home

servicosdo.sslblindado.com

Universo Online SA

Domain Information

The domain servicosdo.sslblindado.com registered by Universo Online SA was initially registered in November of 2007 through GODADDY.COM, LLC. Currently this domain has been known to host various forms of malware. The hosted servers are located in Sao Paulo, Sao Paulo within Brazil which resides on the Latin American and Caribbean IP address Regional Registry network.
Registrar:
GODADDY.COM, LLC

Server location:
Sao Paulo, Brazil (BR)

Create date:
Friday, November 16, 2007

Expires date:
Wednesday, November 16, 2016

Updated date:
Saturday, July 25, 2015

ASN:
AS7162 Universo Online S.A.,BR

Root domain:
sslblindado.com

Whois:
1 sslblindado.com record

Scanner detections:
Malware distribution  (60% detected)

Scan engine
Details
Detections

Emsisoft Anti-Malware
Gen:Variant.Kazy.773206, Trojan.GenericKD.2973948
90.00%

ESET NOD32
MSIL/TrojanDownloader.Agent.BGK trojan, MSIL/TrojanDownloader.Agent.AHG trojan
70.00%

Norman
Gen:Variant.Kazy.773206
60.00%

MicroWorld eScan
Gen:Variant.Kazy.773206, Trojan.GenericKD.2973948
30.00%

Bitdefender
Gen:Variant.Kazy.773206, Trojan.GenericKD.2973948
30.00%

ESET NOD32
MSIL/TrojanDownloader.Agent.BGK (variant), MSIL/TrojanDownloader.Agent.AHG (variant)
30.00%

F-Secure
Gen:Variant.Kazy.773206, Trojan.GenericKD.2973948
30.00%

Arcabit
Trojan.Kazy.DBCC56, Trojan.Generic.D2D60FC
30.00%

G Data
Gen:Variant.Kazy.773206, Trojan.GenericKD.2973948
30.00%

Fortinet FortiGate
MSIL/Agent.BGK!tr.dldr
30.00%

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
30.00%

Lavasoft Ad-Aware
Gen:Variant.Kazy.773206
30.00%

McAfee
Artemis!2927F8174192, Artemis!C587A3386A55
20.00%

Lavasoft Ad-Aware
Gen:Variant.Kazy.773206
20.00%

Baidu Antivirus
Trojan.MSIL.Agent
20.00%

The domain servicosdo.sslblindado.com has been seen to resolve to the following IP address.

187.17.111.100
February 10, 2016

File downloads found at URLs served by servicosdo.sslblindado.com.

3 / 68      (inconclusive)
https://servicosdo.sslblindado.com/.../  (setup1919342339.exe)

4 / 68      (Malware)
https://servicosdo.sslblindado.com/.../  (setup143677320.exe)

6 / 68      (Malware)
https://servicosdo.sslblindado.com/.../  (setup1436684029.exe)

14 / 68    (Malware)
https://servicosdo.sslblindado.com/.../  (setup540345325.exe)

21 / 68    (Malware)
https://servicosdo.sslblindado.com/.../  (cobranca-pdf456834625.exe)

3 / 68      (inconclusive)
https://servicosdo.sslblindado.com/.../  (setup1110264854.exe)

1 / 68      (inconclusive)
https://servicosdo.sslblindado.com/.../  (Loader-UZTCPQFWLQ.exe)

5 / 68      (Malware)
https://servicosdo.sslblindado.com/.../  (setup838416170.exe)

3 / 68      (inconclusive)
https://servicosdo.sslblindado.com/.../  (setup896292171.exe)

10 / 68    (Malware)
https://servicosdo.sslblindado.com/.../  (setup294345269.exe)

URL:
http://servicosdo.sslblindado.com/

SSL certificate subject:
CN=*.sslblindado.com, O=Universo Online SA, L=Sao Paulo, S=Sao Paulo, C=BR

SSL certificate issuer:
CN=GeoTrust SHA256 SSL CA, O=GeoTrust Inc., C=US

Web server:
nginx

bahiacred.com

belaspostagens.com.br

c2sistemas.com.br

camarabrasileira.com

celsovasconcellos.com.br

darttech.com.br

dcempro.com.br

eng.br

escritoriovirtualbr.com

fazsoft.net

fpqsystem.com.br

gsmanagement.com.br

infantv.com.br

invoicy.com.br

labcisco.com.br

lindapordentro.com.br

mscad.com.br

mscalc.com.br

naguchi.com.br

org.br

pontosystem.com.br

rccosasco.com

risistemas.com.br

transforstar.net

webprotese.com.br

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.