home

get.2secondsfiles.net

OutBrowse

Domain Information

The domain get.2secondsfiles.net registered by OutBrowse was initially registered in August of 2014 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Tuesday, August 26, 2014

Expires date:
Friday, August 26, 2016

Updated date:
Thursday, August 27, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
2secondsfiles.net

Whois:
2 2secondsfiles.net records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ClickYes.O, PUP.ClickYes.N, PUP.OUTBROWSE.L, PUP.ClickYes.S, PUP.ClickYes.U, PUP.Outbrowse, PUP.Bundler.Outbrowse, PUP.Outbrowse.Bundler (M), PUP.Outbrowse.StartNow.Bundler (M), PUP.Outbrowse.StartPlaying.Bundler (M), PUP.Outbrowse.MariMara.Bundler (M), PUP.Outbrowse.ClickYes.Bundler (M)
100.00%

McAfee
Adware-OutBrowse.b, Artemis!7868ADB1B3EA, Adware-OutBrowse.c, Program.Adware-OutBrowse.c
29.63%

Dr.Web
infected with Trojan.Packed.29192, Adware.Downware.6169, Trojan.OutBrowse.6, Trojan.OutBrowse.14
25.93%

Malwarebytes
PUP.Optional.ClickYes, PUP.Optional.OutBrowse, PUP.Optional.Maru
25.93%

Avira AntiVirus
APPL/Downloader.Gen, APPL/OutBrowse.lwasp, APPL/OutBrowse.pao, APPL/Outbrowse.Gen, PUA/Outbrowse.Gen
25.93%

AVG
Potentially harmful program Downloader.CBV, Generic, Potentially harmful program Downloader.CGO, Potentially harmful program Downloader.CFA
25.93%

ESET NOD32
Win32/OutBrowse.AY potentially unwanted application, Win32/OutBrowse.BJ potentially unwanted application, Win32/OutBrowse.BK potentially unwanted application
22.22%

VIPRE Antivirus
Threat.4784459, Threat.4150696
22.22%

K7 AntiVirus
Unwanted-Program
22.22%

Sophos
OutBrowse Revenyou, Generic PUA CI, PUA 'OutBrowse Revenyou', Generic PUA BM
22.22%

Trend Micro House Call
Suspici.E02573A0, Suspici.3B70B417, TROJ_GE.C107764F, Suspici.173023CD
18.52%

avast!
Malware-gen, Adware-gen [Adw], OutBrowse-AX [PUP], OutBrowse-AJ [PUP]
18.52%

NANO AntiVirus
Trojan.Win32.OutBrowse.didlil, Trojan.Win32.OutBrowse.diikds, Trojan.Win32.OutBrowse.djpwjc
14.81%

AhnLab V3 Security
PUP/Win32.Eorezo, PUP/Win32.OutBrowse
14.81%

Fortinet FortiGate
Riskware/OutBrowse
14.81%

The domain get.2secondsfiles.net has been seen to resolve to the following 13 IP addresses.

50.19.244.143
ec2-50-19-244-143.compute-1.amazonaws.com
April 18, 2016

54.225.72.141
ec2-54-225-72-141.compute-1.amazonaws.com
April 14, 2016

107.20.138.96
ec2-107-20-138-96.compute-1.amazonaws.com
February 27, 2016

54.225.153.30
ec2-54-225-153-30.compute-1.amazonaws.com
February 27, 2016

23.23.103.119
ec2-23-23-103-119.compute-1.amazonaws.com
February 9, 2016

50.17.223.83
ec2-50-17-223-83.compute-1.amazonaws.com
February 9, 2016

23.21.57.253
ec2-23-21-57-253.compute-1.amazonaws.com
January 3, 2016

107.20.184.213
ec2-107-20-184-213.compute-1.amazonaws.com
January 3, 2016

50.16.201.128
ec2-50-16-201-128.compute-1.amazonaws.com
January 3, 2016

54.83.21.61
ec2-54-83-21-61.compute-1.amazonaws.com
November 30, 2014

54.243.171.218
ec2-54-243-171-218.compute-1.amazonaws.com
November 29, 2014

174.129.0.95
ec2-174-129-0-95.compute-1.amazonaws.com
November 29, 2014

107.21.208.49
ec2-107-21-208-49.compute-1.amazonaws.com
November 3, 2014

File downloads found at URLs served by get.2secondsfiles.net.

