home

61055875-866111160821565096.preview.editmysite.com

Domain Admin  (Proxy Registrant)

Domain Information

The domain 61055875-866111160821565096.preview.editmysite.com is registered by proxy through SAFENAMES LTD and was originally registered in September of 1999. Currently this domain has been known to host various forms of malware. The hosted servers are located in San Francisco, California within the United States which resides on the Weebly, Inc. network.
Registrar:
SAFENAMES LTD

Server location:
California, United States (US)

Create date:
Friday, September 10, 1999

Expires date:
Sunday, September 10, 2017

Updated date:
Monday, May 25, 2015

ASN:
AS27647 WEEBLY - Weebly, Inc.,US

Root domain:
editmysite.com

Whois:
1 editmysite.com record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

avast!
MSIL:GenMalicious-ABY [Trj], Win32:Malware-gen, Win32:GenMaliciousA-HEE [Trj]
75.00%

Kaspersky
HEUR:Trojan.Win32.Generic, Trojan.MSIL.Disfa
75.00%

Avira AntiVirus
TR/Dropper.Gen, TR/Dropper.MSIL.234437, TR/Krypt.55808.29
75.00%

Baidu Antivirus
Trojan.MSIL.EzirizNetReactor, Trojan.MSIL.Tiny
50.00%

Rising Antivirus
PE:Malware.RDM.35!5.29[F1], PE:Malware.Generic/QRS!1.9E2D [F]
50.00%

McAfee
RDN/Generic.bfr, Artemis!E48181DEDD19
50.00%

K7 AntiVirus
Trojan-Downloader , Trojan
50.00%

ESET NOD32
MSIL/TrojanDownloader.Tiny.MX (variant), MSIL/Kryptik.EZR (variant)
50.00%

NANO AntiVirus
Trojan.Win32.Tiny.dzbxgx, Trojan.Win32.DownLoader19.ebbcuj
50.00%

Sophos
Mal/Generic-S
50.00%

Dr.Web
Trojan.DownLoader18.5742, Trojan.DownLoader19.26442
50.00%

VIPRE Antivirus
Trojan.Win32.Generic
50.00%

G Data
Gen:Variant.Kazy.766775, Win32.Trojan.Agent.V24K4M
50.00%

Panda Antivirus
Trj/GdSda.A
50.00%

IKARUS anti.virus
Trojan-Downloader.MSIL.Tiny, Trojan.MSIL.Crypt
50.00%

The domain 61055875-866111160821565096.preview.editmysite.com has been seen to resolve to the following IP address.

74.115.50.105
designer-preview.editmysite.com
March 3, 2016

File downloads found at URLs served by 61055875-866111160821565096.preview.editmysite.com.

18 / 68    (Malware)
http://61055875-866111160821565096.preview.editmysite.com/uploads/6/1/0/5/.../ssssssssssssss.exe  (658f754087953dd84f93094affbf9d2f.exe)

29 / 68    (Malware)
http://61055875-866111160821565096.preview.editmysite.com/uploads/6/1/0/5/.../dddd.exe  (tmp411d.tmp.exe)

1 / 68      (Malware)
http://61055875-866111160821565096.preview.editmysite.com/uploads/6/1/0/5/.../mrps.exe  (2121f347987a92bd65425dcffa673ebd)

6 / 68      (Malware)
http://61055875-866111160821565096.preview.editmysite.com/uploads/6/1/0/5/.../22222222.exe  (svchost.exe)

URL:
http://61055875-866111160821565096.preview.editmysite.com/

SSL certificate subject:
CN=*.preview.editmysite.com

SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.