home

www.signstourssign.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
signstourssign.com

Scanner detections:
Detections  (82% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore.DestinyD.Installer (M)
100.00%

The domain www.signstourssign.com has been seen to resolve to the following 15 IP addresses.

54.148.183.210
ec2-54-148-183-210.us-west-2.compute.amazonaws.com
July 25, 2016

52.41.114.34
ec2-52-41-114-34.us-west-2.compute.amazonaws.com
July 25, 2016

52.10.159.134
ec2-52-10-159-134.us-west-2.compute.amazonaws.com
July 25, 2016

54.200.224.121
ec2-54-200-224-121.us-west-2.compute.amazonaws.com
July 25, 2016

52.33.165.25
ec2-52-33-165-25.us-west-2.compute.amazonaws.com
June 22, 2016

52.33.46.229
ec2-52-33-46-229.us-west-2.compute.amazonaws.com
June 22, 2016

54.191.246.249
ec2-54-191-246-249.us-west-2.compute.amazonaws.com
June 22, 2016

54.149.195.20
ec2-54-149-195-20.us-west-2.compute.amazonaws.com
June 22, 2016

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
June 22, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 19, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 19, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
May 19, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
May 19, 2016

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 19, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 19, 2016

File downloads found at URLs served by www.signstourssign.com.

1 / 68      (Adware)
http://www.signstourssign.com/c?x=WoPBRbnidIRgNB8gZeaX OT0SDhr/twN7DaKDhXD4nA=&c=Pn frzz/HOOqBZLHIFfZ9SMtRP5VmO0DpS2/laDUZDvK2UopFe/B6/uIRerYfF15w2xFot25fsLOvlxEo9 WqoIAt9vAOYJlFSz 2o/QpY/VctTt3HGoOIyRRFILa D&downloadAs=hotspot-shield-5.2.3.exe&fallback_url=http://pf.benjaminstrahs.com/s/1460382355/en/8/.../84579-1809514-hotspot-shield.exe  (c.exe)

1 / 68      (Adware)
http://www.signstourssign.com/c?x=QK2wFYfCXWknWwfJo 46XHBvnydLPSs7xX0Km3StvNc=&c=g6MYgZPTBRe3/ulxBQuHjmRPQOyTHYDP9joYX5y1koz pLzaLlL1l1uN Co4 /2CaPoqTeTZjpYPBrWDS7yqIpehNK5KmI88KNJG 5yhrrRyLVyuhqkBzzNM07UPRT85&downloadAs=microsoft-office-professional-2007.exe&fallback_url=http://pf.benjaminstrahs.com/s/1460388011/en/4/.../46039-1800344-microsoft-office-professional-2007.exe  (809c4be792a82eb8415ff10e556d9a80)

1 / 68      (Adware)
http://www.signstourssign.com/c?x=njww23K8amjJUS9VSbRbehthazeWutRjKN9VO4wgjnw=&c=kfvqQVJDHgA6DlXIMreob2gBkyall fYenQDepd0TX/BmQgtZb7FGBsv/ww aYB0fggluqs6vT4pTxvPJr5U3qYz8jJbfsLggJlNLw8u3fvfeFVrZJJPftUhIC sIsga&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../  (e8d8d9fe82e7bd5f66473da3ead21708)

1 / 68      (Adware)
http://www.signstourssign.com/c?x=qE1vzGvbbEQDtzLj3B nCCIBu LXFeTFM8NVClsLA4E=&c=vGJhnF6X25hEmMdLcYzjYFCma8p7fl8j/TshB4fcdLaUEZi9VA2JY/ok99nK3Wqd9rAV R0kvp3dc876djPQX 7zOkpaIAFzSBU ZqyExaSJjE5jjJB0J289jTolJ/Bm&downloadAs=microsoft-office-2010.exe&fallback_url=http://pf.benjaminstrahs.com/s/1460384613/en/8/.../83929-92631-microsoft-office-2010.exe  (dcc3340792394a3ce684d76cd8198866)

1 / 68      (Adware)
http://www.signstourssign.com/c?x=ypGs uRgESIw92CEZrRPYseIY5HIXgk8Lp0buS0KSYA=&c=5vXiSTKFxHL9smHy2FwRZLo03Q0sGaYuFpROqqpGwE06TBkNbgFQjvEgkOucfkDIG13CSQPMg0 GHT1YS68Bc 1kbi/KdZqJXnqWtZy8vg96r46Z19pUzuVe9VBdBjPB&downloadAs=microsoft-office-2010.exe&fallback_url=http://pf.benjaminstrahs.com/s/1460387650/es/8/.../83929-92631-microsoft-office-2010.exe  (c.exe)

