home

www.universesendcity.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
universesendcity.com

Scanner detections:
Detections  (90% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Vittalia.QUICKIDEAS.Installer (M), PUP.installCore.MICROMAX.Installer (M)
100.00%

Dr.Web
Trojan.DownLoader14.31152
11.11%

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
11.11%

The domain www.universesendcity.com has been seen to resolve to the following 10 IP addresses.

52.36.112.186
ec2-52-36-112-186.us-west-2.compute.amazonaws.com
August 29, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
July 17, 2016

52.41.114.34
ec2-52-41-114-34.us-west-2.compute.amazonaws.com
July 17, 2016

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
July 17, 2016

52.33.46.229
ec2-52-33-46-229.us-west-2.compute.amazonaws.com
July 17, 2016

54.200.224.121
ec2-54-200-224-121.us-west-2.compute.amazonaws.com
July 17, 2016

54.191.246.249
ec2-54-191-246-249.us-west-2.compute.amazonaws.com
July 17, 2016

54.148.183.210
ec2-54-148-183-210.us-west-2.compute.amazonaws.com
July 17, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
July 17, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
July 17, 2016

File downloads found at URLs served by www.universesendcity.com.

1 / 68      (PUP)
http://www.universesendcity.com/c?x=CXM406eHwkJ8UdFrOYGK7Pq1knoGwI6qkLVqUnOokRE=&c=lMNmBigzq86OxxCEgZPfGFzCMoy6YzRSkdj8s37pHAdYym/CdN1X2pccYCnzIsg8zsc1ZPcXEFM3Xii/6s4osGc8bvsXVU XO9ajRRncoEmEBFs FNSD9sY0Yi3C6RJOT5KIEDNjjJ3o1d8k7ioT8pzD8m c2Tt4RIuEvbW6b/Q=&e=1&fallback_url=http://res.mshist.com/.../ClashRoyale.exe  (32a3cce29c36e8442f3dd19ac94d099b)

1 / 68      (PUP)
http://www.universesendcity.com/c?x=mKbRug35cwcI5rwDgy2 yUiF6JfX7ENrZJOMUKUXw8Q=&c=mvhE7NlSsgTd0OtCovwNsF259nvB4RV2XmJgCpw8fGs/CHkzA2WmgiFR8onNakVgcZUTu5EWFfd/lVeTjwWNYh2ss qfTTDkDdFgJx0gAXdQ2ieJL152GDTOYluvYeJq&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe  (e63c0177d0618f722114d775ae959b3d)

1 / 68      (PUP)
http://www.universesendcity.com/c?x=FRX043J/krcKChJzVWJ5wJxs727huxrlk/PIYG2dizc=&c=CqJTN09CQ/mEpk5hCbrMhDH1xiDpGGRit 7Ugrg2Fo2H6joV2lRRZzGJHtUft4gPtxOSGyEoqIDErVBtU13xMnuD88rJA1YUjWZYj6hLQNv2r2CFmVdMcL2Fwp0TZjA0&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe  (50a5a0978e96394ec50c2b8175e0058e)

1 / 68      (PUP)
http://www.universesendcity.com/c?x=YSgdjpiMQwuOs6 DzVTdDNk7jAEJEFBr1bsPAKhTy94=&c=H0wO9hPfodQ0H tQjwlqdEz3skP0oHhqcLOGH28Sgy0rOh4E5SkkkkQZOEokCmyu 4DIEu4YX2vNFiLZkk4FuW6O/553QJ1Ek7Lko b uTR0qlXv7gh0KScKfa/EhGz2 gfSkQsTry0opfbo9yFJIOLFcV0tsdRSYFfnXZRLlVg=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (f2c0907fda37bf63d3d94edf3152b57e)

1 / 68      (PUP)
http://www.universesendcity.com/c?x=hQx8TP67c5onnveaVe/ye2l5OXNuXs1MxtCfJwIZbEQ=&c=BPCDx6w4WWGMWpyLV7P9rQpygV4r9fgtx2x9FlsypNzL47mkQUykNJedkh5oYKolwGcJOzN5d7T28T2qwCGffbSScB9Fdt6pdiL8o/2MHeTd7 V9pWCh/Yh34vmT/WQ&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe  (e63c0177d0618f722114d775ae959b3d)

0 / 68
http://www.universesendcity.com/c?x=GnJgWDLGynyPIujxa3jwQ8W6MgOJ 7vRSD3udGqR49g=&c=CFVVIB2baJR2ouxLxkPmMKMa34Qpcj3UBgZwpkG1FiWDG41lImWBrPlS8QVtpJ2OqjOhQ6czeN3fdjv/iYJhBzqtvboZ7jkAFNi3YEGJkbo8tLQHT0bAHxYQQOda07d/MeKs/vk90rHXQYq3D7mSq0eHXnB33YvhUQVjbDjGafg=&e=1&fallback_url=http://res.mshist.com/.../LeagueofLegends_EUW_Installer_9_15_2014.exe  (36673e2b7c5c77f7b71cbc21a0dd9c5a)

