home

www.universeheadvaults.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
universeheadvaults.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.KORAMGAMESLIMITED.L, PUP.installCore.Purch.Installer (M)
100.00%

Bkav FE
W32.Clod2c5.Trojan
25.00%

K7 AntiVirus
Unwanted-Program
25.00%

Trend Micro House Call
ADW_OPENCANDY
25.00%

ViRobot
Trojan.Win32.A.Zbot.4539792
25.00%

Trend Micro
ADW_OPENCANDY
25.00%

Vba32 AntiVirus
AdWare.Gaba
25.00%

ESET NOD32
Win32/OpenCandy
25.00%

IKARUS anti.virus
not-a-virus:NetTool.Win32.GushUnleashed
25.00%

The domain www.universeheadvaults.com has been seen to resolve to the following 11 IP addresses.

54.200.224.121
ec2-54-200-224-121.us-west-2.compute.amazonaws.com
July 20, 2016

54.148.183.210
ec2-54-148-183-210.us-west-2.compute.amazonaws.com
July 20, 2016

52.41.114.34
ec2-52-41-114-34.us-west-2.compute.amazonaws.com
July 2, 2016

54.149.195.20
ec2-54-149-195-20.us-west-2.compute.amazonaws.com
June 23, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
June 23, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
June 23, 2016

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
June 23, 2016

52.33.46.229
ec2-52-33-46-229.us-west-2.compute.amazonaws.com
June 23, 2016

52.32.12.104
ec2-52-32-12-104.us-west-2.compute.amazonaws.com
June 23, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
June 23, 2016

54.191.246.249
ec2-54-191-246-249.us-west-2.compute.amazonaws.com
June 23, 2016

File downloads found at URLs served by www.universeheadvaults.com.

9 / 68      (PUP)
http://www.universeheadvaults.com/.../flkRjMljFNJ9NgIovOY5WRc3qKqGbpOKL6SDc 0s=&c=mkwRYJkhiier00rhTgmMhW7YOmZ Gbu3KyhRxS2FEvsoPtfZki8cNmlGC0rRcqsyV98R fTForpI3uNrm9n6RPBE6jXNN6VGnJaWsBl2b1k SCI3XVKsHYDaBIy170Qo&downloadAs=TomsInstaller.exe  (5643803_stp.exe)

1 / 68      (PUP)
http://www.universeheadvaults.com/c?x=AxKTwELLxy9o9rKo3sjl1FjlrAQWd5oSARu9oAxbZgM=&c=bxgyFHQglCel/cM1kE7z71BUW/RXg CKsG1GpDUjrn1QUCcWczIL/.../tVRugQQ0SWqU2vzliLoTaUZLKX17ls1STqBUTHyoLJaEjYtxb zH5FCkG4sMUxXh8y&downloadAs=TomsInstaller.exe&_ga=1.169312098.25348501.1465575894  (7dbe6f2efbcb4a5391f8409ad4bfdf06)

1 / 68      (PUP)
http://www.universeheadvaults.com/c?x=dyDtrYcWn7e8 Csit7nLN0qUi6Wc Z BrEwmQdSpepQ=&c=uhjmRPDsqyMBLVS/9i3TBrzwlzpUCZrpVnvlaVYF7WJJE35E7YkTlik9pOAN6YGDgout/.../JGjVEiE6Ai4&downloadAs=TomsInstaller.exe&_ga=1.183990181.283633447.1465559206  (c.exe)

1 / 68      (PUP)
http://www.universeheadvaults.com/c?x=3Wx1ZepXsZBDzmDgInqhhpMuB52H2wBsfJRUXKNh4y4=&c=ZR5hoTfxDLbbA8U/A6ZLSfl5h1kxv/z/dFKyU S 10Ei0IBkDfpqxxHcDrD7BliAOBjBmqnzuoqGa4YsJC3EJcZt XNnjlebyd2Hm43JHRxWe6G2/.../O7&downloadAs=TomsInstaller.exe  (3089b0456ae637fc2a9decdb5e15bc9d)

The following 36 files have been seen to comunicate with www.universeheadvaults.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.33.46.229:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.33.46.229:80
Client.exe

TCP » 54.200.224.121:80
kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.