home

www.vaultsgifttour.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
vaultsgifttour.com

Scanner detections:
Detections  (90% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.Huaxinwa.Installer.Meta (M), PUP.InstallCore.ENG (M)
100.00%

ESET NOD32
Win32/InstallCore.AFF.gen potentially unwanted application
77.78%

K7 AntiVirus
Unwanted-Program
11.11%

ESET NOD32
Win32/InstallCore.AFF.gen potentially unwanted (variant)
11.11%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
11.11%

Qihoo 360 Security
HEUR/QVM06.1.0000.Malware.Gen
11.11%

VIPRE Antivirus
Threat.4150696
11.11%

The domain www.vaultsgifttour.com has been seen to resolve to the following 13 IP addresses.

54.200.224.121
ec2-54-200-224-121.us-west-2.compute.amazonaws.com
July 19, 2016

54.148.183.210
ec2-54-148-183-210.us-west-2.compute.amazonaws.com
July 19, 2016

52.41.114.34
ec2-52-41-114-34.us-west-2.compute.amazonaws.com
June 28, 2016

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
June 28, 2016

52.33.46.229
ec2-52-33-46-229.us-west-2.compute.amazonaws.com
June 28, 2016

52.32.12.104
ec2-52-32-12-104.us-west-2.compute.amazonaws.com
June 28, 2016

54.191.246.249
ec2-54-191-246-249.us-west-2.compute.amazonaws.com
June 28, 2016

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 22, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 22, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 22, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 22, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
May 22, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
May 22, 2016

File downloads found at URLs served by www.vaultsgifttour.com.

2 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQVlJRVURkYVltTmpabkp5VDJOV1ZUQlZKVEpHWkZwTVZrUnpSMDlsYnlVeVJteFJhbVZRWjBzMGMzcHhkME5WSlRORUptTTlRbnBWWVdORVJqTk1VMjl1ZGtkdGNVSnNaakppYzNaU2VHTTRUSGhVU0RGTlpGa2xNa0pVYUdGRFRXOVVSMlZoZEhwWlVHdGthVWc0UTFoUWRsWmxSbVJhU1hoMFZtNUhRWGgyT0ZvNVJ6RjVWa2huUmpSMmIzRklkR3BHTWxGRlJUTTBTa0pCSlRKQ1FqZG1OSGhpZDJaVU1WWmllRWhrTWtKSVJVWm5ZV1ZoV1ZwekptUnZkMjVzYjJGa1FYTTlVRzkzWlhKVGIzVnVaRVZrYVhSdmNrWnlaV1V1WlhobEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR2QzZDNMbVp5WldVdGMyOTFibVF0WldScGRHOXlMbU52YlNVeVJtWnBiR1Z6Wkc5M2JteHZZV1FsTWtaUWIzZGxjbE52ZFc1a1JXUnBkRzl5Um5KbFpWOUpVeTVsZUdVPQ==  (powersoundeditorfree.exe)

2 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQV0ZFWVd4emVTVXlRamhrY2t4WlZraElZWG95TVRkcGMzTlplV1pFYzJkeU0wODBZV3h5TjI1VFRHNWpieVV6UkNaalBUZHZiVTVuYVRkbGREQnBSMWxXVmpkYWRreHhSbE5CUm5WVE5qRkVjREowU2s1cFpqZzVOR3RESlRKR1FVaGlOMmhSVUhCMVNtSjVXbVJyUzJ0UVdWTkJlV1ZKVGpGc1FrVmlOR0k1ZEhGc2FXcHplamhxVG1kV1oxaDRlVVZyUkhCSGJtODViVk5hTUdKcmJXazJSalZGSlRKR1FscDBVbVphYzJwbVIxUnVXbVZMYlNaa2IzZHViRzloWkVGelBVWnlaV1ZCVmtsTlVFVkhWMDFXVFZBMFJreFdWbWxrWlc5S2IybHVaWEl1WlhobEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR2QzZDNMbVJ2ZDI1c2IyRmtiMjVwWXk1amIyMGxNa1ptY21WbFlYVmthVzkyYVdSbGIzTnZablF1WTI5dEpUSkdabWxzWlhOa2IzZHViRzloWkNVeVJrWnlaV1ZCVmtsTlVFVkhWMDFXVFZBMFJreFdWbWxrWlc5S2IybHVaWEpmU1ZNdVpYaGw=  (freeavimpegwmvmp4flvvideojoiner.exe)

