home

winzipper.win-zipper.com

YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service)

Domain Information

The domain winzipper.win-zipper.com registered by YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service) was initially registered in March of 2014 through HICHINA ZHICHENG TECHNOLOGY LTD.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Washington, District of Columbia within the United States which resides on the ThePlanet.com Internet Services, Inc. network.
Registrar:
HICHINA ZHICHENG TECHNOLOGY LTD.

Server location:
District of Columbia, United States (US)

Create date:
Tuesday, March 4, 2014

Expires date:
Wednesday, March 4, 2015

Updated date:
Monday, July 7, 2014

Root domain:
win-zipper.com

Whois:
1 win-zipper.com record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Dr.Web
Adware.Mutabaha.50, Win32.Sector.30, Win32.Runonce.6652
100.00%

F-Prot
W32/Sality.gen2, W32/Thecid.B@mm
100.00%

AVG
Taishumu, Win32/Chir.B@mm
66.67%

avast!
Win32:SaliCode, Win32:Oncer
66.67%

Emsisoft Anti-Malware
Win32.Sality, Win32.Runouce.B@mm
66.67%

ESET NOD32
Win32/Sality.NBA virus, Win32/Chir.B virus
66.67%

Microsoft Security Essentials
Threat.Undefined
66.67%

McAfee
Virus.W32/Sality.gen.z, Virus.W32/Chir.b@MM
66.67%

Norman
Win32.Sality.3, Win32.Runouce.B@mm
66.67%

Kaspersky
Virus.Win32.Sality, Email-Worm.Win32.Runouce
66.67%

Trend Micro House Call
TROJ_GEN.F47V0411
33.33%

Baidu Antivirus
Adware.Win32.ELEX
33.33%

ESET NOD32
Win32/ELEX (variant)
33.33%

VIPRE Antivirus
Threat.4672667
33.33%

The domain winzipper.win-zipper.com has been seen to resolve to the following 2 IP addresses.

108.168.183.130
108.168.183.130-static.reverse.softlayer.com
May 24, 2016

184.173.128.179
184.173.128.179-static.reverse.softlayer.com
September 27, 2014

File downloads found at URLs served by winzipper.win-zipper.com.

11 / 68    (Malware)
http://winzipper.win-zipper.com/download/.../winzipper.exe  (cf40051eb5d5598ece05b00091c12365)

10 / 68    (Infected)
http://winzipper.win-zipper.com/download/.../winzipper.exe  (bd42f50b53234279331765ffb7688b19)

5 / 68      (PUP)
http://winzipper.win-zipper.com/download/.../winzipper.exe  (40879c8fdddf8032f8f50795204b756d)

The following 52 files have been seen to comunicate with winzipper.win-zipper.com in live environments.

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeDownloader.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
Client.exe

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeDownloader.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeDownloader.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
iSafeDownloader.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 184.173.128.179:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 184.173.128.179:80
iSafeTray.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

 
Latest 20 of 52 files

URL:
http://winzipper.win-zipper.com/

Google Analytics:
UA-49141317

Title:
“WinZipper: Zip and unzip Zip, RAR, TAR, 7Zip”

Description:
“WinZipper is a Lifetime FREE,supports multiple compression format such as Zip, RAR, Zipx, TAR, GZip, 7Zip, BZ2, LHA/LZH!”

Web server:
ngx_openresty (ThinkPHP)

Facebook:
Likes:  1
Shares:  1

Twitter:
Shares:  3

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.