home

get.file16desktop.com

OutBrowse

Domain Information

The domain get.file16desktop.com registered by OutBrowse was initially registered in May of 2014 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Sunday, May 25, 2014

Expires date:
Wednesday, May 25, 2016

Updated date:
Tuesday, June 16, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
file16desktop.com

Whois:
2 file16desktop.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.OUTBROWSE.M, PUP.StartNow.M, PUP.Outborwse, PUP.MariMara, PUP.Outbrowse, PUP.Bundler.Outbrowse, PUP.Outbrowse.TrustedAppsDDD.Bundler (M), PUP.Outbrowse.ClickYes.Bundler (M), PUP.Outbrowse.DirectDownloadGtt.Bundler (M), PUP.Outbrowse.TrustedappsDDD.Bundler (M), PUP.Outbrowse.TrustedA.Bundler (M), PUP.Outbrowse.StartPla.Bundler (M), PUP.Outbrowse.DirectDo.Bundler (M)
100.00%

VIPRE Antivirus
Threat.4784459, Threat.4150696, Threat.4657539, Threat.5085447
36.84%

AVG
Generic, Downloader, Potentially harmful program Downloader.DKQ, Potentially harmful program Downloader.DJD
36.84%

ESET NOD32
Win32/OutBrowse.BJ potentially unwanted application, Win32/OutBrowse.BQ potentially unwanted application, Win32/OutBrowse.BU potentially unwanted application
36.84%

Dr.Web
Adware.Downware.2081, Trojan.OutBrowse.6, infected with Trojan.OutBrowse.100, Trojan.OutBrowse.95
31.58%

McAfee
Adware-OutBrowse.a, Adware-OutBrowse.d, Artemis!75857A33CBBA, Program.Adware-OutBrowse.e
31.58%

Malwarebytes
PUP.Optional.OutBrowse
31.58%

K7 AntiVirus
Unwanted-Program , Trojan
31.58%

Trend Micro House Call
Suspici.D2131122, Suspici.202D3B0F, Suspici.33AE6F52, Suspici.B4D1CBB0
31.58%

Avira AntiVirus
APPL/Outbrowse.Gen, APPL/Downloader.Gen, PUA/Outbrowse.Gen
31.58%

Sophos
OutBrowse Revenyou, PUA 'OutBrowse Revenyou'
26.32%

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse, not-a-virus:Downloader.NSIS.OutBrowse
21.05%

NANO AntiVirus
Trojan.Win32.OutBrowse.deioif, Riskware.Win32.AirAdInstaller.doqouj, Riskware.Win32.OutBrowse.dorbak
21.05%

G Data
Win32.Application.Outbrowse, Gen:Variant.Application.Bundler.Outbrowse
21.05%

herdProtect (fuzzy)
a variant of 204a0471160f93fbc1e8909dab51ca0c8d5abd97, a variant of d493d900847e7080ae5fa803344905235c303e0f, a variant of be20b34ea8e8d965dec85f72d8542c6a144b7ed5
21.05%

The domain get.file16desktop.com has been seen to resolve to the following 9 IP addresses.

204.236.219.53
ec2-204-236-219-53.compute-1.amazonaws.com
April 1, 2016

50.17.254.254
ec2-50-17-254-254.compute-1.amazonaws.com
January 29, 2016

23.21.196.192
ec2-23-21-196-192.compute-1.amazonaws.com
January 29, 2016

54.243.98.4
ec2-54-243-98-4.compute-1.amazonaws.com
September 1, 2015

54.225.70.91
ec2-54-225-70-91.compute-1.amazonaws.com
September 1, 2015

50.19.251.53
ec2-50-19-251-53.compute-1.amazonaws.com
March 7, 2015

50.19.236.133
ec2-50-19-236-133.compute-1.amazonaws.com
November 29, 2014

50.16.199.63
ec2-50-16-199-63.compute-1.amazonaws.com
September 15, 2014

23.21.84.152
ec2-23-21-84-152.compute-1.amazonaws.com
September 13, 2014

File downloads found at URLs served by get.file16desktop.com.

1 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=Konica minolta c250 driver download&dynamicname=Konica minolta c250 driver download&filename=Konica minolta c250 driver download&d1=2565000&d2=0&d3=1&  (konica minolta c250 driver download.exe)

1 / 68      (Adware)
http://get.file16desktop.com/.../Get1?file=Get&p=14291&d=1977&l=1694&n=0&clickid=YOqZu-o_1P0HyZdcKECC9HILg8d7_y7uUk6crm5aA265MjjS96pvPNxNK6YWSblmgfHLeBBGdDveaMJb_a5eaDf3v6go-OdAmhOC7ichhuKKVfIbmbxYVfVrFJwdBkESZRUl8h_N8ZSBCKHpge82_qHnFqVEUK7gFEQqiYw-9ocPdr7ps6vh_VM24eFYGpvF34nSNo9L_v-MOI1II_iJ3FpLPTD_b939FEz3abiyPfwstCx1XRuW_jsUr02hGJL2x3qme4Xv_l_0UMZiYZu8baB6TMoOyxdXB-6uBWqr-vhg_J760tJpGH1b3E_20QzmRM5GY4kKqXnD2uIPNOmz8Bd6MCBjtV10-f28Mk6ccA-9qTA2jSSmlk9xhw8hJvARZcW-sLZhPMHDdkgxvarmmvYysJSaVMQJRwP1VFNpCpTrUxWtoc5owoDTZg&d1=-1&d2=-1&d3=-1&d4=-1&d5=-1&filename=setup  (setup.exe)

