vip.dns-vip.net

Song Li

Domain Information

The domain vip.dns-vip.net registered by Song Li was initially registered in September of 2012 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Wenzhou, Zhejiang within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Zhejiang, China (CN)

Create date:
Friday, September 14, 2012

Expires date:
Thursday, September 14, 2017

Updated date:
Sunday, January 17, 2016

Root domain:

Google Safe Browsing:
malware,unwanted

Scanner detections:
Detections  (89% detected)

Scan engine
Details
Detections

McAfee
Artemis!74529155CCF6, Artemis!13A0F573E204, Artemis!FC8B3A4B6B58, Artemis!6D7A77FE5FF9, Artemis!DD6E8F199EAB, Artemis!8FDAD67EAD91, Artemis!E98FDCE88D5A, Artemis!31DC1F929480, Artemis!63404E559FBC
100.00%

Trend Micro House Call
TROJ_GEN.R0CBH0AJE13, TROJ_GEN.R0CBH08HN13, TROJ_GEN.F47V1206, TROJ_GEN.F47V1231, TROJ_GEN.R0CBB04K213, TROJ_GEN.R0CBOH0D814
88.89%

Sophos
Address Tool Bar, Mal/Emogen-F, Mal/Generic-S, AdLoad
77.78%

IKARUS anti.virus
Trojan-Dropper, Trojan.ATRAPS, Backdoor.Win32.Hupigon, Win32.Malware, Virus.Win32.VBInject
55.56%

Reason Heuristics
PUP.Installer.ShanghaiDragonHabitatNetworkInformationTechnologyCo.J, PUP.Installer.ShanghaiGaoxinComputerSystemColtd.N, PUP.Installer.ShanghaiGaoxinComputerSystemColtd.J
55.56%

Vba32 AntiVirus
Trojan.Genome.ai, suspected of Trojan.Downloader.gen.h, Backdoor.Agent
55.56%

Norman
Suspicious_Gen4.ESOLK, Suspicious_Gen2.JYJXQ, Suspicious_Gen4.GDPBB
44.44%

avast!
NSIS:Adware-KI [Adw], Win32:Malware-gen, NSIS:Malware-gen [Trj]
44.44%

AhnLab V3 Security
Trojan/Win32.Downloader, Malware/Win32.Suspicious
44.44%

Malwarebytes
Extension.Mismatch, Trojan.Downloader.Agent
44.44%

ViRobot
Trojan.Win32.S.Downloader.3878272, Trojan.Win32.S.Downloader.1924984, Trojan.Win32.S.Downloader.5194320
33.33%

Bkav FE
W32.Clod859.Trojan, W32.Clodec2.Trojan, W32.Clod056.Trojan
33.33%

F-Prot
W32/Hebogo.A2.gen, W32/Downldr2.IJOH
33.33%

Dr.Web
Trojan.MulDrop3.58937
33.33%

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
33.33%

The domain vip.dns-vip.net has been seen to resolve to the following 31 IP addresses.

May 15, 2016

May 15, 2016

September 5, 2014

ip28.hichina.com
September 5, 2014

September 5, 2014

AY140120154205Z
April 6, 2014

AY140120154206Z
April 6, 2014

AY140120154204Z
April 6, 2014

ip28.hichina.com
April 6, 2014

ip28.hichina.com
April 6, 2014

January 6, 2014

WIN-947497HL6N8
November 16, 2013

WIN-LUDF54H7IAL
November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

November 16, 2013

 
Showing 30 of 31 IP Addresses

File downloads found at URLs served by vip.dns-vip.net.

16 / 68    (Malware)

4 / 68      (inconclusive)

6 / 68      (PUP)

6 / 68      (PUP)

8 / 68      (Malware)

17 / 68    (Malware)

9 / 68      (PUP)
http://vip.dns-vip.net/.../setup_296.exe  (6d7a77fe5ff9527d5a994c84386283d8)

8 / 68      (PUP)

10 / 68    (PUP)
http://vip.dns-vip.net/.../setup_027.exe  (13a0f573e204643a515102efa65b1904)

11 / 68    (PUP)

11 / 68    (PUP)

11 / 68    (PUP)
http://vip.dns-vip.net/.../setup_369.exe  (74529155ccf6f05d88a538d772a35f77)

URL:
http://vip.dns-vip.net/

Web server:
Microsoft-IIS/7.5 (ASP.NET)