home

www.bitstourhosting.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
bitstourhosting.com

Scanner detections:
Malware distribution  (67% detected)

Scan engine
Details
Detections

Norman
Gen:Variant.Adware.Symmi.59817, Gen:Trojan.Heur.RP.muW@aGiCtshi, Win32.Sality.OG
66.67%

Emsisoft Anti-Malware
Gen:Variant.Symmi.59817, Gen:Trojan.Heur.RP.muW@aGiCtshi, Win32.Sality.OG
50.00%

avast!
Win32:Kukacka, Win32:Malware-gen
50.00%

McAfee
Trojan.Artemis!EC68219F5184, Artemis!D7C996A994CD
50.00%

ESET NOD32
Win32/Sality.NAR virus, Win32/InstallCore.AFV potentially unwanted application
50.00%

Avira AntiVirus
W32/Ramnit.C, TR/Dropper.Gen
33.33%

Dr.Web
Win32.Sector.5
33.33%

Microsoft Security Essentials
Threat.Undefined
33.33%

VIPRE Antivirus
Threat.416209
33.33%

Kaspersky
Virus.Win32.Sality
33.33%

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48 [F], PE:Malware.Generic/QRS!1.9E2D [F]
33.33%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen, QVM20.1.Malware.Gen
33.33%

Lavasoft Ad-Aware
Gen:Trojan.Heur.RP.muW@aGiCtshi
16.67%

F-Prot
W32/Sality.AK
16.67%

Clam AntiVirus
W32.Sality-65
16.67%

The domain www.bitstourhosting.com has been seen to resolve to the following 19 IP addresses.

52.85.131.183
server-52-85-131-183.iad53.r.cloudfront.net
April 13, 2016

52.85.131.167
server-52-85-131-167.iad53.r.cloudfront.net
April 13, 2016

52.85.131.158
server-52-85-131-158.iad53.r.cloudfront.net
April 13, 2016

52.85.131.56
server-52-85-131-56.iad53.r.cloudfront.net
April 13, 2016

52.85.131.234
server-52-85-131-234.iad53.r.cloudfront.net
April 13, 2016

52.85.131.229
server-52-85-131-229.iad53.r.cloudfront.net
April 13, 2016

52.85.131.220
server-52-85-131-220.iad53.r.cloudfront.net
April 13, 2016

52.85.131.192
server-52-85-131-192.iad53.r.cloudfront.net
April 13, 2016

54.192.195.200
server-54-192-195-200.iad53.r.cloudfront.net
February 28, 2016

54.192.195.177
server-54-192-195-177.iad53.r.cloudfront.net
February 28, 2016

54.192.195.35
server-54-192-195-35.iad53.r.cloudfront.net
February 27, 2016

54.192.195.149
server-54-192-195-149.iad53.r.cloudfront.net
February 27, 2016

54.192.195.145
server-54-192-195-145.iad53.r.cloudfront.net
February 27, 2016

54.192.195.142
server-54-192-195-142.iad53.r.cloudfront.net
February 27, 2016

54.192.195.128
server-54-192-195-128.iad53.r.cloudfront.net
February 27, 2016

54.192.195.55
server-54-192-195-55.iad53.r.cloudfront.net
February 27, 2016

54.192.195.224
server-54-192-195-224.iad53.r.cloudfront.net
February 27, 2016

54.192.195.170
server-54-192-195-170.iad53.r.cloudfront.net
February 27, 2016

54.192.195.156
server-54-192-195-156.iad53.r.cloudfront.net
February 27, 2016

File downloads found at URLs served by www.bitstourhosting.com.

8 / 68      (PUP)
http://www.bitstourhosting.com/.../installer.exe  (installer.exe.downloading)

8 / 68      (Malware)
http://www.bitstourhosting.com/.../installer.exe  (f4e55db2270958fc6d8b6588b5d29884)

12 / 68    (Malware)
http://www.bitstourhosting.com/.../installer.exe  (954747e0b62ca6f471172f603da9a399)

6 / 68      (Malware)
http://www.bitstourhosting.com/.../installer.exe  (8d5b2c8c55badc868f204f4bfdd34c6c)

2 / 68      (inconclusive)
http://www.bitstourhosting.com/.../installer.exe  (fe044dccde1078c3cee144583e784495)

4 / 68      (inconclusive)
http://www.bitstourhosting.com/.../installer.exe  (ec68219f5184c4577244c5310899a9ef)

The following 3 files have been seen to comunicate with www.bitstourhosting.com in live environments.

TCP » 54.192.195.177:443
online-guardian.exe

TCP » 54.192.195.177:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.195.177:443
onlineguardian-v2.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.