs=skype.exe&fallback_url=http://res.kchuss.com/.../SkypeSetupFull.msi (9c93b18dc09215098a8e27f6a0e875f2)

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=UNoMrSZKvr4iMNRsiMKLfjdXJjuiheGGCBBQq7QdTug=&c=PdVsUJsRUYMdPpWs5P3IPnC6Z01tdGIiUcIAyH1xFMxEHj3GeP3/uVAam6rrXoYRBAuXyiNIBiTtkyebsYk5t3Q3ZyJiL1qYj/S4c06H gbD kirTGGrgW7A1jmT1DqAKipv/qb7hkLhMd0o9xe/fEd/Y3Hx/Ndm6R5SbHNFmCI=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (f2c0907fda37bf63d3d94edf3152b57e)

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=2nZp6kILWXawo8Uc3bEN1 juP qj0HbeMXnq2izpbG8=&c=8iX90vw5auDkkVTqrr0fmBtolCG7cjjzBdloBTiR4 3FVzfigodQ6zUFWiOLc EPasp/dLZVAZHlNQXJ8bN9GHsPimX 18tf WMr3BI3DKobVal/VXSWqiATCjGCG4b7&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (8a70d41180de71ac54f42d6b9d074de5)

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=m0FsOtQ0rhVD9fzdGWiBCjfCbNLCDDrC tMEgLZr9J0=&c=ScjEdZ1Cw2idtgqetad0zt0SnPL42TidJk5sFthsTJUZtUFPqNpIjX0cqb9Hz0 7S7YhjII4GQ3hoV15xW0L2jLa4eeKrw2fR ZYUW88qs8z9GiVHNvvYaVhLTV8S5Nh&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (14a17c480fae135b48c5febdc6cc5517)

1 / 68 (PUP)

http://www.laboratoryvaultsfun.com/c?x=4wtwqG i3PdhmK8zQHYt2aPG2u kFxgtQEN5VHxGWEQ=&c=Wx1NUXmn4UQD9B2ERxJoKyISMgNvhGV33A/OAt1N0CWSzo/KIDgQuNekDoawSmRRxTJ0qa3sVn/o6x981/sBly9wvf6oy0WdfFuMXeFCLoYG7z3uDs/v Bv0wZ7SV0jZGcNM7BAoc5koOhu1rI7Sq0vM9S/VGGAZsScOquWBo68=&e=1&fallback_url=http://res.mshist.com/.../ClashOfClans.exe (bd46afb964d0886dd2bfc1dadacf93c7)

The following 32 files have been seen to comunicate with www.laboratoryvaultsfun.com in live environments.

TCP » 52.38.209.219:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.38.209.219:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80

browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80

browser.exe (Browser)

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80

kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80

browser.exe (Browser)

TCP » 54.200.224.121:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80

ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80

browser.exe (Browser)

TCP » 54.200.224.121:80

kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.38.209.219:80

3.9.0.128_20140916045038.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80

TCP » 54.200.224.121:80

client.exe (ClientWrapper)

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

TCP » 52.38.209.219:80

Latest 20 of 68 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.