home

www.vaultdownloadssign.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
vaultdownloadssign.com

Scanner detections:
Detections  (58% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.Installer.Installer (M), PUP.InstallCore.FC.Installer (M)
100.00%

The domain www.vaultdownloadssign.com has been seen to resolve to the following 11 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 12, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 12, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 18, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 18, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 18, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 18, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 18, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 18, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 18, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 18, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 18, 2016

File downloads found at URLs served by www.vaultdownloadssign.com.

0 / 68
http://www.vaultdownloadssign.com/c?x=pj/ic8BDz8Pon3ozFEx0qbLzmFLcFLJirNJXByOTlb0=&c=ehX9PMKb7D31MRFrslhadZp1rbB7urJD5omz3cp/JYqVTuesfttQik9fo2UF3hTUsJXjXqMCMOdbwH3e9YTzsVbYfzaJJ8tQq/4B5PUXcdey/b6Oqpv0IXUUEOQShS/c&downloadAs=Epson-Multifuncional-Stylus-CX5600-Driver_65.exe&fallback_url=http://files.ultradownloads.com.br/.../81207-Epson_Multifuncional_Stylus_CX5600_Driver-6_5-32-bit.exe  (epson-multifuncional-stylus-cx5600-driver_65.zip)

0 / 68
http://www.vaultdownloadssign.com/c?x=K2DE8wgkq2EyYZkApin75R83urRqjQ4wNL6vxC0jQG8=&c=p7TquvJCAgbae/K 3fuzREHfOszl0ikdBXYdAJUGLOisnIH8Do JAbbY rS1eWWHcYu7QNXv3MerC2bBcUJCq6cgphAQ3Ljc/OZ7Z02rqhPbkieY8m/HTW7BmtIOoU0V&downloadAs=Recibo-Gratis_13.exe&fallback_url=http://www.masterfinanceiro.com.br/.../recibogratis.exe  (recibo-gratis_13.zip)

1 / 68      (Adware)
http://www.vaultdownloadssign.com/c?x=mcwfgbY31TqPqSfppja4k9isos6E711tWEYBkWjSwgw=&c=d3pH27tJJDk6vOKoVsmAQPv/kLrF39Hk9kDmsMqkbps86mAw yzf5kkts7O4OJOyBS6rO7q2/bStMe82JdQlvAg8wdz0OwfNH/jSorkEG9l VIeA9T3rJjTFjVSkztcq&downloadAs=Championship-Manager_6.exe&fallback_url=http://files.ultradownloads.com.br/.../81932-Championship-Manager-6.exe  (c.exe)

0 / 68
http://www.vaultdownloadssign.com/c?x=wW twbwu3HlpcnEtNKSDiWIMVDTDWGsCoO/tsj6r1M0=&c=poaRGX3C O9AXc6dQin3IUYCcZyzTO4dVpUruNkZL64L7Plx95DNO/kEl4N4JlxTPByPWuVGCx1qYVisQon LS9l/FX604ibEkrIzU/welvO6BevfVp0ZIhWsgIZ1RiG&downloadAs=Caixa-Free_11.zip&fallback_url=http://.../CaixaFree.zip  (3c8354613ee157ddd3584a8497cd6611)

1 / 68      (Adware)
http://www.vaultdownloadssign.com/c?x=UzSlHUBCjTgNViZlCjTkOig5f9Sx9ZY5qOvTE9iXYy0=&c=S5Mrsej9EOwyhmJQPYfRgkMt6XWcznXiLtBofqmoAvcvYflifnZOD8 xMUklWoi WnYWyn/AAdMlJ85znf9d8dvyQyQDwcT6rRvYRQHVKgHHQgFh0weYSllL9a7Jheth&downloadAs=Realtek-Ethernet-PCI-Express-LAN-Drivers.zip&fallback_url=http://files.ultradownloads.com.br/.../266641-RealtekEthernetPCIexpressLAN_XP.zip  (icreinstall_icreinstall_setup.exe)

1 / 68      (Adware)
http://www.vaultdownloadssign.com/c?x=rDF8Lpjs4leJuCocGKrEscPE5sdRfzmbGO93ZevpRao=&c=dSPtF/U6n3hfNwXywScPP6R69LID0BqCycwzXKrwT8FL8mKnSHqdut4iQRXO3KH2ibllRaE6bvP5Z4vBJQxI2i4Vze3yJZgc3fxYQnrcslvudKKmQ0qEZU 3SgcogFp3&downloadAs=Acer-Crystal-Eye-Webcam-Driver_1810.zip&fallback_url=http://files.ultradownloads.com.br/.../247112-Acer-Crystal-Eye.zip  (acer-crystal-eye-webcam-driver_1810.exe)

