199.34.228.101

pages-wildcard.weebly.com

IP Address Information

The Internet Service Provider (ISP) that owns the network address of 199.34.228.101 is Weebly, Inc. and located in California within the United States. The IP Address resolves to the DNS record of pages-wildcard.weebly.com. Currently there are 2 domain names that utilize this address. The primary domain hosted by this IP is weebly.com along with 1 other domains which are known malware distribution web sites.
Scanner detections:
Malware distribution  (64% detected)

Scan engine
Details
Detections

avast!
Win32:Malware-gen, Other:Malware-gen [Trj], Win32:Rootkit-gen [Rtk], Win64:Rootkit-gen [Rtk], Win32:Miner-B [PUP], VBS:Agent-BEH [Trj], Win64:Evo-gen [Susp], Win32:Evo-gen [Susp]
94.29%

McAfee
Artemis!CCE1613155E8, Artemis!FC7D0D2D2A10, RDN/Generic.hra!bx, RDN/Generic.dx!d2t, Artemis!559CBE253F04, Artemis!305EB35883D6
80.00%

Kaspersky
Trojan.MSIL.Citron, Trojan-Dropper.Win32.Sysn, Trojan-Clicker.Win32.AutoIt, Trojan.Win32.Autoit, Trojan.Win32.BitMin, Trojan.Win32.BitMiner
77.14%

ESET NOD32
Win32/DownWare, MSIL/Injector.DBO (variant), MSIL/CoinMiner.JO (variant), Win32/TrojanClicker.Autoit.NEA, Win32/CoinMiner.NJ
74.29%

G Data
Gen:Variant.Strictor.53865, Gen:Variant.Kazy.344463, Trojan.Generic.11199078, Trojan.GenericKD.1679457, Trojan.GenericKD.1707616
71.43%

Baidu Antivirus
Trojan.MSIL.Injector, Trojan.MSIL.CoinMiner, Trojan.Win32.AutoClick, Trojan.Win32.CoinMiner, Trojan.MSIL.Kryptik, Trojan.Win32.Sysn
71.43%

MicroWorld eScan
Gen:Variant.Strictor.53865, Gen:Variant.Kazy.344463, Trojan.Generic.11199078, Trojan.GenericKD.1679457, Trojan.GenericKD.1707616, Trojan.GenericKD.1780664, Gen:Trojan.Heur.RP.wHW@aeEzBfei, Trojan.GenericKD.1781082, Trojan.Generic.12054836, Gen:Variant.Kazy.530161, Trojan.GenericKD.2237158, Backdoor.Generic.950986, Trojan.GenericKD.2229423, Trojan.Downloader.JQVE, Gen:Variant.Zusy.83620, Gen:Trojan.Heur.hq0@rD6DxjiaD, Trojan.GenericKD.2212164, Gen:Variant.Kazy.388871, Gen:Variant.Kazy.387941, Trojan.Generic.8792206
68.57%

Bitdefender
Gen:Variant.Strictor.53865, Gen:Variant.Kazy.344463, Trojan.Generic.11199078, Trojan.GenericKD.1679457, Trojan.GenericKD.1707616
68.57%

Lavasoft Ad-Aware
Gen:Variant.Strictor.53865, Gen:Variant.Kazy.344463, Trojan.Generic.11199078, Trojan.GenericKD.1679457, Trojan.GenericKD.1707616
68.57%

Emsisoft Anti-Malware
Gen:Variant.Strictor.53865, Gen:Variant.Kazy.344463, Trojan.Win32.Agent, Trojan.GenericKD.1679457, Trojan.GenericKD.1707616
68.57%

The following domains resolved to the IP address 199.34.228.101.

File URLs download from 199.34.228.101.

