» www.tourstodayhosting.com
Overview
Analysis
IPs Addresses (17)
Downloads (3)
Network (2)

www.tourstodayhosting.com

Domain Information

Server location:

Washington, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

tourstodayhosting.com

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

ESET NOD32

Win32/InstallCore.AFW potentially unwanted application, Win32/InstallCore.ACY.gen potentially unwanted application, Win32/Sality.NBA virus

100.00%

McAfee

Artemis!6102F6BBEB39, Virus.W32/Sality.gen.z

66.67%

avast!

Win32:Malware-gen, Win32:SaliCode

66.67%

AhnLab V3 Security

PUP/Win32.Downloader

66.67%

Qihoo 360 Security

QVM20.1.Malware.Gen

66.67%

Reason Heuristics

Adware.Bundler (M)

66.67%

Vba32 AntiVirus

Malware-Cryptor.InstallCore.gen

33.33%

VIPRE Antivirus

Threat.4721115

33.33%

Microsoft Security Essentials

Threat.Undefined

33.33%

F-Prot

W32/Sality.gen2

33.33%

Kaspersky

Virus.Win32.Sality

33.33%

Emsisoft Anti-Malware

Win32.Sality

33.33%

Dr.Web

Win32.Sector.30

33.33%

The domain www.tourstodayhosting.com has been seen to resolve to the following 17 IP addresses.

52.85.131.43

server-52-85-131-43.iad53.r.cloudfront.net

April 20, 2016

54.230.102.52

server-54-230-102-52.iad2.r.cloudfront.net

April 13, 2016

54.230.102.51

server-54-230-102-51.iad2.r.cloudfront.net

April 13, 2016

54.230.102.21

server-54-230-102-21.iad2.r.cloudfront.net

April 13, 2016

54.230.102.211

server-54-230-102-211.iad2.r.cloudfront.net

April 13, 2016

54.230.102.167

server-54-230-102-167.iad2.r.cloudfront.net

April 13, 2016

54.230.102.158

server-54-230-102-158.iad2.r.cloudfront.net

April 13, 2016

54.230.102.157

server-54-230-102-157.iad2.r.cloudfront.net

April 13, 2016

54.230.102.60

server-54-230-102-60.iad2.r.cloudfront.net

April 13, 2016

52.85.131.196

server-52-85-131-196.iad53.r.cloudfront.net

April 12, 2016

52.85.131.167

server-52-85-131-167.iad53.r.cloudfront.net

April 12, 2016

52.85.131.155

server-52-85-131-155.iad53.r.cloudfront.net

April 12, 2016

52.85.131.114

server-52-85-131-114.iad53.r.cloudfront.net

April 12, 2016

52.85.131.51

server-52-85-131-51.iad53.r.cloudfront.net

April 12, 2016

52.85.131.30

server-52-85-131-30.iad53.r.cloudfront.net

April 12, 2016

52.85.131.235

server-52-85-131-235.iad53.r.cloudfront.net

April 12, 2016

52.85.131.206

server-52-85-131-206.iad53.r.cloudfront.net

April 12, 2016

File downloads found at URLs served by www.tourstodayhosting.com.

9 / 68 (Infected)

http://www.tourstodayhosting.com/.../installer.exe (c21c5c0790175b73d750e3d5d0508182)

4 / 68 (PUP)

http://www.tourstodayhosting.com/.../installer.exe (installer.exe.downloading)

7 / 68 (PUP)

http://www.tourstodayhosting.com/.../installer.exe (6102f6bbeb39ff13233786b28d2dc907)

The following 2 files have been seen to comunicate with www.tourstodayhosting.com in live environments.

TCP » 52.85.131.30:443

browser.exe (Browser)

TCP » 52.85.131.196:80

SimpleDriverUpdater.exe (Simple Driver Updater)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.