www.sendspace.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

SendSpace is a file distribution service that bundles unwanted malware/adware in its download manager. This malware is inserted by WebPick Internet Holdings and utilizes the company's InstalleRex platfom using the JustPlugIt toolbar extensions along with other potentially unwanted offers. In addition the download manager provides minimal user consent to opt-out of the offers. The domain www.sendspace.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2005. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the nLayer Communications, Inc. network.
Remove Malware from www.sendspace.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Illinois, United States (US)

Create date:
Thursday, July 14, 2005

Expires date:
Sunday, July 14, 2019

Updated date:
Monday, February 10, 2014

ASN:
AS4436 AS-NLAYER - nLayer Communications, Inc.

Root domain:

Scanner detections:
Detections  (79% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.WebPick.Installer.q, PUP.OlehAleksyuk.g, Adware.WebPick.Installer.v, Adware.WebPick.Installer.L, PUP.OlehAleksyuk.L, Threat.Win.Reputation.IMP, Adware.WebPick.Installer.V, PUP.WebPick, Adware.WebPick.Installer (M), PUP.OlehAleksyuk (M)
73.68%

Sophos
PUA 'InstallRex', PUA 'MultiPlug' (of type Adware), Generic PUA HE (PUA), Generic PUA JO (PUA), Generic PUA EF (PUA), Generic PUA CI (PUA)
73.68%

ESET NOD32
Win32/InstalleRex.P potentially unwanted application, Win32/Adware.MultiPlug.DZ application, Win32/InstalleRex.L potentially unwanted application, Win32/Amonetize.HN potentially unwanted application
71.05%

K7 AntiVirus
Unwanted-Program , Trojan
71.05%

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot, Riskware.Win32.MultiPlug.djpucs, Riskware.Win32.Downware.crcxkc, Riskware.Win32.Downware.ctkpgl
71.05%

K7 Gateway Antivirus
Unwanted-Program , Trojan
68.42%

Vba32 AntiVirus
Downware.TSU, AdWare.MultiPlug, SScope.Adware.MultiPlug, suspected of Heur.Malware-Cryptor.Multiplug, AdWare.Agent, Downware.MultiPlug.gen
68.42%

AVG
InstallRex, Adware Generic_r.XD, InstallRex.7cb, Adware Generic_r.WW, Adware Generic5.BKFP, Adware Generic_r.VD, Adware Generic5.BUXW
68.42%

Dr.Web
Trojan.WebPick.29, Trojan.WebPick.2984, Adware.Downware.1719, Adware.Downware.1541, BackDoor.Andromeda.493, Trojan.WebPick.2452, Trojan.Crossrider.37389, infected with Trojan.Amonetize.4075
65.79%

Avira AntiVirus
TR/Kazy.324119.11, Adware/MultiPlug.bfp, Adware/InstallRex.S, Adware/InstallRex.V, TR/Crypt.XPACK.Gen, Adware/InstallRex.HI
65.79%

G Data
Win32.Application.EZDownloader, Gen:Variant.Adware.Kazy.474603, Win32.Application.InstalleRex, Trojan.Generic.11463028, Gen:Variant.Adware.Mplug.21
65.79%

McAfee
PUP-FHQ, Program.MultiPlug-FTA, Program.PUP-FHQ, Program.MultiPlug-FSY, Program.MultiPlug-FOQ, Program.PUP-FMK, MultiPlug-FRO, Program.Artemis!BCB1A505E639
65.79%

Kaspersky
Trojan.Win32.AntiFW, not-a-virus:AdWare.Win32.MultiPlug, not-a-virus:HEUR:Downloader.Win32.AdLoad, not-a-virus:AdWare.Win32.Amonetize
63.16%

McAfee Web Gateway
BehavesLike.Win32.Downloader.fc, BehavesLike.Win32.Downloader.dc, BehavesLike.Win32.AdwareDoma.dc, BehavesLike.Win32.CryptDoma.cc
60.53%

F-Prot
W32/InstallRex.B.gen, W32/A-b5918a94, W32/A-02d9686a, W32/S-a45e7af1, W32/A-b5b7d511, W32/A-1123bd76, W32/S-246e40d1, W32/S-05e718fa
57.89%

The domain www.sendspace.com has been seen to resolve to the following IP address.

ip-69-31-136-5.nlayer.net
December 27, 2013

File downloads found at URLs served by www.sendspace.com.