1 / 68      (Adware)
http://www.signstourssign.com/c?x=ULh06rZC5beHNZHh37c9URbmgB4W9tYKlCh55ufWBD0=&c=naXOIr2ajm8 fxQLBOHyurJoXzKE4wUm Fo08GeOk0iiKkakoZafRFJR1lmA5Nn5AjajCJcTrVPTI R4As/Vfs4ZyIlm0Ak 7 Bf5jjqSG6pzxZT zdlltJ3LqqEaHp&downloadAs=microsoft-office-2010.exe&fallback_url=http://pf.benjaminstrahs.com/s/1460387394/es/8/.../83929-92631-microsoft-office-2010.exe  (7812f3efd1b721ec66f195e7c0d91263)

1 / 68      (Adware)
http://www.signstourssign.com/c?x=nwNkWlrH2/uJJAj4bbdJFwBbyxU8IP2NdT T3caG5iM=&c=XWkvoEEulxhswNzp0SjX3IKEndj5EMQYvrTjJgK9G89himbh0PIM4vhzjwW85ReAi6uzPSqT0u53Xihw8GcMdtoifpnRpvh14ZkKimtSScEFaM15YFJErJtzkt8qLPQ0&downloadAs=coreldraw-graphics-suite-x5.exe&fallback_url=http://pf.benjaminstrahs.com/s/1460381645/en/.../2/227974-661192-coreldraw-graphics-suite-x5.exe  (c0d3f97ad92bec60520e74a8fefd91c7)

0 / 68
http://www.signstourssign.com/c?x=UOUlFiR009s8P1xaM0hEuBrF2nu TsjdB6ew1oUp6F0=&c=3S162 u243Rf8nBDx1bECC7DruvfJynyyCMFSxbcLW3ctz8ZO9Z9UBSJgqv9IZTXMWyj0RJ3TYQK1mD9nEdGgz6HCWigQKW1kNcmGLtlS9/MWPYZaImqkeK7E/s6oEJX&downloadAs=hotspot-shield-5.2.3.exe&fallback_url=http://pf.benjaminstrahs.com/s/1460380965/en/8/.../84579-1809514-hotspot-shield.exe  (hotspot-shield-5.2.3.zip)

1 / 68      (Adware)
http://www.signstourssign.com/c?x=QCsyRWbKPZsP/gph/1RproFrycNxllsYn4oxFghkYRU=&c=K vQ07gB hBaUOZvx1HldY2XpC3tIIbR//d/2IFUy08iaCrtBFMLavaMfE/ImJrRl cLUK1Eex7tRN8siRunVT003PTOrzu2GdRPGhgmbOngnOPCWQCAWyyvfxINhJgr&downloadAs=driver-avermedia-tvcapture98-bt878-2.4.0.13-whql.exe&fallback_url=http://pf.benjaminstrahs.com/s/1460389377/en/6/.../62447-2644-driver-avermedia-tvcapture98-bt878.zip  (34ced8e598f094bed11ecca70188f584)

1 / 68      (Adware)
http://www.signstourssign.com/c?x=ZnHn6X5LbuU2pUwrnqDbzUdMP1ql2AszvTBpihkshDI=&c=xifLpdbuZjGxhC2PHVb2SJOZ9AfJ9v2Kf/ZsmBZH2Eq290LnD2WTaWfjZ2C8LG0F/RK4wVW0gwBmR7XfgrJvbolhDHLMvGZ W5mtf26qO1PZ0JDKenqiiIJLxd vkFyj&downloadAs=nitro-pdf-professional-10.5.1.17.exe&fallback_url=http://pf.benjaminstrahs.com/s/1460385962/es/8/.../84570-1806714-nitro-pdf-professional.exe  (61f3561c97f101c6c0be65550af6bf72)

0 / 68
http://www.signstourssign.com/c?x=Xq7cnaEny6zqcWJcPm18EUrlP2dAP1XVbXHD06YCp0I=&c=Lpkujp3JpU53oC30DcYX2JiSBJfFSWrFnEo2saAUJ ZPYNNdVsX711fC2YAGnfSLK3OQBQYRTkcx75/QB9uPYj/Nlzsl9gIrRY akHiAXd15oZS7X6pjbnIhQp/6Ygn6&downloadAs=microsoft-office-2010.exe&fallback_url=http://pf.benjaminstrahs.com/s/1460382103/en/8/.../83929-92631-microsoft-office-2010.exe  (microsoft-office-2010.zip)

The following 36 files have been seen to comunicate with www.signstourssign.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.33.46.229:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.33.46.229:80
Client.exe

TCP » 54.200.224.121:80
kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.