» www.tourscapitaltours.com
Overview
Analysis
IPs Addresses (8)
Downloads (12)
Network (6)

www.tourscapitaltours.com

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

tourscapitaltours.com

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.InstallCore.AVSoftwa.Installer (M), PUP.InstallCore.RE.Installer (M), PUP.InstallCore.EST (M), PUP.InstallCore.RE11 (M), PUP.InstallCore (M)

100.00%

avast!

Win32:Trojan-gen

9.09%

ESET NOD32

Win32/InstallCore.ACY.gen potentially unwanted application

9.09%

Dr.Web

Trojan.InstallCore.1903

9.09%

The domain www.tourscapitaltours.com has been seen to resolve to the following 8 IP addresses.

ec2-52-24-26-116.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-52-25-41-73.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-54-69-198-37.us-west-2.compute.amazonaws.com

April 21, 2016

ec2-54-69-11-66.us-west-2.compute.amazonaws.com

April 21, 2016

ec2-52-88-159-85.us-west-2.compute.amazonaws.com

April 21, 2016

ec2-52-35-10-15.us-west-2.compute.amazonaws.com

April 21, 2016

ec2-52-26-95-11.us-west-2.compute.amazonaws.com

April 21, 2016

ec2-54-148-57-212.us-west-2.compute.amazonaws.com

April 21, 2016

File downloads found at URLs served by www.tourscapitaltours.com.

1 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=SijcGdZZE3sxSuF7hbKa0NBX3JlRpGY49h5XgNsTnpc=&c=drKf8luASxuYUyfVjZ8293eK02p5bg2bWBSFAzw2LGSOgi4c CZ7oWE0qx6MT E28KG/ijItG8dlk s70frg2srR2br6RMmrPVN7vdkCoOs9VLIHn7t f3cxHlwa3Vh5&downloadAs=Dokhtare_Kharabwwwne.exe&fallback_url=http://.../get.php?file=2c68676e&m3 (5372c8e1768a750fa78ce11b40affea9)

1 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=Pb2 Tw9lfcViGEsVHmYX7049w/3bDmqQqM2gJ0bjqcs=&c=bWaiN7Pq98yQXa15vhSIaSI0Z37DJmUyAHmSOmX8RTZwbuxkSP6wS4eoKd9wGX6GYeR5eX/eJjicfFHYIQ5z dlN0xkBBWXcHFuM3BwZ3rYEhdvo2gnggtHcCW0k78uG&downloadAs=see_you_again_remix-.exe&fallback_url=http://.../get.php?file=197882e0&m3 (930c4354c445d5c1a346715230d47040)

1 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=UPu7f6nrI x6yKUE/plc0fMzsjNCPqtAk9eL4ZF IJE=&c=RXP0/RVKC21cHjCvG0WID8Ho16zrnuDaVyKLPurYTANiFP9Mer1BihLyE4xNsq6hMDB/0n4Amd ANoCkuayuD6YTFDdP8yFpQH d7i9VhGVPwfhCVlVVCywy/G24pfW1&downloadAs=ss.exe&fallback_url=http://.../get.php?file=59b8af4f&m3 (f11e178cb03517ec5c4d0e11d84bc090)

1 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=vg2CiNRE1YPTnmQAGG7Ljxn bbIJQKa/g6BWPhBle0U=&c=zYX2qjkTWAjwLCvT7CY81tEzwz9rZj JKtjekf0y4Hzo5geyvEVnjAKY2PyKPpTFTXj2gnxHlQGOkPmQt4BU2XCXRNNNr1o0xaU1IJRRtXRdLSZBN8qJKT R/K3YQ3Ws&downloadAs=TAODW_not_completedo.exe&fallback_url=http://.../get.php?file=896ed2df&m3 (7082c01d544318f1933a853524f820ba)

1 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=hhZQQ/mOgGcaVpCCC7cAU2yqmVBT cezGcVOKaLaZgI=&c=iQUM8JBqwI3D7DsNry0Iem8Y1catuzQLnxG8llTU5KZrHXrsint3hljBDqAw6o7wgPQ5XQ3TKLNXASDVBJoG9o8Fzr10z 7gG7AOi0FmIFKf7GOmRked6CnZYpF5TF7L&downloadAs=Adobe_Photoshop_71_K.exe&fallback_url=http://.../get.php?file=aa6a89ba&m3 (35521091978daa4fd0b219b5f74becb6)