1 / 68      (PUP)
http://www.universesendcity.com/c?x=Bix2eB mo9sD2KrW5xL62rlF6p4VBDH6uSKVEPMFFck=&c=HJGgHAwMjUv4rJvnRUZf0/ll3sy6Mvv 0EUySXYa5JJQLDIXu4OEmPv4S3HjaexwGDNx0B8dfX8FyjR1Yo45KUHsBYCqkuPa6GEDxR9H7Pc6gep1YOeRen64 bZL9Cyvn6VsD FuAZAqAjpkSaAfqQUOCZfUrexiLP50CbXZOqQ=&e=1&fallback_url=http://res.mshist.com/.../LeagueofLegends_EUW_Installer_9_15_2014.exe  (icreinstall_leagueoflegends_euw_installer_9_15_2014.exe)

1 / 68      (PUP)
http://www.universesendcity.com/WVl6OTRQWGhhT0VJd1p6ZFBXbGhXT1V0VUpUSkNNRVZrZWpVbE1rWktaRU5HZDFWQ1VraHlaVTV0WkV4c1ozVjVSMms0SlRORUptTTlNRGxxVkhKNk5sa3pOR3BvTldSRmJEaHVTRXBLYzJsS2IzTlRNMlZwV1ZKbE5IQm1ZME50VDJsSlRESlNjRkI1WWpKRVNucHpRa05CYkVoRVUyOVJXRU42ZWtwVlJsTldkbTlHTmlVeVJtRlllSFJJYURkelJXcDBWWEZMWmxSblIzSWxNa0k0WlNVeVJsaFdSVWR2UWxGemVFaE5ZMDF2VFUwd1YzZzBXa2RJUW5GbFNYaHhSVVphZGtvNVpXWkViekpKY1VzbE1rSlNWMlZsY21jbE0wUWxNMFFtWlQweEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR2NtVnpMbVZ0YVd4dUxtTnZiU1V5Um1OaFkyaGxKVEpHZFhCamFDVXlSbTFwYm1WamNtRm1kQ1V5UmxWd1pHRjBaVU5vWldOclpYSXVaWGhs  (updatechecker.exe)

1 / 68      (PUP)
http://www.universesendcity.com/c?x=/K6vl0H5IAqjy9ogTyTuScqw/xWRH7tu0kvmw03CtHM=&c=yBy6IEwkJFiaWcsjR6hREUVaR7D2c rK/e3tz1j7MTN612/9AQYtGztMRg/bnhc45nmsvRbo1wGkuk3FFvDZ/SU7lyhEII2X3u0YsxIck2jH/6BymPHassUdiEOm2cJc&fallback_url=http://res.ikkni.com/.../ChromeSetup_en.exe  (31107b989fb1432e81b1f0d6c7ba87b8)

1 / 68      (PUP)
http://www.universesendcity.com/c?x=QsrEPBB 03NhsDWu VffZ DlnJism8wmLsI7FrFpSw=&c=638lOAW9dfV/hw6k6 P6zWzRA4ARZFx0R2CPoVqeAglSHCV9lvShbDM5WlH7Rj34J5La287LOBZkue5vm0yEqdSWFzr7iq6U9nwnS6vK/E3AfeZjL/JN8NTOKa8ufBhl9nFmhiDe6PHcZ4PInvN5vrNJEVCTUPfLZv3OEGLBhAk=&e=1&fallback_url=http://res.kchuss.com/.../Photoshop.exe  (f32085cefd7880281c98dfde9c1b2c0d)

3 / 68      (PUP)
http://www.universesendcity.com/c?x=DuQi4ZcvCoJhiIo/OgEmIAZuiuww6C06gp2LurFVve0=&c=L6LzzMPrbPm9BCfwbLR/NMptligjCqB8U3lpVjk/P0 BUDEvYgkRF7DJJICrp13BO4YBAK3vHLBYn7AnyXGy7B14SoVmyaBBpmAKV9v/r46yLszu yY7W75RdvZ/FkMLIKfHBfw7Yw9TgXOV3dDCx3qHrn XMQiWiuNe6KSl3Po=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (36a54462_stp.exe)

The following 36 files have been seen to comunicate with www.universesendcity.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.33.46.229:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.33.46.229:80
Client.exe

TCP » 54.200.224.121:80
kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.