fs06n5.sendspace.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

SendSpace is a file distribution service that bundles unwanted malware/adware in its download manager. This malware is inserted by WebPick Internet Holdings and utilizes the company's InstalleRex platfom using the JustPlugIt toolbar extensions along with other potentially unwanted offers. In addition the download manager provides minimal user consent to opt-out of the offers. The domain fs06n5.sendspace.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2005. Currently this domain has been known to host various forms of malware. The hosted servers are located in Chicago, Illinois within the United States which resides on the nLayer Communications, Inc. network.
Remove Malware from fs06n5.sendspace.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Illinois, United States (US)

Create date:
Thursday, July 14, 2005

Expires date:
Sunday, July 14, 2019

Updated date:
Monday, February 10, 2014

ASN:
AS4436 AS-GTT-4436 - nLayer Communications, Inc.,US

Root domain:

Scanner detections:
Malware distribution  (60% detected)

Scan engine
Details
Detections

McAfee
Artemis!5F740F1EF035, Artemis!287FB91177C9
50.00%

K7 Gateway Antivirus
Backdoor , Hacktool
50.00%

Norman
Bicololo.PW, Suspicious_Gen5.AKEYE
50.00%

McAfee Web Gateway
Artemis!5F740F1EF035
50.00%

AVG
Win32/DH, SpamTool
50.00%

VIPRE Antivirus
Trojan.Win32.Generic, Trojan.Win32.Generic.pak!cobra
50.00%

Bitdefender
Gen:Variant.Kazy.312430, Gen:Variant.Strictor.98678
50.00%

Lavasoft Ad-Aware
Gen:Variant.Kazy.312430, Gen:Variant.Strictor.98678
50.00%

Emsisoft Anti-Malware
Gen:Variant.Kazy.312430, Gen:Variant.Strictor.98678
50.00%

ViRobot
JS.A.Iframe.53248.V
25.00%

The Hacker
Trojan/Dropper.Dapato.slg
25.00%

Total Defense
Win32/Jorik.KJ
25.00%

Trend Micro House Call
TROJ_GEN.F47V0117
25.00%

Avira AntiVirus
TR/Agent.10148969
25.00%

Qihoo 360 Security
Win32/Trojan.973
25.00%

The domain fs06n5.sendspace.com has been seen to resolve to the following IP address.

ip-69-31-136-29.nlayer.net
April 20, 2014

File downloads found at URLs served by fs06n5.sendspace.com.

The following file have been seen to comunicate with fs06n5.sendspace.com in live environments.

URL:
http://fs06n5.sendspace.com/

SSL certificate subject:
CN=*.sendspace.com, OU=Domain Control Validated

SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:
nginx

Facebook:
Shares:  2

Statistics are for the previous month.

Remove Malware from fs06n5.sendspace.com - Powered by Reason Core Security