home

www.universevaultmeta.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
universevaultmeta.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.SecureDownload.J, PUP.InstallCore.AC.Installer (M)
100.00%

F-Secure
Gen:Variant.Symmi.37960
14.29%

The domain www.universevaultmeta.com has been seen to resolve to the following 10 IP addresses.

52.36.112.186
ec2-52-36-112-186.us-west-2.compute.amazonaws.com
August 24, 2016

52.33.46.229
ec2-52-33-46-229.us-west-2.compute.amazonaws.com
July 29, 2016

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
July 29, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
July 29, 2016

52.10.159.134
ec2-52-10-159-134.us-west-2.compute.amazonaws.com
July 29, 2016

54.200.224.121
ec2-54-200-224-121.us-west-2.compute.amazonaws.com
July 29, 2016

54.148.183.210
ec2-54-148-183-210.us-west-2.compute.amazonaws.com
July 29, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
July 29, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
July 29, 2016

52.41.114.34
ec2-52-41-114-34.us-west-2.compute.amazonaws.com
July 29, 2016

File downloads found at URLs served by www.universevaultmeta.com.

1 / 68      (Adware)
http://www.universevaultmeta.com/c?x=XSBFdISM0B/QYzoy9z39EmK0BMTGGO/23jIBfm3nWPI=&c=qCWsGF4Ksa9DbYIM7rAMFjqjL7l241Id2tJpU2H7pw6o4Wk40TwOOc/0EeRd23I6AqO 9XJpfX2BFOpd9FJQHQpta7qjuvryHWZYgx9nbe75q7Rlo6/mdLzSBuyXNmsn&downloadAs=IDM625b21kuyhAa.exe&fallback_url=http://.../get.php?file=80e62c8a&m3  (7947cc68b2eab52849c7523f3ee02a58)

2 / 68      (Adware)
http://www.universevaultmeta.com/c?x=pOe8/GKznaXoflujrdCL3jIlvBOHWRIhvRqIv4MrAgY=&c=sDukGuEGufXzM56SuqNRTssrtjQFppK1Ga63y9WDDe1d/yLjqG/jjUJj YOJBDpNSc5NSA Z9bGGQOe/DeQ/oYuNoALHtPR6mkdKcW3Ki82mHCFKmgbcM9YHl116nkAw&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe  (ssdl24151.exe)

1 / 68      (Adware)
http://www.universevaultmeta.com/c?x=/dQZJXNibvW1t7TgK764Ls2v1W5B/54mo1xRMd3K4SY=&c=OhDpxw1UfveFi8 GGJNkbB3i5D3sz2pRVXltNSsDlpighIlWVgchxiDo4s/8 dFwixHJWun/y8jYCOve0K1n/lGpet2c9Pn9/TZ/XmRl16zylqtZDyY lGSY2fJ36sy3&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe  (0543a6b21b3875ea64b90e651d60b0f3)

1 / 68      (Adware)
http://www.universevaultmeta.com/c?x=9WvFoTnH4AWti T8zqeeileEct61JvOqln/xgZ2xflc=&c=1400zCLJwpsOFFbv1GaN56fWAnpMf1x5k4GuSPXjp5Zt0zHItqjUENVvZGROoYkbsR 6eSH/tBEeRFRAawWQ66jYHYASjv4e2Ervec hOYVI1G5OPXwDNwfIT00bgJ3E&downloadAs=GarenaGCA.exe&fallback_url=http://.../get.php?file=ea93a2f2&m3  (57dd2ac333b81556d47c494fe82da63a)

1 / 68      (Adware)
http://www.universevaultmeta.com/c?x=l/rQWJvxydxvLVJtVD2eYovKzSg4BV0D6avGB/ZSmbI=&c=LKhXXxNR59Y36oe7sTzd djjTV0vsargqu4VE3cIuto9qUi Z5NSrBXZ1hhv6e5ymdNrCZbf1pM3doQaWVomjBizhKXk9GEYBmLb6EIN2Js06MbBxTU8yIQgNkwv4k5s&downloadAs=Paul_Da_Prince_-_Up_.exe&fallback_url=http://.../get.php?file=e68371f2&m3  (407a7ddd2cf1855c232817767ce24bf7)

1 / 68      (Adware)
http://www.universevaultmeta.com/c?x=5ARAeuW zbdXwYm quUfNOop4dXL1gka xcxVeWLkxw=&c=N2VHvQAbMFb/l9wjowKmVzLO60kE3hmgJna9d4jSLqNNEj3RhWdJGqjfVdzUpv/mgkYx8Yj3mF3XpBSAUtNWvbzwcVjNsYurFXKnpjn4tSGBul14N Ll5b1c14An5lep&downloadAs=Andra_feat_David_Bis.exe&fallback_url=http://.../get.php?file=9ca833d0&m3  (cbce934c47cd0ed65f297a57110c3550)

1 / 68      (Adware)
http://www.universevaultmeta.com/c?x=FwGNQuwTwrl9pJOqBtvICJtKxalwzUN5VscwRXuXutQ=&c=1ipk1CVjZ16IQp7Kk2mAl1wXYhNXR3jZGtEefYZ5BA3RynAaCYr9w1cKiyVGng9/aSn ad7bWZqE6T0nfkkqRgsM jqLVwWNhqLlaypW3tea3Q tKSSYA2yRaFyVqf7k&downloadAs=1467435015693.exe&fallback_url=http://.../get.php?file=db3f133f&m3  (74e565023c3b43b74b8562eba5fc70fb)

The following 36 files have been seen to comunicate with www.universevaultmeta.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.33.46.229:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.33.46.229:80
Client.exe

TCP » 54.200.224.121:80
kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.