home

55807193-134732981817953451.preview.editmysite.com

Domain Admin  (Proxy Registrant)

Domain Information

The domain 55807193-134732981817953451.preview.editmysite.com is registered by proxy through SAFENAMES LTD and was originally registered in September of 1999. Currently this domain has been known to host various forms of malware. The hosted servers are located in San Francisco, California within the United States which resides on the Weebly, Inc. network.
Registrar:
SAFENAMES LTD

Server location:
California, United States (US)

Create date:
Friday, September 10, 1999

Expires date:
Sunday, September 10, 2017

Updated date:
Monday, May 25, 2015

ASN:
AS27647 WEEBLY - Weebly, Inc.,US

Root domain:
editmysite.com

Whois:
1 editmysite.com record

Scanner detections:
Malware distribution  (87% detected)

Scan engine
Details
Detections

avast!
Win32:Malware-gen, MSIL:GenMalicious-ANK [Trj], MSIL:GenMalicious-C [Trj], MSIL:Downloader-LX [Trj], MSIL:GenMalicious-ARJ [Trj]
73.33%

Kaspersky
HEUR:Trojan.Win32.Generic, Trojan.MSIL.Zapchast, Trojan.MSIL.Disfa, UDS:DangerousObject.Multi.Generic
60.00%

ESET NOD32
MSIL/Kryptik.EMQ trojan, MSIL/Kryptik.EGG trojan, MSIL/Kryptik.EOO trojan, MSIL/Kryptik.EZJ trojan, MSIL/Kryptik.FAT trojan, MSIL/Kryptik.DVI trojan
53.33%

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi, Trojan:Win32/Dynamer!ac, Threat.Undefined, Backdoor:MSIL/Bladabindi.BC, Backdoor:MSIL/Bladabindi!rfn
53.33%

Emsisoft Anti-Malware
Trojan.GenericKD.2903090, Trojan.Generic.15478118, Gen:Trojan.Heur.kq0@rHBCyYkaD, Gen:Variant.Barys.9417, Trojan.GenericKD.3000924, Gen:Variant.Barys.11326
46.67%

AVG
Luhe.Fiha.T, ILCrypt, BackDoor.Generic19, Atros2
46.67%

MicroWorld eScan
Trojan.GenericKD.2903090, Trojan.Generic.15478118, Gen:Trojan.Heur.kq0@rHBCyYkaD, Gen:Variant.Barys.9417, Trojan.GenericKD.3000924, Trojan.GenericKD.2986202
40.00%

Bitdefender
Trojan.GenericKD.2903090, Trojan.Generic.15478118, Gen:Trojan.Heur.kq0@rHBCyYkaD, Gen:Variant.Barys.9417, Trojan.GenericKD.3000924
40.00%

F-Secure
Trojan.GenericKD.2903090, Trojan.Generic.15478118, Gen:Trojan.Heur.kq0@rHBCyYkaD, Gen:Variant.Barys.9417, Trojan.GenericKD.3000924
40.00%

Trend Micro
TROJ_GEN.R02KC0DL415, TROJ_GEN.R0EBC0DLN15, TROJ_GEN.R02SC0DAI16, TROJ_GEN.R0EBC0DL815, TROJ_GEN.R00JC0DAP16, TROJ_GEN.R00XC0DAC16
40.00%

Arcabit
Trojan.Generic.D2C4C32, Trojan.Generic.DEC2D66, Trojan.Heur.EDB45F, Trojan.Barys.D24C9, Trojan.Generic.D2DCA5C, Trojan.Generic.D2D90DA
40.00%

G Data
Trojan.GenericKD.2903090, Trojan.Generic.15478118, Gen:Trojan.Heur.kq0@rHBCyYkaD, Gen:Variant.Barys.9417, Trojan.GenericKD.3000924
40.00%

ESET NOD32
MSIL/Kryptik.DYD (variant), MSIL/Kryptik.EMQ (variant), MSIL/Kryptik.EPB (variant), MSIL/Kryptik.ESR (variant), MSIL/Kryptik.CBU (variant)
40.00%

Avira AntiVirus
TR/Dropper.MSIL.22082, TR/Dropper.MSIL.246721, TR/Dropper.Gen, TR/Dldr.Agent.aangvo, TR/AD.Bladabindi.Y.2455, TR/Krypt.90624.92
40.00%

Lavasoft Ad-Aware
Trojan.GenericKD.2903090, Trojan.Generic.15478118, Gen:Variant.Barys.9417, Trojan.GenericKD.3000924, Trojan.GenericKD.2986202
33.33%

The domain 55807193-134732981817953451.preview.editmysite.com has been seen to resolve to the following IP address.

74.115.50.105
designer-preview.editmysite.com
February 10, 2016

File downloads found at URLs served by 55807193-134732981817953451.preview.editmysite.com.

1 / 68      (inconclusive)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../jlava.exe  (6cfa854f0cd253975d803034544c8948)

3 / 68      (Malware)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../application.exe  (fa00bd98aa4b2d255e60544628f99c1f)

2 / 68      (Malware)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../java.update.exe  (ee202c86dfb56c99a1aeebee4403c675)

1 / 68      (inconclusive)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../vmacthlp.exe  (cd9ede15e0f7abb9a1309ceaf8f80105)

2 / 68      (Malware)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../wimip.exe  (6cc325deaa3fe3626809d2619e71b7c4)

5 / 68      (Malware)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../adobereader.exe  (a4b9497346009caff6344376c7b1f197)

25 / 68    (PUP)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../javaw.exe  (245af71042f90ef448d9694d962aa330)

4 / 68      (Malware)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../lsass.exe  (e2e938f072fba3959500278163366743)

20 / 68    (PUP)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../microsoft.exe  (4eca93812143d2edf025a0035e5261bf)

28 / 68    (PUP)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../javaupdates.exe  (c9b154b8e03f02eb83db559df42f9c67)

10 / 68    (Malware)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../javawws.exe  (0c1086acc6325b10d722ec1ff204c3f4)

21 / 68    (Malware)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../oppics.dont.exe  (186329e0d99a57e3917d07de118837b3)

15 / 68    (Malware)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../javaupdate.exe  (68d92d79ac44e828279ccfaccdc1bf5f)

25 / 68    (Malware)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../system.idle.exe  (5060add104d89c5640d9e6493576f96f)

3 / 68      (PUP)
http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../javaw.exe  (c5b8f72f976d3fa6528f67f1efa95f40)

URL:
http://55807193-134732981817953451.preview.editmysite.com/

SSL certificate subject:
CN=*.preview.editmysite.com

SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.