www.weebly.com

Domain Admin  (Proxy Registrant)

Domain Information

The domain www.weebly.com is registered by proxy through SAFENAMES LTD and was originally registered in March of 2006. Currently this domain has been known to host various forms of malware. The hosted servers are located in San Francisco, California within the United States which resides on the Weebly, Inc. network.
Registrar:
SAFENAMES LTD

Server location:
California, United States (US)

Create date:
Wednesday, March 29, 2006

Expires date:
Sunday, March 28, 2021

Updated date:
Monday, May 25, 2015

ASN:
AS27647 WEEBLY - Weebly, Inc.

Root domain:

Scanner detections:
Malware distribution  (54% detected)

Scan engine
Details
Detections

avast!
Win32:Malware-gen, Win32:BitCoinMiner-IA [Trj], MSIL:GenMalicious-YO [Trj], Win32:Miner-B [PUP], Win32:BitCoinMiner-GM [PUP], Win32:Evo-gen [Susp], Win64:Evo-gen [Susp]
71.88%

Emsisoft Anti-Malware
Trojan.GenericKD.1780664, Trojan.Generic.11431155, Trojan.GenericKD.2490433, Trojan.Generic.12932278, Gen:Variant.Zusy.106850, Gen:Variant.Zusy.114991
56.25%

MicroWorld eScan
Trojan.GenericKD.1780664, Trojan.Generic.11431155, Trojan.GenericKD.2490433, Trojan.Generic.12932278, Gen:Variant.Zusy.106850, Application.BitCoinMiner.EL, Trojan.Agent.BLJG, Trojan.GenericKD.1568897, Gen:Variant.Symmi.38373, Trojan.GenericKD.2609801, Gen:Variant.Kazy.510440, Gen:Variant.Kazy.335239, Trojan.GenericKD.1507732, Gen:Variant.Kazy.324889, Gen:Trojan.Heur.uq0@rL9us1laf
53.13%

McAfee
Artemis!835D53CB28A8, GenericR-CVX!BAA1555B4D78, RDN/Generic.bfr!ir, Artemis!4EA7DCC4DDED, Artemis!1343E24526C3, Artemis!EAF36D8F6C97
53.13%

Lavasoft Ad-Aware
Trojan.GenericKD.1780664, Trojan.Generic.11431155, Trojan.GenericKD.2490433, Trojan.Generic.12932278, Gen:Variant.Zusy.106850
53.13%

ESET NOD32
Win32/BitCoinMiner.BX (variant), Win64/CoinMiner, MSIL/Kryptik.BWU (variant), MSIL/Kryptik.CDH (variant), Win64/BitCoinMiner.U potentially unsafe (variant)
53.13%

IKARUS anti.virus
Trojan.SuspectCRC, Trojan.Win64.Agent, Trojan.MSIL.Crypt, Trojan.MSIL8, not-a-virus:RiskTool.Win32.BitCoinMiner, Trojan.MSIL.Disfa
53.13%

Kaspersky
Trojan.Win32.BitMin, HEUR:Trojan.Win32.Generic, Trojan.MSIL.Zapchast, Trojan.Win64.BitMin, not-a-virus:RiskTool.Win32.BitCoinMiner
50.00%

Bitdefender
Trojan.GenericKD.1780664, Trojan.Generic.11431155, Trojan.GenericKD.2490433, Trojan.Generic.12932278, Gen:Variant.Zusy.106850
50.00%

Avira AntiVirus
TR/Spy.1433600.35, RKIT/14467.A, TR/Kryptik.53760, TR/Bladabindi.A.66, DR/Autoit.A.5645, APPL/BitCoinMiner.EL.2, TR/Agent.638976.349
50.00%

G Data
Trojan.GenericKD.1780664, Trojan.Generic.11431155, Trojan.GenericKD.2490433, Trojan.Generic.12932278, Gen:Variant.Zusy.106850
50.00%

Fortinet FortiGate
Riskware/BitCoinMiner, W64/Agent.FK!tr, W32/Generic.BWU!tr, MSIL/Kryptik.CDH!tr, W64/BitMin.GU!tr, W32/Disfa.HBWA!tr, W32/Injector.JCNI!tr
50.00%

AVG
Autoit_c, Generic_r, Atros, Luhe.Fiha.T, BitCoinMiner, Pakes2_c, BackDoor.Generic18, Dropper.Generic8, MSIL3, Inject3, Pakes_c
50.00%

F-Secure
Trojan.GenericKD.1780664, Trojan.Generic.11431155, Trojan.GenericKD.2490433, Trojan.Generic.12932278, Gen:Variant.Zusy.106850
46.88%

VIPRE Antivirus
Trojan.Win32.Generic, Trojan.MSIL.Zapchast.!pj, RiskTool.Win32.BitCoinMiner (not malicious), Trojan.Win32.Generic.pak!cobra
46.88%

The domain www.weebly.com has been seen to resolve to the following 4 IP addresses.

pages-wildcard.weebly.com
June 9, 2014

pages-wildcard.weebly.com
June 9, 2014

weebly.com
January 28, 2014

weebly.com
January 28, 2014

File downloads found at URLs served by www.weebly.com.

0 / 68

25 / 68    (Malware)

38 / 68    (Malware)

0 / 68

1 / 68      (inconclusive)
http://www.weebly.com/uploads/4/5/1/5/.../61.exe  (4b7b0f1c3a13046168f4694edd0ae7a6)

0 / 68
http://www.weebly.com/uploads/4/8/1/6/.../j64.exe  (3eec776eed0c505ca94b9eb3345aab5b)

0 / 68

0 / 68
http://www.weebly.com/uploads/7/7/9/2/.../avvaiyar.ttf  (c72e54d10df701efed8e167b0af31504)

38 / 68    (Malware)

16 / 68    (PUP)

29 / 68    (Malware)
http://www.weebly.com/uploads/5/5/8/0/.../cxxewr.exe  (6557732bde97a42491b785c407416812)

32 / 68    (Malware)

31 / 68    (Malware)

1 / 68      (PUP)
http://www.weebly.com/uploads/2/5/4/8/.../smss_silent.exe  (ff3be4a78b538f1c1acc2d027c758f7a)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

31 / 68    (PUP)

44 / 68    (Malware)

39 / 68    (Malware)
http://www.weebly.com/uploads/2/5/7/4/.../sanadi.exe  (29de494d67a761ddce95b4626c02d1a6)

18 / 68    (Malware)

7 / 68      (Malware)

 
Latest 30 of 136 download URLs

The following 26 files have been seen to comunicate with www.weebly.com in live environments.

 
Latest 20 of 48 files

URL:
http://www.weebly.com/

Google Analytics:
UA-1226418

Title:
“Weebly Website Builder: Create a Free Website, Store or Blog”

Title (1/28/2014):
“Free website | Free blog | Create a free website | Weebly”

Title (11/10/2014):
“Weebly: Create a Free Website, Online Store, or Blog”

Description:
“Weebly makes it surprisingly easy to create a high-quality website, blog or online store. Over 30 million people use Weebly to bring their unique ideas to life.”

SSL certificate subject:
CN=www.weebly.com, OU=Web Services, O="Weebly, Inc.", SERIALNUMBER=4277212, OID.2.5.4.15=Private Organization, L=San Francisco, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

SSL certificate issuer:
CN=GeoTrust EV SSL CA - G4, O=GeoTrust Inc., C=US

Web server:
Apache

Facebook:
Likes:  60,111
Shares:  75,349
Comments:  14,654

Statistics are for the previous month.