2 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQV2xKSlRKQ1VFZEtWa3BPTTNGR2JVUlRVbWN5UVVZbE1rSmtlVU14TlNVeVJrRmlPV1ZVZVdvMU5VeHFXR3MzVGswbE0wUW1ZejFsVlRSWVJuUnBXV2N5VUZNMllYTk9WRzVxY0ZjM2RpVXlRbm9sTWtaek1FOW1UV2xvV0ZCTVRrZDJVRWRqTWpGdVZ6QnRlbGxYUzNCMFZrOUJPSEJqYkhSV1owZHlkbG93WTFKemNEVnJjbkJPUVRsc1RYbHVWVnBsUms5eVR5VXlSbFZQWkRreE9ERk9iWGhJWlZSU2EyeHlOV3hTT0VNeVduWlpURVpEV1ZKSVNUUjFSaVprYjNkdWJHOWhaRUZ6UFVaeVpXVlBRMUowYjFkdmNtUXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHZDNkM0xtUnZkMjVzYjJGa2IyNXBZeTVqYjIwbE1rWnZZM0owYjNkdmNtUXVZMjl0SlRKR1ptbHNaWE5rYjNkdWJHOWhaQ1V5UmtaeVpXVlBRMUowYjFkdmNtUmZTVk11WlhobA==  (freeocrtoword.exe)

5 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQVzlLTWxKTFlYZHRNMHd3YVRSdEpUSkNRVlYyU2xaU2REUlZkVloxYmsxR2JGcEtOVkZJTTJSb2VXaFdTU1V6UkNaalBXUkhZbGMzUTJ0SlQwWlNjSEkxTjBWbFIwMXhTMjU2VnpWWmNIaDJiVzFJYzJ0eE5HSlpOWFlsTWtKVmFsRXlaelpUSlRKR1VWQTNjMEZtTnpnelkyTkhibkowVHpKQmIwbFlTSFYwZEcxVE5ISmlKVEpHZVc1NlZEVjBTREpRUW5kWFEwcGljSHBVYVZSaGIzQWxNa1l5UzJOd056Z3hUVkZpWWtRNFNUZFJNRU5pZGswbE1rWnFNaVprYjNkdWJHOWhaRUZ6UFVaeVpXVlRhRzl5ZEdOMWRGSmxiVzkyWlhJdVpYaGxKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5CSlRKR0pUSkdkM2QzTG1SdmQyNXNiMkZrYjI1cFl5NWpiMjBsTWtaemFHOXlkR04xZEhKbGJXOTJaWEl1WTI5dEpUSkdabWxzWlhOa2IzZHViRzloWkNVeVJrWnlaV1ZUYUc5eWRHTjFkRkpsYlc5MlpYSmZTVk11WlhobA==  (freeshortcutremover.exe)

2 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQVEZzZG5wMlFsSXdSVUZrTjA1WWVHUTFjM05ZWkZaRlpEaDRja0ZpVkZsVU5VaG5UbGhaUzFWR1dXY2xNMFFtWXoxc2FEVTFPQ1V5UW1zelVuWnpNMmxoWkV4S1UxRlVUMFI0VFV4d0pUSkNKVEpDU1ZaR05FNWxjRTRsTWtKWFVTVXlSbTFKZFU5WVlraFNVWEZPSlRKR2JtSlZjMEpxYkdaT1dqVjRiemROZW1SdlJ6UkhXVGhZSlRKQ1oySlNZamcyVWxreVVteExkVlpOY0c5Qk5ucFdZbEJIUTJFelNtNXpSV2huY2xrbE1rWjVNM3BEUVhWYU9WVklialZuVXpnbVpHOTNibXh2WVdSQmN6MVFSRVowYjFkdmNtUkdjbVZsTG1WNFpTWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNDVXpRU1V5UmlVeVJuZDNkeTVrYjNkdWJHOWhaRzl1YVdNdVkyOXRKVEpHWm5KbFpTMXdaR1l0ZEc4dGQyOXlaQzV1WlhRbE1rWm1hV3hsYzJSdmQyNXNiMkZrSlRKR1VFUkdkRzlYYjNKa1JuSmxaVjlKVXk1bGVHVT0=  (pdftowordfree.exe)

3 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQVlpVVjNaT2RrbDZiREZoUnpoWVQyRllNREJXSlRKQ1FtWnViWGgxUlc5NFFqWjVTVk5RU1dsSWVIcDJNQ1V6UkNaalBVcDZWWFJWYkVWd1ozZFpTR2R6Y2xkVFRUQWxNa1o2UVRjME1YVWxNa1lsTWtKTFoxVlhOVVYzY0U1eFNVNDRNM2x3TmpadFVETjFPRWw1V0ZCeVJEQWxNa0pSZVRGcWJYTkJRM1ZMYW5aNmVtOWFaVWcyVmxoRVJubElSR2hTTUUxU2RURlhVV3hJV2xSaFluUmxaamxtSlRKR2R6VTNPVU15WTNCVVdtcDVZMkp5UkRGdFZFd3lPU1prYjNkdWJHOWhaRUZ6UFVaeVpXVnRiM0psVTJOaGJuUnZVRVJHTG1WNFpTWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNDVXpRU1V5UmlVeVJuZDNkeTVrYjNkdWJHOWhaRzl1YVdNdVkyOXRKVEpHWm5KbFpXMXZjbVZ6YjJaMExtTnZiU1V5Um1acGJHVnpaRzkzYm14dllXUWxNa1pHY21WbGJXOXlaVk5qWVc1MGIxQkVSbDlKVXk1bGVHVT0=  (freemorescantopdf.exe)

