home

www.tourscentralclear.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
tourscentralclear.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.AVSoftwa.Installer (M), PUP.InstallCore.RE11 (M)
100.00%

The domain www.tourscentralclear.com has been seen to resolve to the following 6 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 17, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 17, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 17, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 17, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
May 17, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
May 17, 2016

File downloads found at URLs served by www.tourscentralclear.com.

1 / 68      (PUP)
http://www.tourscentralclear.com/c?x=atj1WToH8E7ub46AHDs2xYkul25XhHaSjao cFyWAnk=&c=ZuQUl2qGfSjH2VY6bS1GQo2hblrD/OM3ppLPC3ztwD8JpvI2Z4g2iqOPJwCicCQ9aDrpHwSFmrs7O6A/rE4uBNbm/c71TzQNOcvh vebyQ9yZkbAYPBuZEOOHE78xQr/&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe  (1eb4dd599253b897a3d4ee4fc1e218f7)

1 / 68      (PUP)
http://www.tourscentralclear.com/c?x=INiQgxjNtzBTEHgBP0TmGN3xdI5NeHcSOb762OXxhfo=&c=uZZXvTuisdyoJ1rCHKncC08R8E3qVcmwBMR/4vIQ7mFt/ldSGg0ZeAWKpm 0M7OROzcecu/49 L5y6Mgk9fGLCheSMDFLPtdUOlxAJd0/dYGsWCtXrTxkVFap4bmRg8j&downloadAs=Delicious_Emilys_Hom.exe&fallback_url=http://.../get.php?file=5aaca7c7&m3  (2ab8208b1497d2bd1218df6e74f33183)

1 / 68      (PUP)
http://www.tourscentralclear.com/c?x=ubxOX4M83l6uFzfXgQRe92SV4/u4OiOf1n8gFrZFgkc=&c=Ov35Aui5MtsQVRFQRV9CkpnEzxX7CITjNKrLpKo3d43s82m6DZxSVWmjGXt74CroBrHnzYDBi1p01Pc3X6jC h6GowrugXdJWei2eFiA6JdK3iP8yxsjUgcaNzOxxsF8&downloadAs=Burn4Free_DVD_Copy.exe&fallback_url=http://.../burn4free-setup-silent.exe  (f923c3a32ef3a4a6ab095eca01d6298e)

1 / 68      (PUP)
http://www.tourscentralclear.com/c?x=j3UXS2INOOfX7ESIlSZtOoVcN J76FP9zy5BekyRy/s=&c=0F7tmF Z Q34/Qf gts2dxyVzLe12OfO7NvpydL6yfbsm P74DOIyhImpyZ9Uf3zDrwht4CjtO44R1f7I9QToi/c71fWJhPDcpvXbHjvegsdwFrzxm3TFQqvN9l/RXvP&downloadAs=Burn4Free_DVD_Copy.exe&fallback_url=http://.../burn4free-setup-silent.exe  (f923c3a32ef3a4a6ab095eca01d6298e)

1 / 68      (PUP)
http://www.tourscentralclear.com/c?x=BWllJABWVza4LOipn1evD1cvID3bsCPbu79f9ljJmTE=&c=f/RaNxiXNmqtelmmfevtFoRKDV1gYoznhypGr17aDx/3JEomZIWpHDiLbgvZFjbgDbfq1pAzHgbjep3ax8GsUMuTwYAKpBCCihPShs/9KrGaVRA4rLfEbHI277WRvfss&downloadAs=NMD_VPN_wwwabhi2youb.exe&fallback_url=http://.../get.php?file=b0b04d25&m3  (03725ea683bc976049a73eec66d14b16)

1 / 68      (PUP)
http://www.tourscentralclear.com/c?x=GVOAdHfKtWeYBqYmSdKoJBmNGQyJacR32/ EnTeDSAA=&c=1eQz089WVLikUeEaY4GUtm4Nf3428zygecSnVf6FIl9Ud62eVss0PpfTUmqMwV0/2IJ35NkMu070CDHmvKM2v/z1OsZHW6ot9SNR0X0MGDoRcKP1j9PQ2x9GxfGTrHDZ&downloadAs=uopilot.exe&fallback_url=http://.../get.php?file=7bc5a9b7&m3  (2a9c86a2b0d6e0034b1ca89ae94ea57a)

1 / 68      (PUP)
http://www.tourscentralclear.com/c?x= hY5NYEo27Mo8aSQfd/oTdclymXIi7JsCFu09lt eag=&c=4UbMNHBzT3SIefR4/HHkSeaN5HoPUhGMWHEqLOg15CALaiA7v46x8tjqXWGiH72S64DMsiQ5o2FmnZIOF9YJO/g71oH9lgYbDjpq0ovAYvmzveNLwRjVk 6 fsEKq2C&downloadAs=Sahra_Marocan.exe&fallback_url=http://.../get.php?file=c64e62c5&m3  (af390c2184b4f615b63a3f51f39bc42a)

1 / 68      (PUP)
http://www.tourscentralclear.com/c?x=tLDKj 6vXozSCuFImxTmCNXRcAi8BMricfTdqU5yfiQ=&c=br9lmPKlKuTmFDeB U7lmj7DCJWR o821YUNtMstamFc7nLDX0vAgzovYReQUlM0QT amud2Qz5n86KuGW/r1ZD3KP3PS5 drOmug2QdMKOEpdsbjc5fcBAMkDhGD3SY&downloadAs=DJ_Pain_1_Summer_201.exe&fallback_url=http://.../get.php?file=38ae1aeb&m3  (7f7a5bc26392e0b5ee98a64be09a05c4)

1 / 68      (PUP)
http://www.tourscentralclear.com/c?x=mej2J5tN64ytii1VOaNaCmGJ/1PchJ8KnkvCMIIJeCI=&c=QihLRGw6pJK5TJ7A Hn/BjzG1R5JQ1iKZzc/6roTtXmIKy7Efx/c1eDgI6IqgIQPZgZ3NX2NrunMIqywGGFnrhs6pDcG18R7g43sMOqPQovV0MybXkpAhd1YCAM3wHJM&downloadAs=Naijaloaded_Ycee_-_O.exe&fallback_url=http://.../get.php?file=82bf2e44&m3  (1db33a385aa3f6512b2b38109b55d127)

1 / 68      (PUP)
http://www.tourscentralclear.com/c?x=BsH7XNEp/EcB8gGRhvkBORSz1ddcos/P6wNrMzPO9e0=&c=2vvsA91KIsaeOodVIcMFDK8xQfTl5GN7y6jsQcvrJvdlVfbLH8gTIBkZd6yLXG1OKyd 1UOwRHEz63NLWMGLmk vwwEmAE31h0T2c8PP/KFYGkQ4Tw2MvgrsEG/ePy2V&downloadAs=IDM_62514_Retail_Sil.exe&fallback_url=http://.../get.php?file=278a2160&m3  (f83ac760f975ad7727dceca7e2ebc283)

The following 6 files have been seen to comunicate with www.tourscentralclear.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.