www.eklentidunyasi.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain www.eklentidunyasi.com is registered by proxy through ENOM, INC. and was originally registered in May of 2012. Currently this domain has been known to host various forms of malware. The hosted servers are located in Roubaix, Nord-Pas-De-Calais within France which resides on the RIPE Network Coordination Centre network.
Registrar:
ENOM, INC.

Server location:
Nord-Pas-De-Calais, France (FR)

Create date:
Thursday, May 31, 2012

Expires date:
Tuesday, May 31, 2016

Updated date:
Wednesday, April 01, 2015

Root domain:

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

MicroWorld eScan
Gen:Variant.Zusy.77106, Trojan.AgentWDCR.AQ
100.00%

avast!
Win32:Agent-ASJZ [Trj]
100.00%

Bitdefender
Gen:Variant.Zusy.77106, Trojan.AgentWDCR.AQ
100.00%

Lavasoft Ad-Aware
Gen:Variant.Zusy.77106, Trojan.AgentWDCR.AQ
100.00%

Emsisoft Anti-Malware
Gen:Variant.Zusy.77106, Trojan.AgentWDCR.AQ
100.00%

F-Secure
Gen:Variant.Zusy.77106, Trojan-Downloader:W32/Kilim.T
100.00%

Dr.Web
Trojan.DownLoader10.59063, Trojan.Siggen.65315
100.00%

VIPRE Antivirus
Trojan.Win32.Generic, Trojan.Win32.Generic.pak!cobra
100.00%

Kingsoft AntiVirus
Win32.Troj.Undef.(kcloud), Win32.Troj.Generic.a.(kcloud)
100.00%

G Data
Gen:Variant.Zusy.77106, Trojan.AgentWDCR.AQ
100.00%

AhnLab V3 Security
Trojan/Win32.Blocker, Win-Trojan/FCN.140610
100.00%

McAfee
Artemis!61F5AF5D0067, Artemis!25234E3889FD, Artemis!9FC7407329F9, Generic.rx
80.00%

K7 AntiVirus
Riskware , Trojan
80.00%

K7 Gateway Antivirus
Riskware , Trojan
80.00%

Kaspersky
Trojan-Ransom.Win32.Blocker
80.00%

The domain www.eklentidunyasi.com has been seen to resolve to the following 4 IP addresses.

April 5, 2016

April 5, 2016

h176-227-218-98.host.redstation.co.uk
January 4, 2014

st10.enoticer.com
December 28, 2013

File downloads found at URLs served by www.eklentidunyasi.com.

41 / 68    (Malware)

37 / 68    (Malware)

12 / 68    (Malware)

30 / 68    (Malware)

31 / 68    (Malware)

URL:
http://www.eklentidunyasi.com/

Title:
“Domain Default page”

SSL certificate subject:
CN=sni74553.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx (PleskLin)