home

get.file20desktop.com

OutBrowse

Domain Information

The domain get.file20desktop.com registered by OutBrowse was initially registered in May of 2014 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Sunday, May 25, 2014

Expires date:
Wednesday, May 25, 2016

Updated date:
Tuesday, June 16, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
file20desktop.com

Whois:
2 file20desktop.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SalyutemPlyus.F, PUP.SalyutemPlyus.Z, PUP.MARIMARA.J, PUP.OUTBROWSE.U, PUP.TiKiTaKa, PUP.Outbrowse, PUP.Bundler.Outbrowse, Threat.Outbrowse.Bundler, PUP.Outbrowse.TikiTaka.Bundler (M), PUP.Outbrowse.ClickTOStart.Bundler (M), PUP.Outbrowse.Outborwse.Installer (M), PUP.Outbrowse.SalyutemPlyus.Bundler (M), PUP.Outbrowse.ClickToS.Bundler (M), PUP.Outbrowse.bestApp.Bundler (M), PUP.Outbrowse.TIKITaka.Bundler (M), PUP.Outbrowse.Salyutem.Bundler (M), PUP.Outbrowse.Clickyes.Bundler (M), PUP.Outbrowse.StartPLA.Bundler (M), PUP.Outbrowse.YesApps.Bundler (M), PUP.Outbrowse.ClickYes.Bundler (M), PUP.Outbrowse.JustAcce.Bundler (M), PUP.Outbrowse.SafeSoft.Bundler (M), PUP.Outbrowse.StartNOW.Bundler (M), PUP.Amonetize.Ukra2006.Bundler (M), PUP.Outbrowse (M)
100.00%

Avira AntiVirus
APPL/Outbrowse.Gen, APPL/OutBrowse.lwasp, PUA/Outbrowse.Gen, APPL/Downloader.Gen
37.50%

AhnLab V3 Security
PUP/Win32.OutBrowse
37.50%

Malwarebytes
PUP.Optional.OutBrowse, PUP.Optional.OutBrowse.gen
35.42%

ESET NOD32
Win32/OutBrowse.BP potentially unwanted application, Win32/OutBrowse.BQ potentially unwanted application, Win32/OutBrowse.BS potentially unwanted application
35.42%

AVG
Potentially harmful program Downloader.CXN, Potentially harmful program Downloader.CZS, Generic, Potentially harmful program Downloader.DHP
35.42%

Dr.Web
Trojan.OutBrowse.55, Adware.Downware.2081, Trojan.OutBrowse.76, Trojan.OutBrowse.77, infected with Trojan.OutBrowse.65, Trojan.OutBrowse.58
33.33%

McAfee
Adware-OutBrowse.d, Program.Adware-OutBrowse.b, Program.Adware-OutBrowse.e, Program.Adware-OutBrowse.a, Program.Adware-OutBrowse.d
33.33%

K7 AntiVirus
Unwanted-Program , Trojan , DoS-Trojan
33.33%

VIPRE Antivirus
Threat.4150696, Threat.4657539, Threat.4784459, Threat.4823950, Threat.5085447
31.25%

NANO AntiVirus
Trojan.Win32.OutBrowse.dgnlgr, Trojan.Win32.OutBrowse.dnberq, Trojan.Win32.OutBrowse.dnberl, Trojan.Win32.OutBrowse.dmxjlz
29.17%

Trend Micro House Call
Suspici.3E5BCE57, Suspici.572A0B99, Suspici.6DC2B25E, Suspici.FA106BD6, Suspici.F4CBE3E4, Suspici.1DA846D1, Suspici.D7386B62
25.00%

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse, Trojan.Win32.Agent, not-a-virus:AdWare.Win32.OutBrowse
25.00%

Sophos
Generic PUA IJ, PUA 'OutBrowse Revenyou', Generic PUA GO, Generic PUA DP, Generic PUA BG, Generic PUA CC
22.92%

G Data
Dropped:Application.Bundler.Outbrowse.AB, Win32.Application.Outbrowse, MemScan:Application.Bundler.Outbrowse.AN, MemScan:Application.Bundler.JU
22.92%

The domain get.file20desktop.com has been seen to resolve to the following 10 IP addresses.

54.175.102.143
ec2-54-175-102-143.compute-1.amazonaws.com
May 22, 2016

23.21.196.192
ec2-23-21-196-192.compute-1.amazonaws.com
April 2, 2016

204.236.219.53
ec2-204-236-219-53.compute-1.amazonaws.com
April 2, 2016

23.23.192.127
ec2-23-23-192-127.compute-1.amazonaws.com
October 15, 2015

107.22.180.19
ec2-107-22-180-19.compute-1.amazonaws.com
October 15, 2015

54.243.193.107
ec2-54-243-193-107.compute-1.amazonaws.com
May 5, 2015

23.23.223.111
ec2-23-23-223-111.compute-1.amazonaws.com
May 4, 2015

23.21.52.184
ec2-23-21-52-184.compute-1.amazonaws.com
May 4, 2015

54.196.192.2
ec2-54-196-192-2.compute-1.amazonaws.com
February 15, 2015

23.21.166.12
ec2-23-21-166-12.compute-1.amazonaws.com
December 1, 2014

File downloads found at URLs served by get.file20desktop.com.

