The domain origin-ics.fivemillionfriends.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in January of 2006. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Austin, Texas within the United States which resides on the YHC Corporation network.
Registrant:
Privacy Protection Service INC d/b/a PrivacyProtect.org
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Server location:
Texas, United States (US)
Create date:
Monday, January 23, 2006
Expires date:
Monday, January 23, 2017
Updated date:
Sunday, January 24, 2016
ASN:
AS40034 CONFLUENCE-NETWORK-INC - Confluence Networks Inc,VG
Scanner detections:
Detections (88% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.BundloreLimited.F, PUP.Installer.appbundler.J, PUP.Pinball.Installer, PUP.Pinball.appbundler.Installer (M), PUP.Pinball.appbundl.Installer (M), PUP.Pinball.PinballC.Installer (M), PUP.Pinball (M)
87.50%
avast!
JS:ScriptIP-inf [Trj], Win32:Zango-AQ [PUP]
18.75%
Microsoft Security Essentials
Worm:Win32/NeksMiner.A, Threat.Undefined, Adware:Win32/Hotbar
12.50%
Dr.Web
Adware.Downware.1598, Adware.Hotbar.700
12.50%
Avira AntiVirus
TR/Dropper.Gen, TR/Graftor.1098, ADWARE/Adware.Gen, TR/Spy.Gen4
12.50%
IKARUS anti.virus
Trojan-Dropper, not-a-virus:WebToolbar.Win32, Win32.SuspectCrc, not-a-virus:WebToolbar.Win32.Zango
12.50%
ESET NOD32
Win32/Bundlore (variant), Win32/Adware.HotBar (variant)
9.38%
Emsisoft Anti-Malware
Gen:Variant.Adware.Hotbar, Win32.SuspectCrc!IK, Riskware.WebToolbar.Win32.Zango!IK
9.38%
VIPRE Antivirus
Threat.4672643, Pinball Corporation.
9.38%
F-Prot
W32/HotBar.L.gen, W32/HotBar.O2.gen
9.38%
AVG
Adware Skodna.Generic_r.BM, Zango
9.38%
Kaspersky
not-a-virus:AdWare.Win32.ScreenSaver
9.38%
Quick Heal
Adware.Rugo.A, Adware.Hotbar.AZ4
9.38%
McAfee
Adware-HotBar.d
9.38%
The domain origin-ics.fivemillionfriends.com has been seen to resolve to the following 5 IP addresses.
209-99-40-223.fwd.datafoundry.com
February 12, 2016
209-99-40-222.fwd.datafoundry.com
January 30, 2016
File downloads found at URLs served by origin-ics.fivemillionfriends.com.
Latest 30 of 32 download URLs
The following 57 files have been seen to comunicate with origin-ics.fivemillionfriends.com in live environments.
URL:
http://origin-ics.fivemillionfriends.com/
Statistics are for the previous month.