5 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQV1J4VW5GMlZYaDNRVXhzYjNSWVNIUm5hR281Tm5SemFEZG5Xa3hKUWxOeE4zSk1OREJXSlRKR05YcDVWU1V6UkNaalBYQWxNa1oyU1cxak9VSlFNa1JFWkdOMlJtZEZRa0YzY2tnMVIwUlBRbGx5UVdWV00ySk5hWE16T1VsaU5tZzJaVXRwVkZjeWVIRk9ZV3BCYkZRemIxaDJUMGRMUjAwd0pUSkdlVFUwWm5SUGVWVnRjamRqUVdFemEzcFROMWxXYjNJNWRtZFVSa3h0UnpGR1NFNXVVRlZ2ZVNVeVJqVjNNR1JKWkRWMWFIVnFZa1F6V0dsdUptUnZkMjVzYjJGa1FYTTlSbkpsWlZOb2IzSjBZM1YwVW1WdGIzWmxjaTVsZUdVbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0wRWxNa1lsTWtaM2QzY3VaRzkzYm14dllXUnZibWxqTG1OdmJTVXlSbk5vYjNKMFkzVjBjbVZ0YjNabGNpNWpiMjBsTWtabWFXeGxjMlJ2ZDI1c2IyRmtKVEpHUm5KbFpWTm9iM0owWTNWMFVtVnRiM1psY2w5SlV5NWxlR1U9  (freeshortcutremover.exe)

2 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQV1ppVEhKeGNrbFdSMkV3WjFaQ2NuTkxNRGxhWkRWbFVVSjRZWFY0VVU1WGFTVXlRa3czU25CV1pWUnJieVV6UkNaalBXeHFkVUZuYTFSeFRVbHVUbnBTU21sVVJXMHdVVlUzZURGU1FXeHlKVEpHZVdWeFpUVndiVU1sTWtaM1oxUnFjRVJWY0ZGa01IbERjazFzVFRKT1ZuZzJVR2MxV1ZsRFdXTmtSM2R2TVdSR01rVnRaakUzZVhONmF6TkNTVkI1VXlVeVJucDVlVmQ1WldGQ2VIQkROV3RRZHpSeE16Wk5hVEkwWTFGNk1VaElRVE5UU0dZeEptUnZkMjVzYjJGa1FYTTlRV3hzUm5KbFpWTnZkVzVrVW1WamIzSmtaWEl1WlhobEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR2QzZDNMbVJ2ZDI1c2IyRmtiMjVwWXk1amIyMGxNa1poYkd4bWNtVmxkbWxrWlc5amIyNTJaWEowWlhJdVkyOXRKVEpHWm1sc1pYTmtiM2R1Ykc5aFpDVXlSa0ZzYkVaeVpXVlRiM1Z1WkZKbFkyOXlaR1Z5WDBsVExtVjRaUT09  (allfreesoundrecorder.exe)

2 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQV3BQVUdOblFUSm5SMmd5UTNsR1RXZHRaMVE1WkVoRlVYaHBWME5oWlZWbk5pVXlSalJHWlcwMUpUSkdVV2xySlRORUptTTlSbE01YVdGWE56Tk5hRXhPV21waU4za3dRVVppVjFnME4wNHhVRWRFZUdwYVltVjZVak0yUkZKTlpsaFdPVTV1UW1FbE1rWTNhMEZwVEVGeFNGVnFiRTVPYVhKaGRuWXhNVXR3WjJsNmJuWjJjVTQ0UmpaQ2FuVnpVRU01TTJFM1psVkNXSEl4UW5KR1oxZ3lRblV4UjFaQlF6Rk9XRE5MTWxGaFEzaGtWVTFLZWlaa2IzZHViRzloWkVGelBVRmtkbUZ1WTJWa1UyTmhiblJ2VUVSR1JuSmxaUzVsZUdVbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0wRWxNa1lsTWtaM2QzY3VaRzkzYm14dllXUnZibWxqTG1OdmJTVXlSbk5qWVc1MGIzQmtabU52Ym5abGNuUmxjaTVqYjIwbE1rWm1hV3hsYzJSdmQyNXNiMkZrSlRKR1FXUjJZVzVqWldSVFkyRnVkRzlRUkVaR2NtVmxYMGxUTG1WNFpRPT0=  (advancedscantopdffree.exe)

