origin-ics.fivemillionfriends.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain origin-ics.fivemillionfriends.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in January of 2006. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Austin, Texas within the United States which resides on the YHC Corporation network.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Texas, United States (US)

Create date:
Monday, January 23, 2006

Expires date:
Monday, January 23, 2017

Updated date:
Sunday, January 24, 2016

ASN:
AS40034 CONFLUENCE-NETWORK-INC - Confluence Networks Inc,VG

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.BundloreLimited.F, PUP.Installer.appbundler.J, PUP.Pinball.Installer, PUP.Pinball.appbundler.Installer (M), PUP.Pinball.appbundl.Installer (M), PUP.Pinball.PinballC.Installer (M), PUP.Pinball (M)
87.50%

avast!
JS:ScriptIP-inf [Trj], Win32:Zango-AQ [PUP]
18.75%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A, Threat.Undefined, Adware:Win32/Hotbar
12.50%

Dr.Web
Adware.Downware.1598, Adware.Hotbar.700
12.50%

Avira AntiVirus
TR/Dropper.Gen, TR/Graftor.1098, ADWARE/Adware.Gen, TR/Spy.Gen4
12.50%

IKARUS anti.virus
Trojan-Dropper, not-a-virus:WebToolbar.Win32, Win32.SuspectCrc, not-a-virus:WebToolbar.Win32.Zango
12.50%

ESET NOD32
Win32/Bundlore (variant), Win32/Adware.HotBar (variant)
9.38%

Emsisoft Anti-Malware
Gen:Variant.Adware.Hotbar, Win32.SuspectCrc!IK, Riskware.WebToolbar.Win32.Zango!IK
9.38%

VIPRE Antivirus
Threat.4672643, Pinball Corporation.
9.38%

F-Prot
W32/HotBar.L.gen, W32/HotBar.O2.gen
9.38%

AVG
Adware Skodna.Generic_r.BM, Zango
9.38%

Kaspersky
not-a-virus:AdWare.Win32.ScreenSaver
9.38%

Quick Heal
Adware.Rugo.A, Adware.Hotbar.AZ4
9.38%

McAfee
Adware-HotBar.d
9.38%

K7 AntiVirus
Adware
9.38%

The domain origin-ics.fivemillionfriends.com has been seen to resolve to the following 5 IP addresses.

June 8, 2016

209-99-40-223.fwd.datafoundry.com
February 12, 2016

209-99-40-222.fwd.datafoundry.com
January 30, 2016

September 3, 2014

February 6, 2014

File downloads found at URLs served by origin-ics.fivemillionfriends.com.

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

30 / 68    (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

29 / 68    (Adware)

42 / 68    (Adware)

1 / 68      (inconclusive)

1 / 68      (inconclusive)

 
Latest 30 of 32 download URLs

The following 57 files have been seen to comunicate with origin-ics.fivemillionfriends.com in live environments.

 
Latest 20 of 83 files

URL:
http://origin-ics.fivemillionfriends.com/

Web server:
Apache

Facebook:
Shares:  1

Statistics are for the previous month.