1 / 68      (Adware)
http://www.vaultdownloadssign.com/c?x=rdWjKMkJZi wzxtGOIc0EyZoi7E7tWYOv /ktChvn0g=&c=IlEA qBvxSNakDZhndbNkMb6HphlzQvovv72CIyTaUFYq9k8KXiT/e8wxhN1kO8 fE6ARCSGFyDLu/Yr5Dpr3GIlb5mq0avKJ6PyKr0Ayko0eytLML4JBgf5Ru6UzFEL&downloadAs=PCI-SoftV92-Modem_733051.zip&fallback_url=http://files.ultradownloads.com.br/.../89733-PCI_SoftV92_Modem-7_33_0_51-32-bit.zip  (pci-softv92-modem_733051.exe)

0 / 68
http://www.vaultdownloadssign.com/c?x=TR3pDGPVQlSSsrojGzs6PDxOIitPpv5dI fGYHyM9zw=&c=3Oonl1Za2megNRARvnBLB17m8wvL3egBkxGrS5whojiGssJG1bzRFFqBG48zAXQh6XHcacIZl DOgXLoPp4uRGIKTHq5wz9cnL/hq39pF4ezlyfxTMDjkAsdGg4XM7xF&downloadAs=Raffle-Ticket_3.exe&fallback_url=http://raffleticketsoftware.com/.../RaffleTicketSetup30.exe  (raffle-ticket_3.zip)

1 / 68      (Adware)
http://www.vaultdownloadssign.com/c?x=gLWfWj0hqI3Dvq4wlFPn/1C44a5EIaOR/cB1xvFNL3Y=&c=ID0eH5wY09GbJ VWhqUiKxl/fzSfUBK2jqy0AqVfljFClnjGGMIaWptCK/64be730 b9ou/S3XW X5XnsqNZE4MWS2b00Ud3o72NZLVy8 gPG8Twjn3syI0cI0RU0vNf&downloadAs=Ares-Music_331.exe&fallback_url=http://files.ultradownloads.com.br/.../98972-Ares-music-3_31.exe  (66dd2521aae3b8bce2980f292adaf849)

1 / 68      (Adware)
http://www.vaultdownloadssign.com/c?x=7p4YDrqojz26JwbggsaJA90ya/vpKsvMHOLw6hMF0es=&c=ZPr16nHHTCozwvFZytJnSmLRWleWXLOwOGkR7vzv aypwvTzaBy7fo/hXvSLRshP1A2e9Q s1D1bdovzsa3HDEs1/w0j0p61Vm6w mCx9ZXiV304HFyuPv7pnrkAB9oy&downloadAs=HP-DeskJet-F4180.exe&fallback_url=http://ftp.hp.com/pub/softlib/software10/COL18547/.../DJ_AIO_NonNetwork_PTB_NB.exe  (6465a161b536b80954198c5e42f07111)

1 / 68      (Adware)
http://www.vaultdownloadssign.com/c?x=8HOMCbYEMArIkSGknYpIbg2bNHAste7qlnnrYTtmAf0=&c=SkqbMRrHhTREtv6t0rmygBQtH6/HqyWR3PVjr6NvCV/44GslPLOQ WBX9gHUIwYE9RC8IFcyTlPS/kLy9dh8XJ1TLFpXonpxQKtMVZmCcpxKHrDA7rxE9xdNhe7T5KW8&downloadAs=FSD-Formulario-de-Seguro-Desemprego_2000.exe&fallback_url=http://www.jbset.com/.../fsd.exe  (4e4460ba0f93e57fc5e6ba7f26fceec6)

0 / 68
http://www.vaultdownloadssign.com/c?x=xIpwIl /rSqGURN9JPcUC2xNlXyW8i71bVaJ Ak0wrc=&c=USPMfKPqJj2tlhnaWtD5P7uXOW6hsyfscnZbhEkeWGGwfqJ2D4xvEuC47i1ZSly2yjkQMJZJ2fFVAJrEDFVS607jWf9ul/LigVQ9BDx7UTQ4FkL966NQmGFFX863Quec&downloadAs=HP-DeskJet-840C-Driver.exe&fallback_url=http://files.ultradownloads.com.br/.../81179-HP-DeskJet-840-ptb.exe  (hp-deskjet-840c-driver.zip)

The following 6 files have been seen to comunicate with www.vaultdownloadssign.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.