home

vip.dns-vip.net

Song Li

Domain Information

The domain vip.dns-vip.net registered by Song Li was initially registered in September of 2012 through ENAME TECHNOLOGY CO., LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Wenzhou, Zhejiang within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
ENAME TECHNOLOGY CO., LTD.

Server location:
Zhejiang, China (CN)

Create date:
Friday, September 14, 2012

Expires date:
Thursday, September 14, 2017

Updated date:
Sunday, January 17, 2016

Root domain:
dns-vip.net

Whois:
3 dns-vip.net records

Google Safe Browsing:
malware,unwanted

Scanner detections:
Detections  (89% detected)

Scan engine
Details
Detections

McAfee
Artemis!74529155CCF6, Artemis!13A0F573E204, Artemis!FC8B3A4B6B58, Artemis!6D7A77FE5FF9, Artemis!DD6E8F199EAB, Artemis!8FDAD67EAD91, Artemis!E98FDCE88D5A, Artemis!31DC1F929480, Artemis!63404E559FBC
100.00%

Trend Micro House Call
TROJ_GEN.R0CBH0AJE13, TROJ_GEN.R0CBH08HN13, TROJ_GEN.F47V1206, TROJ_GEN.F47V1231, TROJ_GEN.R0CBB04K213, TROJ_GEN.R0CBOH0D814
88.89%

Sophos
Address Tool Bar, Mal/Emogen-F, Mal/Generic-S, AdLoad
77.78%

IKARUS anti.virus
Trojan-Dropper, Trojan.ATRAPS, Backdoor.Win32.Hupigon, Win32.Malware, Virus.Win32.VBInject
55.56%

Reason Heuristics
PUP.Installer.ShanghaiDragonHabitatNetworkInformationTechnologyCo.J, PUP.Installer.ShanghaiGaoxinComputerSystemColtd.N, PUP.Installer.ShanghaiGaoxinComputerSystemColtd.J
55.56%

Vba32 AntiVirus
Trojan.Genome.ai, suspected of Trojan.Downloader.gen.h, Backdoor.Agent
55.56%

Norman
Suspicious_Gen4.ESOLK, Suspicious_Gen2.JYJXQ, Suspicious_Gen4.GDPBB
44.44%

avast!
NSIS:Adware-KI [Adw], Win32:Malware-gen, NSIS:Malware-gen [Trj]
44.44%

AhnLab V3 Security
Trojan/Win32.Downloader, Malware/Win32.Suspicious
44.44%

Malwarebytes
Extension.Mismatch, Trojan.Downloader.Agent
44.44%

ViRobot
Trojan.Win32.S.Downloader.3878272, Trojan.Win32.S.Downloader.1924984, Trojan.Win32.S.Downloader.5194320
33.33%

Bkav FE
W32.Clod859.Trojan, W32.Clodec2.Trojan, W32.Clod056.Trojan
33.33%

F-Prot
W32/Hebogo.A2.gen, W32/Downldr2.IJOH
33.33%

Dr.Web
Trojan.MulDrop3.58937
33.33%

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
33.33%

The domain vip.dns-vip.net has been seen to resolve to the following 31 IP addresses.

115.28.105.76
May 15, 2016

115.29.200.128
May 15, 2016

182.92.22.32
September 5, 2014

115.28.112.30
ip28.hichina.com
September 5, 2014

223.6.249.106
September 5, 2014

115.29.229.207
AY140120154205Z
April 6, 2014

115.29.243.0
AY140120154206Z
April 6, 2014

115.29.9.31
AY140120154204Z
April 6, 2014

115.28.146.64
ip28.hichina.com
April 6, 2014

115.28.147.213
ip28.hichina.com
April 6, 2014

118.244.237.17
January 6, 2014

122.225.106.101
WIN-947497HL6N8
November 16, 2013

122.225.106.98
WIN-LUDF54H7IAL
November 16, 2013

61.183.35.28
November 16, 2013

61.183.35.29
November 16, 2013

61.183.35.30
November 16, 2013

61.191.188.42
November 16, 2013

61.191.188.26
November 16, 2013

60.191.144.82
November 16, 2013

60.191.144.89
November 16, 2013

60.191.144.84
November 16, 2013

60.191.144.83
November 16, 2013

60.191.144.90
November 16, 2013

60.191.144.88
November 16, 2013

121.63.179.183
November 16, 2013

121.63.179.185
November 16, 2013

121.63.179.182
November 16, 2013

121.63.160.41
November 16, 2013

121.63.179.186
November 16, 2013

121.63.179.184
November 16, 2013

 
Showing 30 of 31 IP Addresses

File downloads found at URLs served by vip.dns-vip.net.

16 / 68    (Malware)
http://vip.dns-vip.net/down.asp?id=301  (Setup.exe)

4 / 68      (inconclusive)
http://vip.dns-vip.net/down.asp?id=400  (setup421.exe)

6 / 68      (PUP)
http://vip.dns-vip.net/down14.asp?id=657  (setup437_game.exe)

6 / 68      (PUP)
http://vip.dns-vip.net/down.asp?id=657  (setup437_game.exe)

8 / 68      (Malware)
http://vip.dns-vip.net/down.asp?id=683  (setup683.exe)

17 / 68    (Malware)
http://vip.dns-vip.net/down.asp?id=23  (setup_023.exe)

9 / 68      (PUP)
http://vip.dns-vip.net/.../setup_296.exe  (6d7a77fe5ff9527d5a994c84386283d8)

8 / 68      (PUP)
http://vip.dns-vip.net/down.asp?id=204  (jz5u204_setup.exe)

10 / 68    (PUP)
http://vip.dns-vip.net/.../setup_027.exe  (13a0f573e204643a515102efa65b1904)

11 / 68    (PUP)
http://vip.dns-vip.net/.../setup_023.exe  (setup_369.exe)

11 / 68    (PUP)
http://vip.dns-vip.net/.../setup_364.exe  (setup_369.exe)

11 / 68    (PUP)
http://vip.dns-vip.net/.../setup_369.exe  (74529155ccf6f05d88a538d772a35f77)

URL:
http://vip.dns-vip.net/

Web server:
Microsoft-IIS/7.5 (ASP.NET)

haharili.com

tututool.com

vstart.net

fxxz.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.