fs02n2.sendspace.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

SendSpace is a file distribution service that bundles unwanted malware/adware in its download manager. This malware is inserted by WebPick Internet Holdings and utilizes the company's InstalleRex platfom using the JustPlugIt toolbar extensions along with other potentially unwanted offers. In addition the download manager provides minimal user consent to opt-out of the offers. The domain fs02n2.sendspace.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2005. Currently this domain has been known to host various forms of malware. The hosted servers are located in Chicago, Illinois within the United States which resides on the nLayer Communications, Inc. network.
Remove Malware from fs02n2.sendspace.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Illinois, United States (US)

Create date:
Thursday, July 14, 2005

Expires date:
Sunday, July 14, 2019

Updated date:
Monday, February 10, 2014

ASN:
AS4436 AS-NLAYER - nLayer Communications, Inc.

Root domain:

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Trend Micro House Call
CRCK_PATCH, TROJ_GEN.F47V0407
100.00%

MicroWorld eScan
Gen:Variant.Graftor.105398
50.00%

Quick Heal
Trojan.Agent.ni
50.00%

McAfee
RDN/Generic PUP.z!do
50.00%

Malwarebytes
PUP.RiskwareTool.CK
50.00%

K7 Gateway Antivirus
Riskware
50.00%

NANO AntiVirus
Trojan.Win32.RiskTool.yflmr
50.00%

avast!
Win32:Patcher-AK [PUP]
50.00%

Bitdefender
Gen:Variant.Graftor.105398
50.00%

Agnitum Outpost
RiskTool.Patcher
50.00%

Lavasoft Ad-Aware
Gen:Variant.Graftor.105398
50.00%

Sophos
Troj/Agent-WFN
50.00%

Comodo Security
Heur.Suspicious
50.00%

F-Secure
Gen:Variant.Graftor.105398
50.00%

VIPRE Antivirus
Trojan.Win32.Agent.wfn
50.00%

The domain fs02n2.sendspace.com has been seen to resolve to the following IP address.

ip-69-31-136-13.nlayer.net
February 7, 2014

File downloads found at URLs served by fs02n2.sendspace.com.

URL:
http://fs02n2.sendspace.com/

SSL certificate subject:
CN=*.sendspace.com, OU=Domain Control Validated

SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:
nginx

Remove Malware from fs02n2.sendspace.com - Powered by Reason Core Security