home

49329227-880724303446025571.preview.editmysite.com

Domain Admin  (Proxy Registrant)

Domain Information

The domain 49329227-880724303446025571.preview.editmysite.com is registered by proxy through SAFENAMES LTD and was originally registered in September of 1999. Currently this domain has been known to host various forms of malware. The hosted servers are located in San Francisco, California within the United States which resides on the Weebly, Inc. network.
Registrar:
SAFENAMES LTD

Server location:
California, United States (US)

Create date:
Friday, September 10, 1999

Expires date:
Sunday, September 10, 2017

Updated date:
Monday, May 25, 2015

ASN:
AS27647 WEEBLY - Weebly, Inc.,US

Root domain:
editmysite.com

Whois:
1 editmysite.com record

Scanner detections:
Malware distribution  (83% detected)

Scan engine
Details
Detections

ESET NOD32
MSIL/Kryptik.FAT (variant), MSIL/Kryptik.FZV (variant), MSIL/Kryptik.FPM (variant), MSIL/TrojanDownloader.Small.AHH (variant)
100.00%

Sophos
Mal/Generic-S
100.00%

Avira AntiVirus
TR/Dropper.MSIL.Gen, TR/Krypt.yqso, TR/Dldr.Small.kcfe
100.00%

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen, HEUR/QVM03.0.0000.Malware.Gen, Win32/Trojan.d44
100.00%

avast!
Win32:Malware-gen, MSIL:GenMalicious-DWV [Trj]
80.00%

Kaspersky
HEUR:Trojan.Win32.Generic, Trojan.MSIL.Disfa
80.00%

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F], Trojan.Generic!8.C3-1TeMgrO2XWM (Cloud), Trojan.Generic!8.C3-UECZm8QYUyT (Cloud)
80.00%

VIPRE Antivirus
Trojan.Win32.Generic
80.00%

McAfee
Artemis!0E50A8A956E9, Artemis!A239E20928D6, Artemis!2AAFEB4B8548, Artemis!46EDDF232977
80.00%

AVG
Atros3, Downloader.MSIL
80.00%

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
80.00%

G Data
Trojan.GenericKD.3167267, Trojan.GenericKD.3198709, Win32.Trojan.Agent.3YDDXP
60.00%

IKARUS anti.virus
Trojan.MSIL.MultiPacked, Backdoor.MSIL.Bladabindi, Trojan.MSIL.Crypt
60.00%

Fortinet FortiGate
W32/Generic.FAT!tr, W32/Generic.FPM!tr, MSIL/Kryptik.EXE!tr
60.00%

K7 AntiVirus
Trojan
60.00%

The domain 49329227-880724303446025571.preview.editmysite.com has been seen to resolve to the following IP address.

74.115.50.105
designer-preview.editmysite.com
June 27, 2016

File downloads found at URLs served by 49329227-880724303446025571.preview.editmysite.com.

17 / 68    (Malware)
http://49329227-880724303446025571.preview.editmysite.com/uploads/4/9/3/2/.../xcxcxcxcxcxcxc.exe  (cdb55bed0824510c228e3b3ac36517cb)

7 / 68      (Malware)
http://49329227-880724303446025571.preview.editmysite.com/uploads/4/9/3/2/.../xcxcxcxcxcxcxc11.exe  (46eddf23297733c0b64623f01e66c299)

23 / 68    (PUP)
http://49329227-880724303446025571.preview.editmysite.com/uploads/4/9/3/2/.../cxvb.exe  (0e50a8a956e9ddee4ec54a8fe67122f4)

0 / 68
http://49329227-880724303446025571.preview.editmysite.com/uploads/4/9/3/2/.../123_original.exe  (ffdd7c6ae403e4c169308c8fce0dad50)

22 / 68    (Malware)
http://49329227-880724303446025571.preview.editmysite.com/uploads/4/9/3/2/.../vb0.exe  (2aafeb4b85482e5a218c9b5d87206b89)

13 / 68    (Malware)
http://49329227-880724303446025571.preview.editmysite.com/uploads/4/9/3/2/.../tyty.exe  (459ba3f16b6f87e5b0882edfc0e8f361.exe)

URL:
http://49329227-880724303446025571.preview.editmysite.com/

SSL certificate subject:
CN=*.preview.editmysite.com

SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.