5 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQWGhZYzA5cU5IWTJOa3BFUkROemNrZFhSR1pDU0c5U09XRTBKVEpHTUZCWEpUSkdUalIwZEZKT2JVZFNRelZGSlRORUptTTliVkJxTUc1MVFtNURZMXBJTkVoWlMzUlVTMmQzY2xKaFoxQmxVRzl0UVdWQk1qaEJWa0o0YWpoWlNqbHlaVkp2WjNsRE9VVmFRamRVVWxkUmQyTTFhR3R1ZUhCbVdHc3dZbVp3Y0RZNWRGbEZORk4xWWs1T1lUSnRXWEJOUVVOSldUQmhTRGRuVkZSTVFWcEdXR2xwVldod2IwMW5PVUZ3VDBsMFFsRkZia29tWkc5M2JteHZZV1JCY3oxR2NtVmxVMmh2Y25SamRYUlNaVzF2ZG1WeUxtVjRaU1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6UVNVeVJpVXlSbmQzZHk1a2IzZHViRzloWkc5dWFXTXVZMjl0SlRKR2MyaHZjblJqZFhSeVpXMXZkbVZ5TG1OdmJTVXlSbVpwYkdWelpHOTNibXh2WVdRbE1rWkdjbVZsVTJodmNuUmpkWFJTWlcxdmRtVnlYMGxUTG1WNFpRPT0=  (freeshortcutremover.exe)

1 / 68      (PUP)
http://www.vaultsgifttour.com/WVl6OTRQVEJpYjNkTVprcDBOVmR2ZUc1U1oySnlObE4yV21kd05sRXhkM05oTjFsM1dVY2xNa1kzVW1zelNqQk5aeVV6UkNaalBUaE1jSEJXV0dGTFZGUTFOa2x2T0haRVpYWlRXbUU0Y0doV1dXWkhTVTV2VlRGbVJGVmFlV3BpYkRKQmEySlpUbTFzUzJac1FYTlNlbk14YmlVeVFqUTBXSGhXY0ZVMFpEVmthWEJKSlRKR1dYSldTVzV1TWt0dFZWbFRVQ1V5UWxweVVVWm1Nemx3U25OMWNVaHNaVTU0Y21RbE1rWjRlVWs0ZFhadFZGcFJXVlZMUjAxclZYWW1aRzkzYm14dllXUkJjejFOZFhOcFkwVmthWFJ2Y2taeVpXVXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHZDNkM0xtUnZkMjVzYjJGa2IyNXBZeTVqYjIwbE1rWnRkWE5wWXkxbFpHbDBiM0l1Ym1WMEpUSkdabWxzWlhOa2IzZHViRzloWkNVeVJrMTFjMmxqUldScGRHOXlSbkpsWlY5SlV5NWxlR1U9  (musiceditorfree.exe)

0 / 68
http://www.vaultsgifttour.com/WVl6OTRQVzlrVEVGc0pUSkdTMEZGYWlVeVJrOVhZWHAxVm01aVpFRmxWalZ5VEVoc1dHMVhTaVV5UW5SWFRuaHlZME4xYm1jbE0wUW1ZejF3ZVc5V1JrWnBkVXh2VkdzeVFXTldTbkVsTWtaeVdFUjJKVEpHY2tGQk1XMWFTV3BTZFhsWlZ6TjBZMnhrYTFKNU1rSWxNa1pZVDNsTE5XTkVPRU5qU1VWRlRFSmFiRWtsTWtKQlRGaFlOVmh3VHlVeVFsaDRkV1I2U21od1VHSkVkRk5rZURWNWEydFVOVXBzWmpkb05FbGtURzFuZW5odFYyTmFiVkZzWW1KSlFrUjFRWFV3U2xRbVpHOTNibXh2WVdSQmN6MUdjbVZsYlc5eVpWTmpZVzUwYjFCRVJpNWxlR1VtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1ozZDNjdVpHOTNibXh2WVdSdmJtbGpMbU52YlNVeVJtWnlaV1Z0YjNKbGMyOW1kQzVqYjIwbE1rWm1hV3hsYzJSdmQyNXNiMkZrSlRKR1JuSmxaVzF2Y21WVFkyRnVkRzlRUkVaZlNWTXVaWGhs  (freemorescantopdf.exe)

The following 36 files have been seen to comunicate with www.vaultsgifttour.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.33.46.229:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.33.46.229:80
Client.exe

TCP » 54.200.224.121:80
kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.