home

www.winlock-closer.com

Private person  (Proxy Registrant)

Domain Information

The domain www.winlock-closer.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in August of 2013. Currently this domain has been known to host various forms of malware. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Moscow City, Russia (RU)

Create date:
Sunday, August 18, 2013

Expires date:
Monday, August 18, 2014

Updated date:
Sunday, August 18, 2013

ASN:
AS28762 AWAX-AS AWAX Telecom Ltd,RU

Root domain:
winlock-closer.com

Whois:
1 winlock-closer.com record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Bkav FE
W32.Clodce3.Trojan
100.00%

McAfee
Artemis!362A4D0A178B
100.00%

K7 AntiVirus
Trojan
100.00%

Norman
Autoit.ZBH
100.00%

avast!
Win32:Malware-gen
100.00%

VIPRE Antivirus
Trojan.Win32.Generic
100.00%

Sophos
Mal/Generic-S
100.00%

ESET NOD32
Win32/Packed.Autoit
100.00%

Baidu Antivirus
Trojan.Win32.Autoit
100.00%

The domain www.winlock-closer.com has been seen to resolve to the following IP address.

83.69.230.16
dh01.hostline.ru
May 29, 2014

File downloads found at URLs served by www.winlock-closer.com.

9 / 68      (Malware)
http://www.winlock-closer.com/WinlockCloser.exe  (362a4d0a178b87bcbf8f78168e7b001c)

URL:
http://www.winlock-closer.com/

Title:
“Windows !”

Description:
“Winlock Closer - -. Winlock Closer - windows ! , windows !”

Web server:
nginx/0.7.67 (ModLayout/5.1)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.