1 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=total audio converter softonic&dynamicname=total audio converter softonic&filename=total audio converter softonic&d1=1405000&d2=0&d3=1&  (total audio converter softonic.exe)

1 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=5492&d=19036&l=6303&n=1&productname=Setup.exe&d1=maudau&d2=maudau_freecoins&d3=11001&filename=Setup&clickid=wOTP0B0E6B9ED8MF0J5OVIQ2  (d7b2cb0819a32be4c3d93545098ddeb5)

1 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=pixar animation shorts&dynamicname=pixar animation shorts&filename=pixar animation shorts&d1=1405000&d2=0&d3=1&  (pixar animation shorts.exe)

1 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=directx 8.1 level graphics card&dynamicname=directx 8.1 level graphics card&filename=directx 8.1 level graphics card&d1=1405000&d2=1&d3=1&  (directx 8.1 level graphics card.exe)

1 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=Downloader&dynamicname=Downloader&filename=Downloader&d1=1895000&d2=0&d3=1&  (downloader.exe)

1 / 68      (Adware)
http://get.file16desktop.com/1414940650/Get?p=301&d=3746&l=3578&n=1&vm=0&exeurl=http://downloadcenter.samsung.com/content/SW/201306/.../KiesSetup.exe&dynamicname=Samsung Kies&filename=Samsung Kies&d1=15893  (samsung kies.exe)

1 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=ricoh aficio mp 2000le printer driv ...&dynamicname=ricoh aficio mp 2000le printer driv ...&filename=ricoh aficio mp 2000le printer driv ...&d1=1405000&d2=0&d3=1&  (ricoh aficio mp 2000le printer driv....exe)

25 / 68    (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=rgsc.exe for gta 4&dynamicname=rgsc.exe for gta 4&filename=rgsc.exe for gta 4&d1=1405000&d2=4&d3=1&  (rgsc.exe for gta 4.exe)

23 / 68    (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=css3 web pricing tables&dynamicname=css3 web pricing tables&filename=css3 web pricing tables&d1=1405000&d2=1&d3=1&  (css3 web pricing tables.exe)

22 / 68    (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=perfect parkjet system&dynamicname=perfect parkjet system&filename=perfect parkjet system&d1=1405000&d2=1&d3=1&  (perfect parkjet system.exe)

1 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=mohammed nabina hamada helal&dynamicname=mohammed nabina hamada helal&filename=mohammed nabina hamada helal&d1=1405000&d2=0&d3=1&  (mohammed nabina hamada helal.exe)

8 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=keygen winthruster&dynamicname=keygen winthruster&filename=keygen winthruster&d1=1405000&d2=0&d3=1&  (keygen winthruster.exe)

5 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=5654&d=8701&l=8181&n=1&productname=zune hd dreamboard&dynamicname=zune hd dreamboard&filename=zune hd dreamboard&d1=1405000&d2=4&d3=1&  (zune hd dreamboard.exe)

8 / 68      (Adware)
http://get.file16desktop.com/.../Get?p=16639&d=22354&l=21536&x=2  (installation.exe)

15 / 68    (Adware)
http://get.file16desktop.com/DownloadManager/Get?p=13490&d=19079&l=18238&n=1&productname=DownInstall&d1=1&exeurl=http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_aih.exe&dynamicname=Adobe Flash Player&tyurl=http://downinstall.com/.../Adobe Flash Player?utm_source=ry  (installation.exe)

15 / 68    (Adware)
http://get.file16desktop.com/DownloadManager/Get?p=13490&d=19079&l=18238&n=1&productname=DownInstall&d1=1&exeurl=http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_aih.exe&dynamicname=Adobe Flash Player&tyurl=http://downinstall.com/.../Adobe Flash Player?utm_source=ry  (installation.exe)

7 / 68      (Adware)
http://get.file16desktop.com/DownloadManager/Get?p=13490&d=19079&l=18238&n=1&productname=DownInstall&d1=1&exeurl=http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_aih.exe&dynamicname=Adobe Flash Player&tyurl=http://downinstall.com/.../Adobe Flash Player?utm_source=ry  (installation.exe)

15 / 68    (Adware)
http://get.file16desktop.com/DownloadManager/Get?p=13490&d=19079&l=18238&n=1&productname=DownInstall&d1=1&exeurl=http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_aih.exe&dynamicname=Adobe Flash Player&tyurl=http://downinstall.com/.../Adobe Flash Player?utm_source=ry  (installation.exe)

15 / 68    (Adware)
http://get.file16desktop.com/DownloadManager/Get?p=13490&d=19079&l=18238&n=1&productname=DownInstall&d1=1&exeurl=http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_aih.exe&dynamicname=Adobe Flash Player&tyurl=http://downinstall.com/.../Adobe Flash Player?utm_source=ry  (installation.exe)

The following 3 files have been seen to comunicate with get.file16desktop.com in live environments.

TCP » 50.19.251.53:80
cltmngsvc.exe (Search Protect by Client Connect)

TCP » 50.19.251.53:80
cltmng.exe (Search Protect by Client Connect)

TCP » 50.19.251.53:80
cltmng.exe (Search Protect by Client Connect)

URL:
http://get.file16desktop.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/8.0 (ASP.NET) (Version: 4.0.30319)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.