The domain origin-ics.fivemillionfriends.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in January of 2006. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Austin, Texas within the United States which resides on the YHC Corporation network.
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Texas, United States (US)
Monday, January 23, 2006
Monday, January 23, 2017
Sunday, January 24, 2016
AS40034 CONFLUENCE-NETWORK-INC - Confluence Networks Inc,VG
Detections (67% detected)
PUP.Installer.BundloreLimited.F, PUP.Installer.appbundler.J, PUP.Pinball.Installer, PUP.Pinball.appbundler.Installer (M)
JS:ScriptIP-inf [Trj], Win32:Zango-AQ [PUP]
W32/Sality.AT, TR/Dropper.Gen, TR/Graftor.1098, ADWARE/Adware.Gen, TR/Spy.Gen4
Win32.Sector.21, Adware.Downware.1598, Adware.Hotbar.700
W32/Sality.gen2, W32/HotBar.L.gen, W32/HotBar.O2.gen
Microsoft Security Essentials
Trojan-Dropper, not-a-virus:WebToolbar.Win32, Win32.SuspectCrc, not-a-virus:WebToolbar.Win32.Zango
Win32/Bundlore (variant), Win32/Adware.HotBar (variant)
Gen:Variant.Adware.Hotbar, Win32.SuspectCrc!IK, Riskware.WebToolbar.Win32.Zango!IK
Threat.4672643, Pinball Corporation.
Adware Skodna.Generic_r.BM, Zango
The domain origin-ics.fivemillionfriends.com has been seen to resolve to the following 4 IP addresses.
February 12, 2016
January 30, 2016
File downloads found at URLs served by origin-ics.fivemillionfriends.com.
The following 3 files have been seen to comunicate with origin-ics.fivemillionfriends.com in live environments.
Statistics are for the previous month.