» 3283984.r.msn.com
Overview
Analysis
IPs Addresses (1)
Downloads (2)
Website Detail

3283984.r.msn.com

Microsoft Corporation

Domain Information

The domain 3283984.r.msn.com registered by Microsoft Corporation was initially registered in November of 1994 through MARKMONITOR INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Redmond, Washington within the United States which resides on the Microsoft Corporation network.

Registrant:

Microsoft Corporation

Registrar:

MARKMONITOR INC.

Server location:

Washington, United States (US)

Create date:

Thursday, November 10, 1994

Expires date:

Saturday, June 4, 2022

Updated date:

Wednesday, October 8, 2014

ASN:

AS8075 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation,US

Root domain:

msn.com

Whois:

1 msn.com record

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

MicroWorld eScan

Trojan.Agent.BJNY, Trojan.GenericKD.2728176

100.00%

nProtect

Trojan.Agent.BJNY, Trojan.GenericKD.2728176

100.00%

VIPRE Antivirus

Trojan.Win32.Generic

100.00%

K7 AntiVirus

Trojan-Downloader

100.00%

Arcabit

Trojan.Agent.BJNY, Trojan.Generic.D29A0F0

100.00%

ESET NOD32

MSIL/TrojanDownloader.Banload.ER (variant)

100.00%

Kaspersky

UDS:DangerousObject.Multi.Generic, HEUR:Trojan.Win32.Generic

100.00%

Bitdefender

Trojan.Agent.BJNY, Trojan.GenericKD.2728176

100.00%

Rising Antivirus

PE:Malware.RDM.32!5.26[F1], PE:Malware.Generic/QRS!1.9E2D [F]

100.00%

Lavasoft Ad-Aware

Trojan.Agent.BJNY, Trojan.GenericKD.2728176

100.00%

Emsisoft Anti-Malware

Trojan.Agent.BJNY, Trojan.GenericKD.2728176

100.00%

F-Secure

Trojan.Agent.BJNY, Trojan.GenericKD.2728176

100.00%

Sophos

Mal/Generic-S

100.00%

Microsoft Security Essentials

TrojanDownloader:MSIL/Banload.AA

100.00%

G Data

Trojan.Agent.BJNY, Trojan.GenericKD.2728176

100.00%

The domain 3283984.r.msn.com has been seen to resolve to the following IP address.

65.52.108.2

February 28, 2016

File downloads found at URLs served by 3283984.r.msn.com.

19 / 68 (Malware)

http://3283984.r.msn.com/.../whatsapp.php (receitanet_irpf.exe)

31 / 68 (Malware)

http://3283984.r.msn.com/.../receita.php (voucher.ricardoeletro.com)

URL:

http://3283984.r.msn.com/

SSL certificate subject:

CN=*.r.msn.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US

SSL certificate issuer:

CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Web server:

Microsoft-IIS/8.0

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.