» www.packageclearheart.com
Overview
Analysis
IPs Addresses (24)
Downloads (3)
Network (10)

www.packageclearheart.com

Domain Information

Server location:

Washington, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

packageclearheart.com

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

VIPRE Antivirus

Threat.4439742, Trojan.Win32.Generic

100.00%

Agnitum Outpost

PUA.DealPly, PUA.InstallCore

66.67%

G Data

Gen:Variant.Application.Bundler.71, Win32.Application.Agent.FGGEND

66.67%

McAfee

Artemis!1742BBBCED9C, Artemis!0756591F5975

66.67%

Avira AntiVirus

GAME/Zylom.Gen5, PUA/InstallCore.506793

66.67%

Reason Heuristics

PUP.installCore (M), Adware.Bundler (M)

66.67%

Bkav FE

HW32.Packed

33.33%

MicroWorld eScan

Gen:Variant.Application.Bundler.71

33.33%

Bitdefender

Gen:Variant.Application.Bundler.71

33.33%

Arcabit

Trojan.Application.Bundler.71

33.33%

Kaspersky

not-a-virus:AdWare.Win32.DealPly

33.33%

F-Secure

Gen:Variant.Application.Bundler

33.33%

Panda Antivirus

Trj/Swizzor.S

33.33%

Qihoo 360 Security

Win32/Trojan.ad3

33.33%

Norman

Gen:Variant.Application.Bundler.71

33.33%

The domain www.packageclearheart.com has been seen to resolve to the following 24 IP addresses.

server-52-85-131-127.iad53.r.cloudfront.net

April 19, 2016

server-52-85-131-37.iad53.r.cloudfront.net

April 19, 2016

server-52-85-131-232.iad53.r.cloudfront.net

April 19, 2016

server-52-85-131-223.iad53.r.cloudfront.net

April 19, 2016

server-52-85-131-211.iad53.r.cloudfront.net

April 19, 2016

server-52-85-131-178.iad53.r.cloudfront.net

April 19, 2016

server-52-85-131-148.iad53.r.cloudfront.net

April 19, 2016

server-52-85-131-138.iad53.r.cloudfront.net

April 19, 2016

server-54-230-102-29.iad2.r.cloudfront.net

April 12, 2016

server-54-230-102-201.iad2.r.cloudfront.net

April 12, 2016

server-54-230-102-171.iad2.r.cloudfront.net

April 12, 2016

server-54-230-102-103.iad2.r.cloudfront.net

April 12, 2016

server-54-230-102-96.iad2.r.cloudfront.net

April 12, 2016

server-54-230-102-94.iad2.r.cloudfront.net

April 12, 2016

server-54-230-102-42.iad2.r.cloudfront.net

April 12, 2016

server-54-230-102-37.iad2.r.cloudfront.net

April 12, 2016

server-52-85-142-119.iad12.r.cloudfront.net

April 5, 2016

server-52-85-142-96.iad12.r.cloudfront.net

April 5, 2016

server-52-85-142-91.iad12.r.cloudfront.net

April 5, 2016

server-52-85-142-89.iad12.r.cloudfront.net

April 5, 2016

server-52-85-142-73.iad12.r.cloudfront.net

April 5, 2016

server-52-85-142-242.iad12.r.cloudfront.net

April 5, 2016

server-52-85-142-162.iad12.r.cloudfront.net

April 5, 2016

server-52-85-142-127.iad12.r.cloudfront.net

April 5, 2016

File downloads found at URLs served by www.packageclearheart.com.

17 / 68 (PUP)

http://www.packageclearheart.com/.../installer.exe (0756591f597552415e42b0781d2e4811)

1 / 68 (PUP)

http://www.packageclearheart.com/.../installer.exe (f8363ed3d8f646b5606169ec86def39a)

16 / 68 (PUP)

http://www.packageclearheart.com/.../installer.exe (1742bbbced9c23a4485940827a1dfb16)

The following 10 files have been seen to comunicate with www.packageclearheart.com in live environments.

TCP » 52.85.131.148:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.127:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.89:80

browser.exe (Browser)

TCP » 52.85.142.96:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.96:443

citrio.exe (Citrio by CatalinaGroup)

TCP » 52.85.142.119:443

onlineguardian-v2.exe

TCP » 52.85.142.119:80

TCP » 52.85.142.96:443

whatsapptime.exe

TCP » 52.85.142.242:80

Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.91:443

TCP » 52.85.142.96:443

safeguardapp.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.