flashplayer1.websiteseguro.com

Locaweb

Domain Information

The domain flashplayer1.websiteseguro.com registered by Locaweb was initially registered in March of 2005 through GODADDY.COM, LLC. Currently this domain has been known to host various forms of malware. The hosted servers are located in Sao Paulo, Sao Paulo within Brazil which resides on the Latin American and Caribbean IP address Regional Registry network.
Registrar:
GODADDY.COM, LLC

Server location:
Sao Paulo, Brazil (BR)

Create date:
Tuesday, March 15, 2005

Expires date:
Thursday, March 15, 2018

Updated date:
Wednesday, February 3, 2016

ASN:
AS27715 Locaweb Serviços de Internet S/A,BR

Root domain:

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

MicroWorld eScan
Trojan.GenericKD.2108590, Trojan.GenericKD.2070754, Trojan.GenericKD.2110440, Trojan.GenericKD.2140086, Gen:Variant.Symmi.52677, Trojan.GenericKD.2144670
100.00%

McAfee
RDN/Generic.dx!d2p, RDN/Generic.dx!d2i, Artemis!67C89B4684DE, RDN/Generic.tfr!ei, Artemis!2A937E469EF7, RDN/Generic Downloader.x
100.00%

avast!
Win32:Malware-gen, MSIL:GenMalicious-CEA [Trj], MSIL:Agent-CMY [Trj]
100.00%

Bitdefender
Trojan.GenericKD.2108590, Trojan.GenericKD.2070754, Trojan.GenericKD.2110440, Trojan.GenericKD.2140086, Gen:Variant.Symmi.52677
100.00%

Lavasoft Ad-Aware
Trojan.GenericKD.2108590, Trojan.GenericKD.2070754, Trojan.GenericKD.2110440, Trojan.GenericKD.2140086, Gen:Variant.Symmi.52677
100.00%

Emsisoft Anti-Malware
Trojan.GenericKD.2108590, Trojan.GenericKD.2070754, Trojan.GenericKD.2110440, Trojan.GenericKD.2140086, Gen:Variant.Symmi.52677
100.00%

F-Secure
Trojan.GenericKD.2108590, Trojan.GenericKD.2070754, Trojan.GenericKD.2110440, Trojan.GenericKD.2140086, Gen:Variant.Symmi.52677
100.00%

VIPRE Antivirus
Trojan.Win32.Generic
100.00%

Sophos
Mal/Generic-S, Mal/Generic-L
100.00%

Avira AntiVirus
TR/Spy.A.12140, TR/Spy.A.11152, TR/Spy.A.11961, TR/Injector.112128.4, TR/Dldr.Agent.65536.135, TR/Agent.41984.245
100.00%

G Data
Trojan.GenericKD.2108590, Trojan.GenericKD.2070754, Trojan.GenericKD.2110440, Trojan.GenericKD.2140086, Gen:Variant.Symmi.52677
100.00%

Baidu Antivirus
Trojan.Win32.Yakes, Trojan.Win32.Injector, Trojan.Win32.Banload, Trojan.MSIL.Banload
100.00%

ESET NOD32
Win32/Injector.BTGF (variant), MSIL/Injector.HBB (variant), MSIL/Injector.HJK (variant), MSIL/Injector.HPE (variant), Win32/TrojanDownloader.Banload.VIC (variant)
100.00%

Fortinet FortiGate
W32/Yakes.IPYJ!tr, MSIL/HBB!tr, W32/Yakes.IQCL!tr, W32/Yakes.IUFZ!tr, W32/Agent.AAQQM!tr.dldr, W32/Badur.SWZL!tr
100.00%

AVG
MSIL6, Downloader.Banload2, Downloader.MSIL
100.00%

The domain flashplayer1.websiteseguro.com has been seen to resolve to the following IP address.

hm8208.locaweb.com.br
January 30, 2016

File downloads found at URLs served by flashplayer1.websiteseguro.com.

30 / 68    (Malware)

30 / 68    (Malware)
https://flashplayer1.websiteseguro.com/app_update.exe  (01dbaa9e51fd5dd6b23cf6a7ec8d8623)

33 / 68    (Malware)

33 / 68    (Malware)

31 / 68    (Malware)
https://flashplayer1.websiteseguro.com/app_update.exe  (bbfc313252880bd90877aa2fe0ba1cc5)

30 / 68    (Malware)

23 / 68    (Malware)
https://flashplayer1.websiteseguro.com/windows_apps.exe  (07f08cc807b11418e6d2635651fef57f)

The following file have been seen to comunicate with flashplayer1.websiteseguro.com in live environments.

URL:
http://flashplayer1.websiteseguro.com/

SSL certificate subject:
CN=*.websiteseguro.com, OU=Locaweb Servicos de Internet S.A, O=Locaweb Servicos de Internet S.A, L=Sao Paulo, S=Sao Paulo, C=BR

SSL certificate issuer:
CN=thawte SHA256 SSL CA, O="thawte, Inc.", C=US

Web server:
Apache