1 / 68      (Adware)
http://get.file20desktop.com/.../Get?p=2328&d=8873&l=8351&n=1&filename=Evasi0n7 1.0.7  (evasi0n7 1.0.7.exe)

0 / 68
http://get.file20desktop.com/.../Get?p=2329&d=25076&l=24264&n=1&filename=Odin v3.10  (odin v3.10.exe)

1 / 68      (Adware)
http://get.file20desktop.com/.../Get?p=2266&d=23081&l=22275&n=1&filename=UH Hack V1.1.7  (uh hack v1.1.7.exe)

1 / 68      (Adware)
http://get.file20desktop.com/.../Get?baidusign=17768912&baidurand=23678  (installation.exe)

1 / 68      (Adware)
http://get.file20desktop.com/.../Get?p=2328&d=19839&l=19002&n=1&filename=pangu 1.2.0  (pangu 1.2.0.exe)

1 / 68      (Adware)
http://get.file20desktop.com/.../Get?p=2329&d=14883&l=14239&n=1&filename=Odin V3.07  (odin v3.07.exe)

1 / 68      (Adware)
http://get.file20desktop.com/.../Get?p=2328&d=25140&l=24329&n=1&filename=iRooT  (iroot.exe)

0 / 68
http://get.file20desktop.com/.../8751&d=25359&l=24558&n=1&filename=FileiceDownloader"  (flashplayerpro.exe)

1 / 68      (Adware)
http://get.file20desktop.com/.../Get?baidusign=17768912&baidurand=19418  (installation.exe)

1 / 68      (Adware)
http://get.file20desktop.com/.../Get?p=17745&d=13009&l=12408&n=1&dynamicname=IDM activation .serialyacrack.blogspot.com.rar&filename=IDM activation .serialyacrack.blogspot.com.rar  (idm activation.serialyacrack.blogspot.com.rar.exe)

22 / 68    (Adware)
http://get.file20desktop.com/.../Get?p=2329&d=10099&l=9541&n=1&filename=Odin v3.07  (odin v3.07.exe)

25 / 68    (Adware)
http://get.file20desktop.com/DownloadManager/Get2?p=414&d=24027&l=9338&n=1&productname=free-downloadss.com&d1=1&d2=1&d3=1&d4=1&d5=40084&exeurl=http://mse.dlservice.microsoft.com/download/A/3/8/A38FFBF2-1122-48B4-AF60-E44F6DC28BD8/enus/.../mseinstall.exe&dynamicname=Microsoft Security Essentials&filename=Microsoft Security Essentials  (microsoft security essentials.exe)

18 / 68    (Adware)
http://get.file20desktop.com/DownloadManager/Get2?p=414&d=9892&l=9338&n=1&productname=free-downloadss.com&d1=1&d2=1&d3=1&d4=1&d5=150140&exeurl=http://downloadeu1.teamviewer.com/.../TeamViewer_Setup.exe&dynamicname=TeamViewer&filename=TeamViewer  (teamviewer.exe)

16 / 68    (Adware)
http://get.file20desktop.com/.../Get?p=5466&d=12647&l=12054&n=1&filename=Windows7 Loader Activator  (windows7 loader activator.exe)

28 / 68    (Adware)
http://get.file20desktop.com/DownloadManager/Get2?p=414&d=9892&l=9338&n=1&productname=free-downloadss.com&d1=1&d2=1&d3=1&d4=1&d5=60004&exeurl=http://dl.google.com/chrome/install/.../chrome_installer.exe&dynamicname=Update_Google_Chrome&filename=Update_Google_Chrome  (update_google_chrome.exe)

15 / 68    (Adware)
http://get.file20desktop.com/DownloadManager/Get2?p=414&d=24027&l=9338&n=1&productname=free-downloadss.com&d1=1&d2=1&d3=1&d4=1&d5=150302&exeurl=http://download.skype.com/.../SkypeSetup.exe&dynamicname=Skype&filename=Skype  (skype.exe)

7 / 68      (Adware)
http://get.file20desktop.com/DownloadManager/Get2?p=414&d=24027&l=9338&n=1&productname=free-downloadss.com&d1=1&d2=1&d3=1&d4=1&d5=40653&exeurl=http://media.steampowered.com/client/.../SteamSetup.exe&dynamicname=Steam&filename=Steam  (steam.exe)

23 / 68    (Adware)
http://get.file20desktop.com/DownloadManager/Get?p=1418&d=24816&l=23999&n=1&&exeurl=http://www.movier.tv/.../Movier-Installer-silent.exe&dynamicname=Movier&filename=Movier Installer  (movier installer.exe)

11 / 68    (Adware)
http://get.file20desktop.com/.../Get?p=2328&d=25155&l=24345&n=1&filename=TaiG 1.2.0 jailbreak  (taig 1.2.0 jailbreak.exe)

The following file have been seen to comunicate with get.file20desktop.com in live environments.

TCP » 54.196.192.2:80
ContentExplorer.exe (ContentExplorer)

URL:
http://get.file20desktop.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/8.0 (ASP.NET) (Version: 4.0.30319)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.