home

www.appsendtours.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
appsendtours.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
100.00%

The domain www.appsendtours.com has been seen to resolve to the following 10 IP addresses.

52.36.112.186
ec2-52-36-112-186.us-west-2.compute.amazonaws.com
August 23, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
July 31, 2016

54.148.183.210
ec2-54-148-183-210.us-west-2.compute.amazonaws.com
July 30, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
July 30, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
July 30, 2016

52.41.114.34
ec2-52-41-114-34.us-west-2.compute.amazonaws.com
July 30, 2016

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
July 30, 2016

52.33.46.229
ec2-52-33-46-229.us-west-2.compute.amazonaws.com
July 30, 2016

52.10.159.134
ec2-52-10-159-134.us-west-2.compute.amazonaws.com
July 30, 2016

54.200.224.121
ec2-54-200-224-121.us-west-2.compute.amazonaws.com
July 30, 2016

File downloads found at URLs served by www.appsendtours.com.

1 / 68      (Adware)
http://www.appsendtours.com/c?x=UFUvCCJmhPpJqJsR06oINSdJOLkXPXZ4wRp/csLagok=&c=YR4eEUSehzGOoUoFvuA19SlBbme7GM2U0S4Z82NBC2QcOHKPyDGGRlDQ0b92n2sZUowYrEtjj0Q8xbnmeUVJj2e5oRmuv33TooR3Ac8Dxdi9z39aw0Q0SRy9nu0/UYUE&downloadAs=VLC-Media-Player.exe&fallback_url=https://download.videolan.org/pub/videolan/vlc/2.2.1/.../vlc-2.2.1-win32.exe  (b6d666dc686f3eeaa4948c95d28c41a6)

1 / 68      (Adware)
http://www.appsendtours.com/c?x=ahKYW XnhdQyRb1u88TcJpUer6X/CYIYut16 zy6qWg=&c=I47HorEyWMLOa8PqLvqph0apGiFxpARrk5oj8ItvL6xqUt0na Qc9mV6ftvNIhWbxLk 8cf2fLF22ID8ju9e6jhGa2a5/cZdYYNyNMrIK9fYyRSkSPtoelpR1d00s7av&downloadAs=GBoTV.exe&fallback_url=http://.../get.php?file=96f4dcc5&m3  (b24fa13b1716dc110375ca3bce0efaab)

1 / 68      (Adware)
http://www.appsendtours.com/c?x=8iIX8WicmuEUdogBAZ51Op70yxKCq78Xpps06OJYAYY=&c=jhAo/vv tmStzpj77SliffMX1u1eO4DwN1q1G2IZ uJLmXeL5CaANvzX8dSjhtsmznocTN7IwjiLCjSEw5lK/r6FqRYkHTGKpEKKKcwgFOOaWwE/DVsjl8DjAAet7ejn&downloadAs=BS2013-v111C-appzzan.exe&fallback_url=http://.../get.php?file=7be5ec9e&m3  (612092d8f971dd210d886e7109e096bc)

1 / 68      (Adware)
http://www.appsendtours.com/c?x=6o2JGhctjmX9jVOOP/pYPHwEydr51XJiTgdqTQkQhLI=&c=06Tmk5yr2ElOJrwaqj9/2CFouCDM7bz9HKVXNHtHm2mZkAdXxbHVz8nwuKR4GmaJYQv6pOOJHeMvNiciwaYgj/bPXrjM0gwp iGnmdPo9sOAA7cgCtFUJyPJY5clNcT0&downloadAs=3_HorseMen_-_90.exe&fallback_url=http://.../get.php?file=900b97a5&m3  (3c32c0c451166a00591f588e78ddfcbf)

1 / 68      (Adware)
http://www.appsendtours.com/c?x=vIFvt02DoUy5HiuHalljdcntHfBTNAassjKGSh6fEr8=&c=FrbpoWFJoDOTh Et6Nt2irBr8B1mfw4L24oeFTqdzitF0Rxd2WNgEPo5KUAukB NGAVOztdyl9DZSIxeWkMrAw1FLCxMmQz0Nr5dW yfG4ozN2VKqZh/Glt7gpKE 8N&downloadAs=St_Nicolas_Thukie_-_.exe&fallback_url=http://.../get.php?file=bc102ab4&m3  (40e1b36e10d729a0c4c9d755fd6d4eb1)

1 / 68      (Adware)
http://www.appsendtours.com/c?x=NUqsSuzOhfJ6YnQOplSbqPH821KXdXG hv2KmhEHsRk=&c=pkQSHdQKMKbeDEBI85sStPmYCzxtPvpBFF6T oOLs1YOTCAEnWRWDuwz zGzRQCF7qUngd/sJRKAQJdJpNovEcTMPmTlnQvXc4A1CoiCbM8LjgPgW2N3z7FsjOu1pLI&downloadAs=BlackChild_-_Till_We.exe&fallback_url=http://.../get.php?file=e578aa3e&m3  (b545b151aa7256df44c3807edb344c93)

1 / 68      (Adware)
http://www.appsendtours.com/c?x=WhVcQxYHJWVeYeTR1yDFDfegoKWchixv8clskZwubiI=&c=8OjuI7vUl9gX81Nhxr2LfHX7gi9fWhninff9VBTY41u tbVDlAkqVW9TqrWkkJMMe4zFTwLxYzXmOapSxP2oVnFp6DDzk5GrriITmE7ILqr5LxJM kyRKWQfD/Fn6ubR&downloadAs=Internet_Explorer_9_.exe&fallback_url=http://.../get.php?file=ea09c734&m3  (9a0e57772c3610cfba21a7843a42ab61)

The following 36 files have been seen to comunicate with www.appsendtours.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.33.46.229:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.33.46.229:80
Client.exe

TCP » 54.200.224.121:80
kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.