home

get.file8desktop.com

OutBrowse

Domain Information

The domain get.file8desktop.com registered by OutBrowse was initially registered in May of 2014 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Quebec, Canada (CA)

Create date:
Sunday, May 25, 2014

Expires date:
Wednesday, May 25, 2016

Updated date:
Tuesday, June 16, 2015

Root domain:
file8desktop.com

Whois:
1 file8desktop.com record

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.SalyutemPlyus.K, PUP.CLICKTOSTART, PUP.Outbrowse.CLICKTOSTART.Bundler (M), PUP.Outbrowse.Salyutem.Bundler (M), PUP.Outbrowse.TiKiTaKa.Bundler (M), PUP.Outbrowse (M)
100.00%

ESET NOD32
Win32/OutBrowse.BQ potentially unwanted application, Win32/OutBrowse.BS potentially unwanted application
28.57%

Dr.Web
Trojan.OutBrowse.55, infected with Trojan.OutBrowse.65
28.57%

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
28.57%

Malwarebytes
PUP.Optional.OutBrowse
28.57%

Trend Micro House Call
Suspici.37ED827C, Suspici.AF8C44A8
28.57%

Avira AntiVirus
APPL/Downloader.Gen, APPL/Outbrowse.Gen
28.57%

AhnLab V3 Security
PUP/Win32.OutBrowse
28.57%

IKARUS anti.virus
Trojan-Clicker.Win32.Agent, PUA.OutBrowse
28.57%

AVG
Generic, Downloader
28.57%

Lavasoft Ad-Aware
MemScan:Application.Bundler.JU
14.29%

VIPRE Antivirus
Threat.4150696
14.29%

McAfee
Program.Adware-OutBrowse.e
14.29%

Emsisoft Anti-Malware
MemScan:Application.Bundler.JU
14.29%

F-Secure
Riskware.MemScan:Application.Bundler.JU
14.29%

The domain get.file8desktop.com has been seen to resolve to the following 5 IP addresses.

167.114.156.214
ns513839.ip-167-114-156.net
August 16, 2016

54.175.102.143
ec2-54-175-102-143.compute-1.amazonaws.com
May 17, 2016

54.235.117.115
ec2-54-235-117-115.compute-1.amazonaws.com
January 4, 2016

174.129.32.168
ec2-174-129-32-168.compute-1.amazonaws.com
January 4, 2016

107.20.180.82
ec2-107-20-180-82.compute-1.amazonaws.com
January 4, 2016

File downloads found at URLs served by get.file8desktop.com.

1 / 68      (Adware)
http://get.file8desktop.com/DownloadManager/Get2?sd=1413736174&p=10096&d=19132&l=13577&n=1&productname=WinInstallDownloadManager&exeurl=https://creative.adobe.com/.../photoshop&dynamicname=Adobe Photoshop CC&filename=adobe-photoshop&d1=4  (adobe-photoshop.exe)

0 / 68
http://get.file8desktop.com/DownloadManager/Get?p=18044&d=24018&l=23220&n=1&productname=Download Manager&exeurl=http://download.skype.com/f91abd10a88c144359e4c598ef9928ca/partner/.../SkypeSetup.exe&dynamicname=Skype&S=os[Windows 7]__browser[Chrome]&d2=284729&filename=SkypeSetup  (3a362b61d11d7399047473ba586d25ed)

1 / 68      (Adware)
http://get.file8desktop.com/DownloadManager/Get?p=18044&d=24018&l=23220&n=1&productname=Download Manager&exeurl=http://download.skype.com/f91abd10a88c144359e4c598ef9928ca/partner/.../SkypeSetup.exe&dynamicname=Skype&S=0d78ad703d906a01368a18929457994d&d1=Windows 7&d2=284729&d3=Chrome&d4=&filename=SkypeSetup  (de8b7b3a447d3b9c0494d025ec6beb7c)

