SendSpace is a file distribution service that bundles unwanted malware/adware in its download manager. This malware is inserted by WebPick Internet Holdings and utilizes the company's InstalleRex platfom using the JustPlugIt toolbar extensions along with other potentially unwanted offers. In addition the download manager provides minimal user consent to opt-out of the offers. The domain www.sendspace.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2005. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the nLayer Communications, Inc. network.
Illinois, United States (US)
Thursday, July 14, 2005
Sunday, July 14, 2019
Monday, February 10, 2014
AS4436 AS-NLAYER - nLayer Communications, Inc.
Detections (79% detected)
Adware.WebPick.Installer.q, PUP.OlehAleksyuk.g, Adware.WebPick.Installer.v, Adware.WebPick.Installer.L, PUP.OlehAleksyuk.L, Threat.Win.Reputation.IMP, Adware.WebPick.Installer.V, PUP.WebPick, Adware.WebPick.Installer (M), PUP.OlehAleksyuk (M)
PUA 'InstallRex', PUA 'MultiPlug' (of type Adware), Generic PUA HE (PUA), Generic PUA JO (PUA), Generic PUA EF (PUA), Generic PUA CI (PUA)
Win32/InstalleRex.P potentially unwanted application, Win32/Adware.MultiPlug.DZ application, Win32/InstalleRex.L potentially unwanted application, Win32/Amonetize.HN potentially unwanted application
Unwanted-Program , Trojan
Riskware.Win32.InfoLeak.cvgqot, Riskware.Win32.MultiPlug.djpucs, Riskware.Win32.Downware.crcxkc, Riskware.Win32.Downware.ctkpgl
K7 Gateway Antivirus
Unwanted-Program , Trojan
Downware.TSU, AdWare.MultiPlug, SScope.Adware.MultiPlug, suspected of Heur.Malware-Cryptor.Multiplug, AdWare.Agent, Downware.MultiPlug.gen
InstallRex, Adware Generic_r.XD, InstallRex.7cb, Adware Generic_r.WW, Adware Generic5.BKFP, Adware Generic_r.VD, Adware Generic5.BUXW
Trojan.WebPick.29, Trojan.WebPick.2984, Adware.Downware.1719, Adware.Downware.1541, BackDoor.Andromeda.493, Trojan.WebPick.2452, Trojan.Crossrider.37389, infected with Trojan.Amonetize.4075
TR/Kazy.324119.11, Adware/MultiPlug.bfp, Adware/InstallRex.S, Adware/InstallRex.V, TR/Crypt.XPACK.Gen, Adware/InstallRex.HI
Win32.Application.EZDownloader, Gen:Variant.Adware.Kazy.474603, Win32.Application.InstalleRex, Trojan.Generic.11463028, Gen:Variant.Adware.Mplug.21
PUP-FHQ, Program.MultiPlug-FTA, Program.PUP-FHQ, Program.MultiPlug-FSY, Program.MultiPlug-FOQ, Program.PUP-FMK, MultiPlug-FRO, Program.Artemis!BCB1A505E639
Trojan.Win32.AntiFW, not-a-virus:AdWare.Win32.MultiPlug, not-a-virus:HEUR:Downloader.Win32.AdLoad, not-a-virus:AdWare.Win32.Amonetize
McAfee Web Gateway
BehavesLike.Win32.Downloader.fc, BehavesLike.Win32.Downloader.dc, BehavesLike.Win32.AdwareDoma.dc, BehavesLike.Win32.CryptDoma.cc
W32/InstallRex.B.gen, W32/A-b5918a94, W32/A-02d9686a, W32/S-a45e7af1, W32/A-b5b7d511, W32/A-1123bd76, W32/S-246e40d1, W32/S-05e718fa
The domain www.sendspace.com has been seen to resolve to the following IP address.
December 27, 2013
File downloads found at URLs served by www.sendspace.com.
Latest 30 of 173 download URLs
The following 3 files have been seen to comunicate with www.sendspace.com in live environments.
“Free large file hosting. Send big files the easy way!”
“Free file hosting. Email large files for free.”
SSL certificate subject:
CN=*.sendspace.com, OU=Domain Control Validated
SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."
Statistics are for the previous month.