home

www.packagetoursbits.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
packagetoursbits.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/InstallCore.AFN.gen potentially unwanted application, Win32/InstallCore.AFY potentially unwanted application, Win32/Chir.B virus
100.00%

McAfee
Artemis!0FD3D2207301, Artemis!57C8EDE2C92A, Virus.W32/Chir.b@MM
75.00%

avast!
Win32:Malware-gen, Win32:Agent-BARL [Trj], Win32:Vitro
75.00%

Dr.Web
Trojan.InstallCore.1681, Win32.Runonce.6652
50.00%

AhnLab V3 Security
PUP/Win32.Downloader
50.00%

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
50.00%

Reason Heuristics
Adware.Bundler (M)
50.00%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
25.00%

Fortinet FortiGate
Riskware/InstallCore_AFN
25.00%

Baidu Antivirus
Adware.Win32.InstallCore
25.00%

VIPRE Antivirus
Threat.4150696
25.00%

F-Prot
W32/Thecid.B@mm
25.00%

Microsoft Security Essentials
Threat.Undefined
25.00%

Emsisoft Anti-Malware
Win32.Runouce.B@mm
25.00%

AVG
Win32/Chir.B@mm
25.00%

The domain www.packagetoursbits.com has been seen to resolve to the following 32 IP addresses.

52.85.131.104
server-52-85-131-104.iad53.r.cloudfront.net
July 14, 2016

52.85.131.56
server-52-85-131-56.iad53.r.cloudfront.net
July 14, 2016

52.85.131.22
server-52-85-131-22.iad53.r.cloudfront.net
July 14, 2016

52.85.131.245
server-52-85-131-245.iad53.r.cloudfront.net
July 14, 2016

52.85.131.233
server-52-85-131-233.iad53.r.cloudfront.net
July 14, 2016

52.85.131.232
server-52-85-131-232.iad53.r.cloudfront.net
July 14, 2016

52.85.131.141
server-52-85-131-141.iad53.r.cloudfront.net
July 14, 2016

52.85.131.127
server-52-85-131-127.iad53.r.cloudfront.net
July 14, 2016

54.192.19.191
server-54-192-19-191.iad12.r.cloudfront.net
July 11, 2016

54.192.19.176
server-54-192-19-176.iad12.r.cloudfront.net
July 11, 2016

54.192.19.104
server-54-192-19-104.iad12.r.cloudfront.net
July 11, 2016

54.192.19.90
server-54-192-19-90.iad12.r.cloudfront.net
July 11, 2016

54.192.19.78
server-54-192-19-78.iad12.r.cloudfront.net
July 11, 2016

54.192.19.20
server-54-192-19-20.iad12.r.cloudfront.net
July 11, 2016

54.192.19.9
server-54-192-19-9.iad12.r.cloudfront.net
July 11, 2016

54.192.19.249
server-54-192-19-249.iad12.r.cloudfront.net
July 11, 2016

54.230.102.51
server-54-230-102-51.iad2.r.cloudfront.net
April 13, 2016

54.230.102.21
server-54-230-102-21.iad2.r.cloudfront.net
April 13, 2016

54.230.102.211
server-54-230-102-211.iad2.r.cloudfront.net
April 13, 2016

54.230.102.167
server-54-230-102-167.iad2.r.cloudfront.net
April 13, 2016

54.230.102.158
server-54-230-102-158.iad2.r.cloudfront.net
April 13, 2016

54.230.102.157
server-54-230-102-157.iad2.r.cloudfront.net
April 13, 2016

54.230.102.60
server-54-230-102-60.iad2.r.cloudfront.net
April 13, 2016

54.230.102.52
server-54-230-102-52.iad2.r.cloudfront.net
April 13, 2016

52.85.131.30
server-52-85-131-30.iad53.r.cloudfront.net
April 12, 2016

52.85.131.235
server-52-85-131-235.iad53.r.cloudfront.net
April 12, 2016

52.85.131.206
server-52-85-131-206.iad53.r.cloudfront.net
April 12, 2016

52.85.131.196
server-52-85-131-196.iad53.r.cloudfront.net
April 12, 2016

52.85.131.167
server-52-85-131-167.iad53.r.cloudfront.net
April 12, 2016

52.85.131.155
server-52-85-131-155.iad53.r.cloudfront.net
April 12, 2016

 
Showing 30 of 32 IP Addresses

File downloads found at URLs served by www.packagetoursbits.com.

2 / 68      (PUP)
http://www.packagetoursbits.com/.../installer.exe  (848e38601f5b139fb298376751eb9df2)

11 / 68    (Malware)
http://www.packagetoursbits.com/.../installer.exe  (61585e651724bd60b8b2ecf94652029a)

10 / 68    (PUP)
http://www.packagetoursbits.com/.../installer.exe  (0fd3d2207301676339aaa81e7fd86f3c)

6 / 68      (PUP)
http://www.packagetoursbits.com/.../installer.exe  (57c8ede2c92aefd75a3ee7e6d3aa4370)

The following 132 files have been seen to comunicate with www.packagetoursbits.com in live environments.

TCP » 54.192.19.176:80
jingling.exe

TCP » 54.192.19.78:80
yacqq.exe

TCP » 54.192.19.104:80
saber.exe

TCP » 54.192.19.9:80
ed2k.exe (aMuleall by http://www.amuleall.org/)

TCP » 54.192.19.90:80
saber.exe

TCP » 54.192.19.90:80
browser.exe (Browser)

TCP » 54.192.19.104:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.131.30:443
browser.exe (Browser)

TCP » 54.192.19.176:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.19.20:80
saber.exe

TCP » 54.192.19.191:443
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.19.78:80
yacqq.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 54.192.19.9:80
uncheckitupdate.exe (Uncheckit Module by EVANGEL TECHNOLOGY (HK) LIMITED)

TCP » 54.192.19.176:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.19.90:80
uvconverter.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 52.85.131.233:443
instatime.exe

TCP » 54.192.19.90:80
browser.exe (Browser)

TCP » 54.192.19.104:80
gestalt.exe (Gestalt)

TCP » 54.192.19.78:80
jingling.exe

TCP » 54.192.19.78:80
yacqq.exe

 
Latest 20 of 184 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.