1 / 68      (Adware)
http://get.file8desktop.com/DownloadManager/Get?p=18044&d=24018&l=23220&n=1&productname=Download Manager&exeurl=http://download.skype.com/f91abd10a88c144359e4c598ef9928ca/partner/.../SkypeSetup.exe&dynamicname=Skype&S=os[Windows 8.1]__browser[Chrome]&d2=284729&filename=SkypeSetup  (51a107ce7d769e405e7fceffcbc73c39)

1 / 68      (Adware)
http://get.file8desktop.com/DownloadManager/Get?p=18044&d=24018&l=23220&n=1&productname=Download Manager&exeurl=http://download.skype.com/f91abd10a88c144359e4c598ef9928ca/partner/.../SkypeSetup.exe&dynamicname=Skype&S=os[Windows 8.1]__browser[Chrome]&d2=284729&filename=SkypeSetup  (1a2aaaaa5574b9a4cbb9339b38d1b9a0)

1 / 68      (Adware)
http://get.file8desktop.com/DownloadManager/Get?p=18044&d=24018&l=23220&n=1&productname=Download Manager&exeurl=http://download.skype.com/f91abd10a88c144359e4c598ef9928ca/partner/.../SkypeSetup.exe&dynamicname=Skype&S=os[Windows 7]__browser[Chrome]&d2=284729&filename=SkypeSetup  (90ea2c9bb29de8d505eccca1a694c63c)

24 / 68    (Adware)
http://get.file8desktop.com/DownloadManager/Get?p=19498&d=25694&l=24880&n=1&productname=DownloadManager&exeurl=http://image.dosgamesarchive.com/.../superspeed-xmas.zip&dynamicname=Super Speed: The Christmas Edition&filename=superspeed-xmas  (installation.exe)

10 / 68    (Adware)
http://get.file8desktop.com/DownloadManager/Get?p=18044&d=24018&l=23220&n=1&productname=Download Manager&exeurl=http://download.skype.com/f91abd10a88c144359e4c598ef9928ca/partner/.../SkypeSetup.exe&dynamicname=Skype&S=fdab2db3b531b91cfbd123361b823065&d1=Windows 7&d2=284729&d3=Chrome&d4=&filename=SkypeSetup  (f04edab40cefa4813a6e3206c10d2bcd)

The following 36 files have been seen to comunicate with get.file8desktop.com in live environments.

TCP » 167.114.156.214:3333
webproxy.exe

TCP » 167.114.156.214:80
setup_info.exe

TCP » 167.114.156.214:80
tencent.exe (by Tencent)

TCP » 167.114.156.214:80
rs.exe

TCP » 167.114.156.214:80
loader.exe (Updater by SOFTWARE AGILITY LIMITED)

TCP » 167.114.156.214:80
win.exe (SendStat Module)

TCP » 167.114.156.214:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 167.114.156.214:80
ProxyFinder.EXE (Proxy Finder Enterprise Edition Application)

TCP » 167.114.156.214:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 167.114.156.214:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 167.114.156.214:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 167.114.156.214:80
deamon.exe

TCP » 167.114.156.214:80
run_css.exe

TCP » 167.114.156.214:1177
pirater facebook v1.0.exe

TCP » 167.114.156.214:80
Updater.exe (Updater)

TCP » 167.114.156.214:80
internet tv.exe

TCP » 167.114.156.214:80
kingtranslatesetup.exe (KingTranslate by Bandoo Media Inc)

TCP » 167.114.156.214:80
kingtranslatesetup-r0-n-bc.exe (KingTranslate by Koyote-Lab)

TCP » 167.114.156.214:80
ContentFinder.exe (ContentFinder by DigitalSoftware Group)

TCP » 167.114.156.214:80
Updater.exe (Updater)

 
Latest 20 of 41 files

URL:
http://get.file8desktop.com/

Web server:
Microsoft-IIS/8.0 (ASP.NET) (Version: 4.0.30319)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.