vnl1.izabelcoin.com

PERFECT PRIVACY, LLC  (Proxy Registrant)

Domain Information

The domain vnl1.izabelcoin.com is registered by proxy through Network Solutions, LLC and was originally registered in July of 2015. Currently this domain has been known to host various forms of malware. The hosted servers are located in Providence, Utah within the United States which resides on the Hosting Services, Inc. network.
Registrar:
Network Solutions, LLC

Server location:
Utah, United States (US)

Create date:
Wednesday, July 1, 2015

Expires date:
Friday, July 1, 2016

Updated date:
Wednesday, July 1, 2015

ASN:
AS32780 HOSTINGSERVICES-INC - Hosting Services, Inc., US

Root domain:

Scanner detections:
Malware distribution  (94% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/Sality.NBA virus, Win32/BitCoinMiner.BY potentially unsafe application, Win32/Parite.B virus, Win32/Madang.A virus
56.25%

Dr.Web
Win32.Sector.30, Detection.Undefined, Win32.Parite.2, Win32.Angel
52.08%

Norman
Win32.Sality.3, Gen:Variant.Application.BitcoinMiner.16, Win32.Parite.B, Win32.Madangel.DIA, Zum.BitCoinMiner.1
50.00%

McAfee
Virus.Artemis!9F29294BD754, Program.Artemis!17226C12B6DA, Virus.Artemis!6A49E3932AB7, Virus.Artemis!887039843F17, Program.Artemis!6FEC8A0B6F30, Trojan.Artemis!5A3AC2D74153
47.92%

Emsisoft Anti-Malware
Win32.Sality, Gen:Variant.Application.BitcoinMiner.16, Win32.Parite, Win32.Madangel.DIA, Trojan.Generic.17233820
45.83%

avast!
Win32:SaliCode, Win32:Kukacka, Win32:Malware-gen, Win32:Parite, Win32:Madangel
45.83%

Reason Heuristics
Adware.Amonetize.OpenSour.Installer.Meta (M), Threat.Win.Reputation.IMP, PUP.BitCoinMiner (M)
41.67%

Microsoft Security Essentials
Threat.Undefined
41.67%

Kaspersky
Virus.Win32.Sality, not-a-virus:RiskTool.Win32.BitCoinMiner, Virus.Win32.Parite, Virus.Win32.Small, not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner
41.67%

F-Prot
W32/Sality.gen2, W32/Sality.E.gen, W32/Parite.B, New or modified Small
39.58%

AVG
Win32/Sality, Win32/Parite, Win32/Madang.C
37.50%

F-Secure
Win32.Sality.3, Variant.Application.BitcoinMiner, Win32.Parite.B, Win32.Madangel.DIA, Zum.BitCoinMiner.1, Trojan.Generic.17233820
37.50%

VIPRE Antivirus
Threat.4721115, Threat.4758034, Threat.4150696
14.58%

Sophos
PUA 'CpuMiner'
4.17%

The domain vnl1.izabelcoin.com has been seen to resolve to the following 4 IP addresses.

usny01.proinity.net
May 16, 2016

camo02.proinity.net
April 15, 2016

April 12, 2016

hosted-by.Eqserver.com
April 12, 2016

File downloads found at URLs served by vnl1.izabelcoin.com.

1 / 68      (PUP)
https://vnl1.izabelcoin.com/vnl1.exe  (5f79f503edd69d146bad44148ac43578)

The following 11 files have been seen to comunicate with vnl1.izabelcoin.com in live environments.

URL:
http://vnl1.izabelcoin.com/

SSL certificate subject:
CN=vnl1.izabelcoin.com

SSL certificate issuer:
CN=Let's Encrypt Authority X1, O=Let's Encrypt, C=US

Web server:
keycdn-engine

30 of 34 related domains