cn3-14b7.kxcdn.com

proinity GmbH

Domain Information

The domain cn3-14b7.kxcdn.com registered by proinity GmbH was initially registered in January of 2013 through GODADDY.COM, LLC. Currently this domain has been known to host various forms of malware. The hosted servers are located in Providence, Utah within the United States which resides on the Hosting Services, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Utah, United States (US)

Create date:
Wednesday, January 30, 2013

Expires date:
Monday, January 30, 2017

Updated date:
Wednesday, November 19, 2014

ASN:
AS32780 HOSTINGSERVICES-INC - Hosting Services, Inc., US

Root domain:

Scanner detections:
Malware distribution  (76% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe application, Detection.Undefined, Win32/Slugin.A virus, Win32/Sality.NBA virus
70.00%

Emsisoft Anti-Malware
Gen:Variant.Application.BitcoinMiner.16, Zum.BitCoinMiner, Win32.SlugIn, Win32.Sality
55.00%

Kaspersky
not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner, Virus.Win32.Slugin, Virus.Win32.Sality, not-a-virus:RiskTool.Win32.BitCoinMiner
40.00%

avast!
Win32:Malware-gen, Win32:Patched-JI, Win32:Kukacka
40.00%

Dr.Web
infected with Trojan.BtcMine.907, - infected container c:\users\test\appdata\local\temp\f0b7352ba6174bce1782651c7a70b3a4cec7d292 Troj, Win32.Wplugin.2
35.00%

Norman
Gen:Variant.Application.BitcoinMiner.16, Win32.Sality.3
25.00%

Reason Heuristics
Adware.Amonetize.OpenSource.Installer.Meta (M), Adware.Amonetize.OpenSour.Installer.Meta (M)
20.00%

VIPRE Antivirus
Threat.4150696, Threat.4741001
15.00%

AVG
Win32/Slugin.A, Win32/Sality, Adware Generic_r.AVO
15.00%

McAfee
Trojan.Artemis!C00AA572EC1D, Virus.Artemis!C00AA572EC1D, Program.Artemis!F2660856ABE2
15.00%

F-Prot
W32/Slugin.B, W32/Sality.gen2
10.00%

Microsoft Security Essentials
Threat.Undefined
10.00%

F-Secure
Win32.Sality.3, Variant.Symmi.61897
10.00%

The domain cn3-14b7.kxcdn.com has been seen to resolve to the following 3 IP addresses.

usny01.proinity.net
June 5, 2016

April 5, 2016

hosted-by.Eqserver.com
April 4, 2016

File downloads found at URLs served by cn3-14b7.kxcdn.com.

1 / 68      (PUP)
http://cn3-14b7.kxcdn.com/CN3.exe  (ic-0.60852a874cf8cc.exe)

6 / 68      (PUP)
http://cn3-14b7.kxcdn.com/CN3.exe  (ic-0.e877a613d48d.exe)

4 / 68      (Malware)

5 / 68      (Malware)
http://cn3-14b7.kxcdn.com/CN3.exe  (d19d1ad96f7d3e01932a92eafc86745a)

6 / 68      (PUP)
http://cn3-14b7.kxcdn.com/CN3.exe  (96349c96f288ee8236cf35f60d3b3c8d)

1 / 68      (inconclusive)
http://cn3-14b7.kxcdn.com/CN3.exe  (271271e2c10501e4558cba3ad9dbed2a)

1 / 68      (PUP)
http://cn3-14b7.kxcdn.com/CN3.exe  (ic-0.86dd271c5b317.exe)

3 / 68      (Malware)
http://cn3-14b7.kxcdn.com/CN3.exe  (0e06845a4c0a06247cd73901a0ff54ac)

8 / 68      (Infected)
http://cn3-14b7.kxcdn.com/CN3.exe  (8b851f5a8c8fcc7d94d78dacc6691273)

1 / 68      (PUP)

10 / 68    (Infected)
http://cn3-14b7.kxcdn.com/CN3.exe  (46ef07e7329e6c10a9e6ac65071f46d0)

3 / 68      (Malware)
http://cn3-14b7.kxcdn.com/CN3.exe  (a5a9cf62fa6194296ba67e88c920c9b2)

1 / 68      (inconclusive)
http://cn3-14b7.kxcdn.com/CN3.exe  (a363d9cc974fac159d7ce14199a5287a)

0 / 68

1 / 68      (PUP)
http://cn3-14b7.kxcdn.com/CN3.exe  (6e3c775beba9da700af614d148dfbb54)

6 / 68      (Malware)
http://cn3-14b7.kxcdn.com/CN3.exe  (0e4aafbe3061d28161e2dd76205ae627)

4 / 68      (Malware)

1 / 68      (inconclusive)
http://cn3-14b7.kxcdn.com/CN3.exe  (85a35cb56523ebe95ca967285a4f3923)

4 / 68      (Malware)

4 / 68      (Malware)
http://cn3-14b7.kxcdn.com/CN3.exe  (00c04ad6b93014c33219b71d278c1e5b)

2 / 68      (inconclusive)
http://cn3-14b7.kxcdn.com/CN3.exe  (3d032fecfa4b7212cc7d569e72708f26)

The following 11 files have been seen to comunicate with cn3-14b7.kxcdn.com in live environments.

URL:
http://cn3-14b7.kxcdn.com/

SSL certificate subject:
CN=*.kxcdn.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
keycdn-engine

30 of 34 related domains