» www.sendspace.com
Overview
Analysis
IPs Addresses (1)
Downloads (459)
Network (3)
Website Detail
Statistics

www.sendspace.com

Domains By Proxy, LLC (Proxy Registrant)

Domain Information

SendSpace is a file distribution service that bundles unwanted malware/adware in its download manager. This malware is inserted by WebPick Internet Holdings and utilizes the company's InstalleRex platfom using the JustPlugIt toolbar extensions along with other potentially unwanted offers. In addition the download manager provides minimal user consent to opt-out of the offers. The domain www.sendspace.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2005. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the nLayer Communications, Inc. network.

Registrant:

Domains By Proxy, LLC

Registrar:

GODADDY.COM, LLC

Server location:

Illinois, United States (US)

Create date:

Thursday, July 14, 2005

Expires date:

Sunday, July 14, 2019

Updated date:

Monday, February 10, 2014

ASN:

AS4436 AS-NLAYER - nLayer Communications, Inc.

Root domain:

sendspace.com

Whois:

2 sendspace.com records

Scanner detections:

Detections (60% detected)

Scan engine

Details

Detections

Reason Heuristics

Adware (M), Threat.Win.Reputation.IMP, Adware.Bundler (M), Adware.Amonetize (M), PUP.WebPick (M), PUP (M)

93.33%

ESET NOD32

Win32/AdWare.MultiPlug.CB application, Win32/Adware.MultiPlug.DZ application, Win32/AdWare.MultiPlug.CT application

10.00%

Microsoft Security Essentials

Threat.Undefined, BrowserModifier:Win32/Diplugem

6.67%

AVG

Adware Generic5.BKEB, Adware Generic_r.VD

6.67%

avast!

Win32:Agent-AYLT [PUP]

3.33%

Emsisoft Anti-Malware

Adware.MultiPlug.AJ

3.33%

The domain www.sendspace.com has been seen to resolve to the following IP address.

69.31.136.5

ip-69-31-136-5.nlayer.net

December 27, 2013

File downloads found at URLs served by www.sendspace.com.

1 / 68 (PUP)

https://www.sendspace.com/.../m2ammv (neswangynetmp__15047_i1597227120_il2013390.exe.rar)

0 / 68

https://www.sendspace.com/.../7utzks (7utzks.htm)

1 / 68 (Adware)

http://www.sendspace.com/.../kgnjcn (eof 2013 sf1.rar.exe)

1 / 68 (Adware)

http://www.sendspace.com/.../3buzor (easu.rar.exe)

1 / 68 (Adware)

https://www.sendspace.com/.../jhzji8 (Track10.mp3.exe)

1 / 68 (PUP)

https://www.sendspace.com/.../sdbvrh (brazilianmodcmoriginalvirgemrar__15047_i1593360734_il1398108.exe.rar)

0 / 68

https://www.sendspace.com/.../or0kbz (hacker crossfire al atulizado 2.0 rl.exe)

0 / 68

https://www.sendspace.com/.../sntgr6 (wallhack by shock.exe)

1 / 68 (PUP)

https://www.sendspace.com/.../0ip0vl (mrocznetajemnicedubbing2.02.exe__15047_i1677314760_il2351669.rar)

3 / 68 (PUP)

https://www.sendspace.com/.../jjxt0w (tzn rotter.rar.exe)

0 / 68

https://www.sendspace.com/.../dv44zj (hack crossfire al.exe)

0 / 68

https://www.sendspace.com/.../4rzata (4rzata.htm)

1 / 68 (Adware)

http://www.sendspace.com/.../fcd0qn (laikike1 - so large prod. soulpete.mp3.exe)

1 / 68 (PUP)

https://www.sendspace.com/.../oezgen (isgkkzip__15047_i1595495404_il798969.exe.rar)

0 / 68

https://www.sendspace.com/.../ecr508 (tocky vibes -kisimusi anthany amp palmer.mp3.exe)

0 / 68

https://www.sendspace.com/.../o3qrle (o3qrle.htm)

0 / 68

https://www.sendspace.com/.../dm5rdf (darkrattingprogram.exe)

0 / 68

https://www.sendspace.com/.../briy1w (briy1w.htm)

1 / 68 (Adware)

http://www.sendspace.com/.../j95ghr (paiking date a live ii - 07 th720p.rar.exe)

1 / 68 (Adware)

http://www.sendspace.com/.../yl9m1r (multiman ver 04.18.00 base 20130106.zip.exe)

0 / 68

https://www.sendspace.com/.../swmrch (swmrch.htm)

1 / 68 (Adware)

http://www.sendspace.com/.../cwtq6z (promodel 7.rar.exe)

1 / 68 (Adware)

https://www.sendspace.com/pro/.../ejia4k (setup.exe)

0 / 68

https://www.sendspace.com/pro/.../th3r38 (vmprohotfix11.3.1-11.3.4.exe)

0 / 68

https://www.sendspace.com/pro/.../279d1e (vmprohotfix11.1.1-11.2.1.exe)

0 / 68

https://www.sendspace.com/pro/.../sov5e3 (vmprohotfix11.2.1-11.2.2.exe)

0 / 68

https://www.sendspace.com/pro/.../t1b69p (vmprohotfix11.2.2-11.2.4.exe)

0 / 68

https://www.sendspace.com/pro/.../jlod1z (vmprohotfix11.2.4-11.2.5.exe)

0 / 68

https://www.sendspace.com/pro/.../q5bko6 (sendspace wizard v1.6.0 windows installer.exe)

1 / 68 (Adware)

http://www.sendspace.com/.../7wu8w6 (usa top40 and top100 debuts - 11th may 2013 by banzsudsab.part1.rar.exe)

Latest 30 of 459 download URLs

The following 3 files have been seen to comunicate with www.sendspace.com in live environments.

TCP » 69.31.136.5:80

javaw.exe (Java Platform SE 7 U51 by Oracle)

TCP » 69.31.136.5:443

MiPony.exe (Mipony by www.mipony.net)

TCP » 69.31.136.5:443

MiPony.exe (Mipony by www.mipony.net)

URL:

http://www.sendspace.com/

Google Analytics:

UA-2221170

Title:

“Free large file hosting. Send big files the easy way!”

Description:

“Free file hosting. Email large files for free.”

SSL certificate subject:

CN=*.sendspace.com, OU=Domain Control Validated

SSL certificate issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:

nginx

Facebook:

Likes: 3,423

Shares: 11,116

Comments: 2,018

Compete.com:

US visitors: 453,787

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.