38 / 68    (Malware)

0 / 68

1 / 68      (inconclusive)
http://www.weebly.com/uploads/4/5/1/5/.../61.exe  (4b7b0f1c3a13046168f4694edd0ae7a6)

0 / 68
http://www.weebly.com/uploads/4/8/1/6/.../j64.exe  (3eec776eed0c505ca94b9eb3345aab5b)

0 / 68

0 / 68
http://www.weebly.com/uploads/5/2/5/3/.../lanc.rar  (1392dd87189ba7a14ebbe2a84a96a0c3)

25 / 68    (Malware)

0 / 68

34 / 68    (Malware)

1 / 68      (inconclusive)

0 / 68
http://www.weebly.com/uploads/1/5/6/5/.../update.exe  (36b35e19f329a1d473f09cedd80f25d7)

0 / 68
http://www.weebly.com/uploads/1/5/6/5/.../mhh_cleaner.exe  (47afc8647ef5150043b2a4c051ec4ecb)

35 / 68    (Malware)

35 / 68    (Malware)
http://www.weebly.com/uploads/2/9/3/6/.../22.exe  (7049abf51f94d39890529de5f4ef2bae)

28 / 68    (PUP)

1 / 68      (inconclusive)

29 / 68    (PUP)
http://www.weebly.com/uploads/4/1/1/9/.../31.exe  (1d2e927b3aab2fcfe248a5b5219127ad)

0 / 68
http://www.weebly.com/uploads/1/5/6/5/.../mhh1605.exe  (8b83583c042e61a8b86623eafe3849d0)

24 / 68    (PUP)

12 / 68    (PUP)
http://www.weebly.com/uploads/4/9/6/7/.../m.exe  (79cda9e758eaea9e7830e34ac80f4f67)

35 / 68    (PUP)

24 / 68    (PUP)

28 / 68    (Malware)
http://www.weebly.com/uploads/4/9/3/1/.../64.exe  (930572fb875f28a89956d7ef91110afc)

21 / 68    (Malware)
http://www.weebly.com/uploads/5/5/8/0/.../javanew.exe  (5552a5677a15d25ec970b07980740091)

32 / 68    (Malware)

19 / 68    (Malware)

25 / 68    (Malware)

22 / 68    (Malware)
http://www.weebly.com/uploads/3/0/6/9/.../driveup.exe  (3e7317d0e101752aaec5e711f9b0fd01)

 
Latest 30 of 137 download URLs

The following file have been seen to comunicate with this IP address in live environments.

TCP port 80

The geographical location of this IP address.

Country:
United States (US)

Region:
California

City:
San Francisco

Coordinates:
37.8005, -122.409

The ARIN network assigned organization for IP address 199.34.228.101.

Org name:
Weebly, Inc.

Org identifier:
WEEBL-1

Org country:
United States (US)

Org region:
California

Org city:
San Francisco

Org address:
564 Pacific Ave

ARIN WHOIS:
NetRange: 199.34.228.0 - 199.34.231.255
CIDR: 199.34.228.0/22
OriginAS: AS27647
NetName: WEEBLYNET1
NetHandle: NET-199-34-228-0-1
Parent: NET-199-0-0-0-0
NetType: Direct Assignment
RegDate: 2009-02-18
Updated: 2012-03-02
Ref: http://whois.arin.net/rest/net/NET-199-34-228-0-1

OrgName: Weebly, Inc.
OrgId: WEEBL-1
Address: 564 Pacific Ave
City: San Francisco
StateProv: CA
PostalCode: 94133
Country: US
RegDate: 2009-02-03
Updated: 2012-07-27
Ref: http://whois.arin.net/rest/org/WEEBL-1

OrgTechHandle: CFA47-ARIN
OrgTechName: Fanini, Chris
OrgTechPhone: +1-415-375-3266
OrgTechEmail: chris@weebly.com
OrgTechRef: http://whois.arin.net/rest/poc/CFA47-ARIN

OrgNOCHandle: HESSE5-ARIN
OrgNOCName: Hesse, Richard
OrgNOCPhone: +1-415-375-3268
OrgNOCEmail: richard.hesse@weebly.com
OrgNOCRef: http://whois.arin.net/rest/poc/HESSE5-ARIN

OrgAbuseHandle: ABUSE2536-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-415-375-3268
OrgAbuseEmail: abuse-human@weebly.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE2536-ARIN

RTechHandle: CFA47-ARIN
RTechName: Fanini, Chris
RTechPhone: +1-415-375-3266
RTechEmail: chris@weebly.com
RTechRef: http://whois.arin.net/rest/poc/CFA47-ARIN


Autonomous System Assignment
ASNumber:
27647

ASName:
WEEBLY - Weebly, Inc.,US

ASHandle:
AS27647

Remove Malware from 199.34.228.101 - Powered by Reason Core Security