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get3?ddd=1414544354&file=Get&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get?ddd=1416501128&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get?ddd=1414694745&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/DownloadManager/Get?ddd=1416416367&p=15593&d=21343&l=20431&n=1&productname=Setup&exeurl=https://download-installer.cdn.mozilla.net/pub/firefox/releases/30.0/win32/.../Firefox Setup 30.0.exe&dynamicname=Firefox&filename=Firefox  (firefox.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get5?ddd=1415939598&file=Get&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get?ddd=1416493487&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get?ddd=1415778791&p=16434&d=22135&l=21329&n=1  (nsp18cb.tmp)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get3?ddd=1414179753&file=Get&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get3?ddd=1414434918&file=Get&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get?ddd=1414873116&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get5?ddd=1415901640&file=Get&p=16434&d=22135&l=21329&n=1  (nspcbc7.tmp)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get5?ddd=1415908784&file=Get&p=16434&d=22135&l=21329&n=1  (nsb9dc1.tmp)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get1?ddd=1415199696&file=Get&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get1?ddd=1415635490&file=Get&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get1?ddd=1415505011&file=Get&p=16434&d=22135&l=21329&n=1  (nsr6d4f.tmp)

1 / 68      (Adware)
http://get.2secondsfiles.net/DownloadManager/Get3?ddd=1414513187&file=Get2&p=414&d=9892&l=9338&n=1&productname=free-downloadss.com&d1=1&d2=1&d3=1&d4=1&d5=60014&exeurl=http://dl.google.com/chrome/install/.../chrome_installer.exe&dynamicname=Update_Google_Chrome&filename=Update_Google_Chrome  (update_google_chrome.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get4?ddd=1415066759&file=Get&p=16434&d=22135&l=21329&n=1  (installation.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/.../Get3?ddd=1414473069&file=Get&p=16034&d=22037&l=21229&n=1&dynamicname=Hack Tool&filename=Hack_2014  (hack_2014.exe)

24 / 68    (Adware)
http://get.2secondsfiles.net/DownloadManager/Get5?ddd=1415956100&file=Get&p=3346&d=8724&l=8201&n=1&productname=Burn4Free DVD Copy&filename=Burn4Free DVD Copy&dynamicname=Burn4Free DVD Copy&exeurl=http://.../burn4free-setup-silent.exe  (burn4free dvd copy.exe)

23 / 68    (Adware)
http://get.2secondsfiles.net/.../Get5?gbg=1416152941&file=Get&p=13481&d=19421&l=18584&n=1&productname=LimeWire Music 4.1.0&exeurl=LimeWire Music - Download&dynamicname=LimeWire Music 4.1.0&filename=LimeWire Music 4.1.0&dt=1416127737  (limewire music 4.1.0.exe)

16 / 68    (Adware)
http://get.2secondsfiles.net/.../Get4?ddd=1415083156&file=Get&p=3916&d=22334&l=21516&n=1&filename=file installer&x=2&r=EL0ajm65  (file installer.exe)

14 / 68    (Adware)
http://get.2secondsfiles.net/DownloadManager/Get?ddd=1416643171&file=Get2&p=414&d=24027&l=9338&n=1&productname=free-downloadss.com&d1=1&d2=1&d3=1&d4=1&d5=40205&exeurl=http://dl.google.com/chrome/install/.../chrome_installer.exe&dynamicname=Update_Google_Chrome&filename=Update_Google_Chrome  (update_google_chrome.exe)

5 / 68      (Adware)
http://get.2secondsfiles.net/.../Get?sdd=1413966902&p=3916&d=22334&l=21516&n=1&filename=file installer&x=2&r=a5kmKm05  (file installer.exe)

1 / 68      (Adware)
http://get.2secondsfiles.net/DownloadManager/Get?ddd=1416876402&p=1831&d=17125&l=16317&n=1&productname=calculette.rar&exeurl=http://.../ep6Mmb&dynamicname=calculette.rar&filename=calculette.rar  (calculette.rar.exe)

12 / 68    (Adware)
http://get.2secondsfiles.net/DownloadManager/Get?gbg=1416568116&p=3346&d=8724&l=8201&n=1&productname=Burn4Free DVD Copy&filename=Burn4Free DVD Copy&dynamicname=Burn4Free DVD Copy&exeurl=http://.../burn4free-setup-silent.exe  (burn4free dvd copy.exe)

17 / 68    (Adware)
http://get.2secondsfiles.net/DownloadManager/Get3?ddd=1414482857&file=Get2&p=414&d=9892&l=9338&n=1&productname=free-downloadss.com&d1=1&d2=1&d3=1&d4=1&d5=40006&exeurl=http://sdlc-esd.sun.com/ESD6/JSCDL/jdk/.../jre-7u51-windows-x64.exe&dynamicname=Java_Update&filename=Java_Update  (java_update.exe)

7 / 68      (Adware)
http://get.2secondsfiles.net/DownloadManager/Get?ddd=1414890863&p=15593&d=21257&l=20431&n=1&productname=Setup&exeurl=http://aa-download.avg.com/filedir/.../avg_free_stb_all_2014_4259_softonic.exe&dynamicname=Antivirus AVG&filename=Antivirus AVG  (antivirus avg.exe)

The following file have been seen to comunicate with get.2secondsfiles.net in live environments.

TCP » 54.83.21.61:443
Client.exe

TCP » 54.83.21.61:80
Client.exe

URL:
http://get.2secondsfiles.net/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/8.0 (ASP.NET) (Version: 4.0.30319)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.