www.packagetoursbits.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/InstallCore.AFN.gen potentially unwanted application, Win32/InstallCore.AFY potentially unwanted application, Win32/Chir.B virus
100.00%

McAfee
Artemis!0FD3D2207301, Artemis!57C8EDE2C92A, Virus.W32/Chir.b@MM
75.00%

avast!
Win32:Malware-gen, Win32:Agent-BARL [Trj], Win32:Vitro
75.00%

Dr.Web
Trojan.InstallCore.1681, Win32.Runonce.6652
50.00%

AhnLab V3 Security
PUP/Win32.Downloader
50.00%

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
50.00%

Reason Heuristics
Adware.Bundler (M)
50.00%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
25.00%

Fortinet FortiGate
Riskware/InstallCore_AFN
25.00%

Baidu Antivirus
Adware.Win32.InstallCore
25.00%

VIPRE Antivirus
Threat.4150696
25.00%

F-Prot
W32/Thecid.B@mm
25.00%

Microsoft Security Essentials
Threat.Undefined
25.00%

Emsisoft Anti-Malware
Win32.Runouce.B@mm
25.00%

AVG
Win32/Chir.B@mm
25.00%

The domain www.packagetoursbits.com has been seen to resolve to the following 32 IP addresses.

server-52-85-131-104.iad53.r.cloudfront.net
July 14, 2016

server-52-85-131-56.iad53.r.cloudfront.net
July 14, 2016

server-52-85-131-22.iad53.r.cloudfront.net
July 14, 2016

server-52-85-131-245.iad53.r.cloudfront.net
July 14, 2016

server-52-85-131-233.iad53.r.cloudfront.net
July 14, 2016

server-52-85-131-232.iad53.r.cloudfront.net
July 14, 2016

server-52-85-131-141.iad53.r.cloudfront.net
July 14, 2016

server-52-85-131-127.iad53.r.cloudfront.net
July 14, 2016

server-54-192-19-191.iad12.r.cloudfront.net
July 11, 2016

server-54-192-19-176.iad12.r.cloudfront.net
July 11, 2016

server-54-192-19-104.iad12.r.cloudfront.net
July 11, 2016

server-54-192-19-90.iad12.r.cloudfront.net
July 11, 2016

server-54-192-19-78.iad12.r.cloudfront.net
July 11, 2016

server-54-192-19-20.iad12.r.cloudfront.net
July 11, 2016

server-54-192-19-9.iad12.r.cloudfront.net
July 11, 2016

server-54-192-19-249.iad12.r.cloudfront.net
July 11, 2016

server-54-230-102-51.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-21.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-211.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-167.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-158.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-157.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-60.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-52.iad2.r.cloudfront.net
April 13, 2016

server-52-85-131-30.iad53.r.cloudfront.net
April 12, 2016

server-52-85-131-235.iad53.r.cloudfront.net
April 12, 2016

server-52-85-131-206.iad53.r.cloudfront.net
April 12, 2016

server-52-85-131-196.iad53.r.cloudfront.net
April 12, 2016

server-52-85-131-167.iad53.r.cloudfront.net
April 12, 2016

server-52-85-131-155.iad53.r.cloudfront.net
April 12, 2016

 
Showing 30 of 32 IP Addresses

File downloads found at URLs served by www.packagetoursbits.com.

2 / 68      (PUP)
http://www.packagetoursbits.com/.../installer.exe  (848e38601f5b139fb298376751eb9df2)

11 / 68    (Malware)
http://www.packagetoursbits.com/.../installer.exe  (61585e651724bd60b8b2ecf94652029a)

10 / 68    (PUP)
http://www.packagetoursbits.com/.../installer.exe  (0fd3d2207301676339aaa81e7fd86f3c)

6 / 68      (PUP)
http://www.packagetoursbits.com/.../installer.exe  (57c8ede2c92aefd75a3ee7e6d3aa4370)

The following 132 files have been seen to comunicate with www.packagetoursbits.com in live environments.

 
Latest 20 of 184 files