1 / 68 (Adware)

http://www.tourscapitaltours.com/c?x=S244SAi6rq BMfswoR7ylv0Fnq2NZRn by90pPRBfoo=&c=8hzemnrkEtX2rwYWSAuweM0ZMJ1HlPS8n5Sp7xEhnIbEr871ip9eFFW/64keXssKl7J/yzoc0OtsWsBs5W7UPX2LCfxSAnls8kNZxn2wlB3ysrdo12WS7NyN 7P4VeIG&downloadAs=Adobe_Photoshop_71_E.exe&fallback_url=http://.../get.php?file=2c0fb225&m3 (icreinstall_adobe_photoshop_71_e.exe)

4 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=yRlYH3ux I2CIIEj9wnOm68M1uWdPU1TMpRlkQoeAlg=&c=MQpPu2rBYl92AgIZ0v5HGIVyPhu8XgHi6gq60dcABsq8QDDhMIemYDkNsCwBXeh4AbvJBejjuHmJC2clrR0nbuEVDE4Vu1LZV5CamXxhxAoa3HL5bcaEcrYCBDvFuqMb&downloadAs=KJ_110627.exe&fallback_url=http://.../get.php?file=9af14282&m3 (2bf51daf8bbbee9e875a94a137b976d4)

1 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=Elb6UdLkwzMKlNz7vWqOdcMPsP1j8BgDhW7lPZIugFw=&c=8hzeyFqr s3PTZZLtFofgwZngmZ nffz86TbWnWJLs3Vm1FRrrLfpqi6HUrNQtG/bnivdgxFF8XW7SNYQX3uB it3u4rGJWaRn6O5mye8PnbYLJ rXS8jllmeAhkB55y&downloadAs=PCL_HyperCam.exe&fallback_url=http://.../get.php?file=7e935c89&m3 (82137b8bca182d78caa8d3653d69bdcb)

1 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=xfG/WvEt35gG1sF6a7mR/DMc/xpmFMQOeFqqP6wru90=&c=lb0shQmQRvT9cfRtOk7aJjA2uEq swMEjKzxESzR/EK4hwVUskV0IiK2LZEfYxk76UxzTCGG9l1zjLTfN2e1IQd9taYbzu lroZb3/FgzBpJbrzSA97rJoeX8RELuupb&downloadAs=City_Car_Driving_1_5.exe&fallback_url=http://.../setup1.19.exe (d9b24f2f9b48df02f6d9917916307bf1)

1 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=FBDtBdMeTKSP3hCPw8KlGnsLyhJ8b6L0xiCIXKK 9rY=&c=OD2qtEdG8DpOKQm2RheheKzomjGsr4cBnMtwj6XneVXJaQ79SyT1D9eGJ7NforicxOLvjGAoaUysRdCgvbHHz/1PakrkasrfAFDpBTiN101XB0nEbQru58j4TRTVd05N&downloadAs=Adobe_Photoshop_71_K.exe&fallback_url=http://.../get.php?file=aa6a89ba&m3 (35521091978daa4fd0b219b5f74becb6)

1 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=9vFd O0BAcTHVR1Q5tJtKi/4zizf1Nf DLoefP0PV78=&c=k8HqGFqeN721Ysup2XueRgG j/j5QSX9LeN54OxeL64km6ANOXas67eJvfA/gZfy8/hE9p0jfW8ixMGMKgMrV/n wfogwEb/r09E1NwQ0L2vDm3rDdSI7oqfC8Hndy/W&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe (1eb4dd599253b897a3d4ee4fc1e218f7)

1 / 68 (PUP)

http://www.tourscapitaltours.com/c?x=15a0trXqtFMl/G2NcEeTXSxkPKb6eUaGAzN2k Be/EA=&c=yxJPxdVJpyRx11rcrRt4P0mLLFg4cFPlseqwT3PboBZeh195sI0Xcv/gPfGB3oHJ87 HawXX31yIT P201rI3NJYysDBR7NU Qkmt hhHUk0FmsRVfVrFKLjN8t3Odx9&downloadAs=FacebookHackerPro_By.exe&fallback_url=http://.../get.php?file=5404fb37&m3 (7cb340816e49b85817f64d49ae22cad5)

The following 6 files have been seen to comunicate with www.tourscapitaltours.com in live environments.

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.