home

ssl2632.websiteseguro.com

Locaweb

Domain Information

The domain ssl2632.websiteseguro.com registered by Locaweb was initially registered in March of 2005 through GODADDY.COM, LLC. Currently this domain has been known to host various forms of malware. The hosted servers are located in Sao Paulo, Sao Paulo within Brazil which resides on the Latin American and Caribbean IP address Regional Registry network.
Registrar:
GODADDY.COM, LLC

Server location:
Sao Paulo, Brazil (BR)

Create date:
Tuesday, March 15, 2005

Expires date:
Thursday, March 15, 2018

Updated date:
Wednesday, February 3, 2016

ASN:
AS27715 Locaweb Serviços de Internet S/A,BR

Root domain:
websiteseguro.com

Whois:
1 websiteseguro.com record

Scanner detections:
Malware distribution  (75% detected)

Scan engine
Details
Detections

Fortinet FortiGate
PossibleThreat.SB!tr.dldr, W32/Badur.JMRJ!tr, MSIL/Banload.BW!tr.dldr
100.00%

Kaspersky
UDS:DangerousObject.Multi.Generic, Trojan.Win32.Badur
66.67%

MicroWorld eScan
Trojan.Generic.11946704, Gen:Variant.Kazy.554365
66.67%

Quick Heal
Trojan.Badur.r3, TrojanDownloader.Banload.r3
66.67%

McAfee
RDN/Generic.bfr!ht, Artemis!1FEE2D53B409
66.67%

NANO AntiVirus
Trojan.Win32.Badur.dgnqiq, Trojan.Win32.Agent.dosool
66.67%

avast!
Win32:Dropper-gen [Drp]
66.67%

Bitdefender
Trojan.Generic.11946704, Gen:Variant.Kazy.554365
66.67%

Agnitum Outpost
Trojan.DL.Small, Trojan.DL.Banload
66.67%

Emsisoft Anti-Malware
Trojan.Generic.11946704, Gen:Variant.Kazy.554365
66.67%

F-Secure
Trojan.Generic.11946704, Gen:Variant.Kazy.554365
66.67%

VIPRE Antivirus
Trojan.Win32.Generic
66.67%

Sophos
Mal/BanLoad-AX, Mal/Generic-S
66.67%

G Data
Trojan.Generic.11946704, Gen:Variant.Kazy.554365
66.67%

Baidu Antivirus
Trojan.Win32.Badur, Trojan.MSIL.Banload
66.67%

The domain ssl2632.websiteseguro.com has been seen to resolve to the following IP address.

186.202.53.106
February 21, 2016

File downloads found at URLs served by ssl2632.websiteseguro.com.

0 / 68
https://ssl2632.websiteseguro.com/.../components_app.exe  (feadab405f7dc1285dfe445f8289b3a5)

23 / 68    (Malware)
https://ssl2632.websiteseguro.com/.../removedor.exe  (components_app.exe)

23 / 68    (Malware)
https://ssl2632.websiteseguro.com/.../components_app.exe  (1fee2d53b40986078b1d7e1e50086dc7)

4 / 68      (Malware)
https://ssl2632.websiteseguro.com/.../flashplayer.exe  (87d00ed666986d5be19ddf0db090a637)

28 / 68    (Malware)
https://ssl2632.websiteseguro.com/.../flashplayer.exe  (5968e6970bc5a7f032c8ab6011b38936)

URL:
http://ssl2632.websiteseguro.com/

SSL certificate subject:
CN=*.websiteseguro.com, OU=Locaweb Servicos de Internet S.A, O=Locaweb Servicos de Internet S.A, L=Sao Paulo, S=Sao Paulo, C=BR

SSL certificate issuer:
CN=thawte SHA256 SSL CA, O="thawte, Inc.", C=US

Web server:
Microsoft-IIS/6.0 (ASP.NET)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.