get.file20desktop.com

OutBrowse

Domain Information

The domain get.file20desktop.com registered by OutBrowse was initially registered in May of 2014 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Sunday, May 25, 2014

Expires date:
Wednesday, May 25, 2016

Updated date:
Tuesday, June 16, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SalyutemPlyus.F, PUP.SalyutemPlyus.Z, PUP.MARIMARA.J, PUP.OUTBROWSE.U, PUP.TiKiTaKa, PUP.Outbrowse, PUP.Bundler.Outbrowse, Threat.Outbrowse.Bundler, PUP.Outbrowse.TikiTaka.Bundler (M), PUP.Outbrowse.ClickTOStart.Bundler (M), PUP.Outbrowse.Outborwse.Installer (M), PUP.Outbrowse.SalyutemPlyus.Bundler (M), PUP.Outbrowse.ClickToS.Bundler (M), PUP.Outbrowse.bestApp.Bundler (M), PUP.Outbrowse.TIKITaka.Bundler (M), PUP.Outbrowse.Salyutem.Bundler (M), PUP.Outbrowse.Clickyes.Bundler (M), PUP.Outbrowse.StartPLA.Bundler (M), PUP.Outbrowse.YesApps.Bundler (M), PUP.Outbrowse.ClickYes.Bundler (M), PUP.Outbrowse.JustAcce.Bundler (M), PUP.Outbrowse.SafeSoft.Bundler (M), PUP.Outbrowse.StartNOW.Bundler (M), PUP.Amonetize.Ukra2006.Bundler (M), PUP.Outbrowse (M)
100.00%

Avira AntiVirus
APPL/Outbrowse.Gen, APPL/OutBrowse.lwasp, PUA/Outbrowse.Gen, APPL/Downloader.Gen
37.50%

AhnLab V3 Security
PUP/Win32.OutBrowse
37.50%

Malwarebytes
PUP.Optional.OutBrowse, PUP.Optional.OutBrowse.gen
35.42%

ESET NOD32
Win32/OutBrowse.BP potentially unwanted application, Win32/OutBrowse.BQ potentially unwanted application, Win32/OutBrowse.BS potentially unwanted application
35.42%

AVG
Potentially harmful program Downloader.CXN, Potentially harmful program Downloader.CZS, Generic, Potentially harmful program Downloader.DHP
35.42%

Dr.Web
Trojan.OutBrowse.55, Adware.Downware.2081, Trojan.OutBrowse.76, Trojan.OutBrowse.77, infected with Trojan.OutBrowse.65, Trojan.OutBrowse.58
33.33%

McAfee
Adware-OutBrowse.d, Program.Adware-OutBrowse.b, Program.Adware-OutBrowse.e, Program.Adware-OutBrowse.a, Program.Adware-OutBrowse.d
33.33%

K7 AntiVirus
Unwanted-Program , Trojan , DoS-Trojan
33.33%

VIPRE Antivirus
Threat.4150696, Threat.4657539, Threat.4784459, Threat.4823950, Threat.5085447
31.25%

NANO AntiVirus
Trojan.Win32.OutBrowse.dgnlgr, Trojan.Win32.OutBrowse.dnberq, Trojan.Win32.OutBrowse.dnberl, Trojan.Win32.OutBrowse.dmxjlz
29.17%

Trend Micro House Call
Suspici.3E5BCE57, Suspici.572A0B99, Suspici.6DC2B25E, Suspici.FA106BD6, Suspici.F4CBE3E4, Suspici.1DA846D1, Suspici.D7386B62
25.00%

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse, Trojan.Win32.Agent, not-a-virus:AdWare.Win32.OutBrowse
25.00%

Sophos
Generic PUA IJ, PUA 'OutBrowse Revenyou', Generic PUA GO, Generic PUA DP, Generic PUA BG, Generic PUA CC
22.92%

G Data
Dropped:Application.Bundler.Outbrowse.AB, Win32.Application.Outbrowse, MemScan:Application.Bundler.Outbrowse.AN, MemScan:Application.Bundler.JU
22.92%

The domain get.file20desktop.com has been seen to resolve to the following 10 IP addresses.

ec2-54-175-102-143.compute-1.amazonaws.com
May 22, 2016

ec2-23-21-196-192.compute-1.amazonaws.com
April 2, 2016

ec2-204-236-219-53.compute-1.amazonaws.com
April 2, 2016

ec2-23-23-192-127.compute-1.amazonaws.com
October 15, 2015

ec2-107-22-180-19.compute-1.amazonaws.com
October 15, 2015

ec2-54-243-193-107.compute-1.amazonaws.com
May 5, 2015

ec2-23-23-223-111.compute-1.amazonaws.com
May 4, 2015

ec2-23-21-52-184.compute-1.amazonaws.com
May 4, 2015

ec2-54-196-192-2.compute-1.amazonaws.com
February 15, 2015

ec2-23-21-166-12.compute-1.amazonaws.com
December 1, 2014

File downloads found at URLs served by get.file20desktop.com.

1 / 68      (Adware)

1 / 68      (Adware)

The following file have been seen to comunicate with get.file20desktop.com in live environments.

URL:
http://get.file20desktop.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/8.0 (ASP.NET) (Version: 4.0.30319)