1 / 68      (Adware)

0 / 68
https://www.sendspace.com/.../b5r2x4  (tutorialiphonewithcarrierallfileszip__15047_i1599591027_il517875.exe.rar)

0 / 68
https://www.sendspace.com/.../48h6o1  (rgscrar__15047_i1595534519_il1722965.exe.rar)

0 / 68
https://www.sendspace.com/.../0zk3nt  (srlchoosestopresentfullmixmp__15047_i1614259665_il72311.exe.rar)

0 / 68
https://www.sendspace.com/.../i68w6z  (rldmefxrar__15047_i1597178539_il2003446.exe.rar)

0 / 68
https://www.sendspace.com/pro/.../nmvqqw  (sendspace wizard v1.5.1 windows installer.exe)

1 / 68      (Adware)
http://www.sendspace.com/.../scl2b2  (engagement.rar.exe)

1 / 68      (Adware)
http://www.sendspace.com/.../3vdjnl  (swathi.mutyam_1985.zip.exe)

1 / 68      (Adware)
https://www.sendspace.com/.../th065s  (recipe2 for dessert.mp4.exe)

1 / 68      (Adware)
http://www.sendspace.com/.../v6zsmf  (uni p.alt.patch season 13-14.rar.exe)

0 / 68
https://www.sendspace.com/.../cwr99e  (rebuilt.difxapi.dll)

0 / 68
http://www.sendspace.com/quickdownload.html  (sendspace_downloader_7v5ybn.exe)

0 / 68
https://www.sendspace.com/.../u8vs7r  (easeusdatarecoverywizardzip__15047_i1613997443_il3918534.exe.rar)

8 / 68      (PUP)
https://www.sendspace.com/.../tb94go  (worldsapartsamizaynmp__15047_i1594085546_il1492278.exe.rar)

36 / 68    (PUP)
https://www.sendspace.com/.../impwet  (beamngfullrar__15047_i1609373093_il2841017.exe.rar)

1 / 68      (Adware)
http://www.sendspace.com/.../kuj57w  (anorexianevrosa.rar.exe)

35 / 68    (PUP)
https://www.sendspace.com/.../16i5fx  (photoshopcsexttwportablez__15047_i1597665382_il8174.exe.rar)

28 / 68    (PUP)
https://www.sendspace.com/.../pr4fiy  (vhsdefaultzip__15047_i1596373077_il1842515.exe.rar)

12 / 68    (PUP)
https://www.sendspace.com/.../9la23g  (sanddfndbmodrar__15047_i1613241364_il3717881.exe.rar)

16 / 68    (PUP)
https://www.sendspace.com/.../b7svw8  (plananoterar__15047_i1609272622_il2821307.exe.rar)

24 / 68    (PUP)
https://www.sendspace.com/.../luw056  (comgamecookstudiomotupatluapkfuncomapk__15047_i1594205898_il1509807.exe.rar)

21 / 68    (PUP)
https://www.sendspace.com/.../tu7dfs  (portableinfixpdfeditorprotwz__15047_i1596467422_il1857678.exe.rar)

13 / 68    (Adware)
http://www.sendspace.com/.../vcmoq8  (com.sega.chainchronicle-1.apk.exe)

1 / 68      (Malware)
https://www.sendspace.com/.../slwqqr  (multiman ver 04.66.05 base cex 20141129.pkg.exe)

16 / 68    (PUP)
https://www.sendspace.com/.../qex0er  (manuel entretien gsx 1400.pdf.exe)

1 / 68      (Adware)
http://www.sendspace.com/.../x15fl5  (dragonballrpg_v1_02_ha.apk.exe)

29 / 68    (PUP)
https://www.sendspace.com/.../p472uq  (ReBirth RB-338 2.0.1 Installer.zip.exe)

26 / 68    (Adware)
https://www.sendspace.com/quickdownload.html?lc=738k3k  (october 2014 data update.zip.exe)

29 / 68    (PUP)

 
Latest 30 of 173 download URLs

The following 3 files have been seen to comunicate with www.sendspace.com in live environments.

URL:
http://www.sendspace.com/

Google Analytics:
UA-2221170

Title:
“Free large file hosting. Send big files the easy way!”

Description:
“Free file hosting. Email large files for free.”

SSL certificate subject:
CN=*.sendspace.com, OU=Domain Control Validated

SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:
nginx

Facebook:
Likes:  3,023
Shares:  10,116
Comments:  1,718

Compete.com:
US visitors:  453,787

Statistics are for the previous month.

Remove Malware from www.sendspace.com - Powered by Reason Core Security