get.2secondsfiles.net

OutBrowse

Domain Information

The domain get.2secondsfiles.net registered by OutBrowse was initially registered in August of 2014 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Tuesday, August 26, 2014

Expires date:
Friday, August 26, 2016

Updated date:
Thursday, August 27, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ClickYes.O, PUP.ClickYes.N, PUP.OUTBROWSE.L, PUP.ClickYes.S, PUP.ClickYes.U, PUP.Outbrowse, PUP.Bundler.Outbrowse, PUP.Outbrowse.Bundler (M), PUP.Outbrowse.StartNow.Bundler (M), PUP.Outbrowse.StartPlaying.Bundler (M), PUP.Outbrowse.MariMara.Bundler (M), PUP.Outbrowse.ClickYes.Bundler (M)
100.00%

McAfee
Adware-OutBrowse.b, Artemis!7868ADB1B3EA, Adware-OutBrowse.c, Program.Adware-OutBrowse.c
29.63%

Dr.Web
infected with Trojan.Packed.29192, Adware.Downware.6169, Trojan.OutBrowse.6, Trojan.OutBrowse.14
25.93%

Malwarebytes
PUP.Optional.ClickYes, PUP.Optional.OutBrowse, PUP.Optional.Maru
25.93%

Avira AntiVirus
APPL/Downloader.Gen, APPL/OutBrowse.lwasp, APPL/OutBrowse.pao, APPL/Outbrowse.Gen, PUA/Outbrowse.Gen
25.93%

AVG
Potentially harmful program Downloader.CBV, Generic, Potentially harmful program Downloader.CGO, Potentially harmful program Downloader.CFA
25.93%

ESET NOD32
Win32/OutBrowse.AY potentially unwanted application, Win32/OutBrowse.BJ potentially unwanted application, Win32/OutBrowse.BK potentially unwanted application
22.22%

VIPRE Antivirus
Threat.4784459, Threat.4150696
22.22%

K7 AntiVirus
Unwanted-Program
22.22%

Sophos
OutBrowse Revenyou, Generic PUA CI, PUA 'OutBrowse Revenyou', Generic PUA BM
22.22%

Trend Micro House Call
Suspici.E02573A0, Suspici.3B70B417, TROJ_GE.C107764F, Suspici.173023CD
18.52%

avast!
Malware-gen, Adware-gen [Adw], OutBrowse-AX [PUP], OutBrowse-AJ [PUP]
18.52%

NANO AntiVirus
Trojan.Win32.OutBrowse.didlil, Trojan.Win32.OutBrowse.diikds, Trojan.Win32.OutBrowse.djpwjc
14.81%

AhnLab V3 Security
PUP/Win32.Eorezo, PUP/Win32.OutBrowse
14.81%

Fortinet FortiGate
Riskware/OutBrowse
14.81%

The domain get.2secondsfiles.net has been seen to resolve to the following 13 IP addresses.

ec2-50-19-244-143.compute-1.amazonaws.com
April 18, 2016

ec2-54-225-72-141.compute-1.amazonaws.com
April 14, 2016

ec2-107-20-138-96.compute-1.amazonaws.com
February 27, 2016

ec2-54-225-153-30.compute-1.amazonaws.com
February 27, 2016

ec2-23-23-103-119.compute-1.amazonaws.com
February 9, 2016

ec2-50-17-223-83.compute-1.amazonaws.com
February 9, 2016

ec2-23-21-57-253.compute-1.amazonaws.com
January 3, 2016

ec2-107-20-184-213.compute-1.amazonaws.com
January 3, 2016

ec2-50-16-201-128.compute-1.amazonaws.com
January 3, 2016

ec2-54-83-21-61.compute-1.amazonaws.com
November 30, 2014

ec2-54-243-171-218.compute-1.amazonaws.com
November 29, 2014

ec2-174-129-0-95.compute-1.amazonaws.com
November 29, 2014

ec2-107-21-208-49.compute-1.amazonaws.com
November 3, 2014

File downloads found at URLs served by get.2secondsfiles.net.

The following file have been seen to comunicate with get.2secondsfiles.net in live environments.

URL:
http://get.2secondsfiles.net/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/8.0 (ASP.NET) (Version: 4.0.30319)