home

www.toursmegabundle.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
toursmegabundle.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.Installer.Installer (M), PUP.installCore.Program.Installer.Meta (M)
100.00%

The domain www.toursmegabundle.com has been seen to resolve to the following 10 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 18, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 18, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 18, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 18, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 8, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 8, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 8, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 8, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 8, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 8, 2016

File downloads found at URLs served by www.toursmegabundle.com.

1 / 68      (Adware)
http://www.toursmegabundle.com/c?x=61KzpX GqOib4lEf7u0PvPnfh4NOIri2hpz6hJJzpXA=&c=CC0fJBtQqPU5NoB3LXS7mYh5uWrp6DBTONYEzQPUD8/12p Hh20cFG6VzPNQW9GNuJxZmDR89H61apcQ2NztbLmwcyuvIW3PfjLUpPj4jPxfK6C2DVIFkD 4aaowDgN &downloadAs=AVI-Movie-Player_52.exe&fallback_url=http://files.ultradownloads.com.br/.../82534-AVIMoviePlayer-5_2.exe  (icreinstall_avi-movie-player_52.exe)

1 / 68      (Adware)
http://www.toursmegabundle.com/c?x=ip tyxS2JvDbOjA3Y4CwDHfE5udoDAYPSJ6WGpepGFc=&c=dzXXGMJ5N8KOVUjmkEg/12NbAR/dD8qI72Z31ntKrM7Abj3u1HBc869kkCVMJ0S1c/5/P1BUVo102w4hkKiCflIWTnYGqlow6noDmjwMOoG9Ybypue2awnzyOtn3FQhD&downloadAs=Microsoft-Office-2007.exe&fallback_url=http://files.ultradownloads.com.br/.../74450-Office-2007-Professional_UltraDownloads_X12-46701.exe  (c76d4f0135f576465936765a992fd335)

1 / 68      (Adware)
http://www.toursmegabundle.com/c?x=lF7vf64fK eB2F8PTnJkXE3/DddL0BvQ6BJ0rl0In3U=&c=0VbQjV81t8BUq2HiY8n0quvjnhTjOZbOFpLyGhH0 BTyjmpN8N2vrj8dFeRfgpi3ncCYIE1Axr FpNLmgD7RZmjIe4px647nXqpExZR9cFHe8z2JRksMIj0RbaY7mqDH&downloadAs=Samsung-Impressora-SCX-4200-Driver.exe&fallback_url=http://files.ultradownloads.com.br/.../81210-Driver-Impressora-Samsung-SCX-4200.exe  (3d362d898060f34f397b7a6170efe709)

1 / 68      (Adware)
http://www.toursmegabundle.com/c?x=eVL chY9E5TooCLXEo0u HARenGAIDGLQxPUbnulMT0=&c=du83yzIfgqu cmElFB3 EKjQUl9PGPacw5BC8SZLWg9VHAmHo5q9SkMuUiIhZeSSHhBngx/4rEXn6kiZfxFy6Xla9MdnNc42jQKyI0w10THqsLAEjAmAO FN7lgYD3s2&downloadAs=HP-LaserJet-P1005-Driver.exe&fallback_url=http://ftp.hp.com/pub/softlib/software12/COL20938/.../hp_LJ_P1005_P1505_Full_Solution_ROW.exe  (setup.exe)

1 / 68      (Adware)
http://www.toursmegabundle.com/c?x=XY5rJx QErBOGUYbPsHV/EGFqRJDy/ccx/QPP1ID4U4=&c=XaqEI3IpDHdlAwb/xN/Z2vMQOqJztCzvUsTy8Pexs6MXVGTpsBhQrxgTLtbShqYZW80MN0725TG6QAZsEtrOB yu0jEogDFKDmuDQWZxH7kUOuc8B8VW7O8nhDy6Vmj0&downloadAs=HP-CM1312-Series-Drivers_51.exe&fallback_url=ftp://ftp.hp.com/pub/softlib/software12/COL39661/.../CM1312series_full_solution_v5.0_AM-EMEA.exe  (a7b56d1c63ff4161e3f136939d801c85)

1 / 68      (PUP)
http://www.toursmegabundle.com/c?x=4wIQXOLdgZ21SOoT9Mnm2/00C8LCX6loFCUCPS7BBE0=&c=/t4X5GDZV37 bAltovaJnqmAsFb/fiPcvOZMNRrmMlQ Q 3gbw S26s3TTgyOrk5seuIbnuKkz1Zf/raU5oZTcAlTdWFFud437s4PVUwRiWPJEAevVnYEBDSpGAbU97ETNaIEk7F03zcKMds6GVm4tx2BvnHNgBpttw6NrQZArs3jlYUOCREL JBRvTRK JA&downloadAs=Controle-de-Estoque-Facil_10.xlsx&fallback_url=http://files.financasemordem.webnode.com/.../Estoque Facil FREE.xlsx  (controle-de-estoque-facil_10.exe)

The following 6 files have been seen to comunicate with www.toursmegabundle.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.