MalwareTips
SUSPICIOUS

Warning signs detected

Alibaba Cloud OSS subdomain with no legitimate web presence; similar infrastructure commonly used for malware distribution in Asia. Several risk indicators suggest caution. This site might be legitimate — but treat it as unverified until you can independently confirm.

Security Review

Is letivpn1.oss-cn-hongkong.aliyuncs.com legit or a scam?

Our verdict:Suspicious· 55/100

Alibaba Cloud OSS subdomain with no legitimate web presence; similar infrastructure commonly used for malware distribution in Asia.

Top reasons
Subdomain of Alibaba Cloud OSS infrastructure, which is frequently abused for malware distribution and payload hosting in documented campaigns.Similar subdomains under the same parent domain (oss-cn-hongkong.aliyuncs.com) have been linked to Lumma Stealer and other info-stealing trojans.No legitimate web presence, business registration, or search results for 'letivpn1' — appears to be a storage object path, not a genuine service.
letivpn1.oss-cn-hongkong.aliyuncs.comScanned 1h ago
Post Facebook
0
Trust score
SUSPICIOUS
Heuristics 95·MT 40
Category tags
malware-distributioninfrastructure-abuse#Malware72% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
14 years old
Registered Apr 1, 2012
MT Intelligence
Suspicious
High likelihood · 72% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
High scam likelihoodengineMT · Guardiantrust40/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The URL points to a subdomain of Alibaba Cloud's Object Storage Service (OSS) in Hong Kong, a legitimate cloud infrastructure provider. However, our research found that this exact same OSS infrastructure is routinely abused by malware operators to host trojans, info-stealers, and malware loaders. Similar subdomains under the same parent domain have been linked to Lumma Stealer and other malicious payloads. The specific subdomain 'letivpn1' has no search results, no business registration, no reviews, and no legitimate web footprint — it appears to be a storage object path rather than a genuine service. While the parent Alibaba domain is 14 years old and has valid SSL, this does not legitimize individual storage buckets hosted there. The combination of zero web presence, the known-abuse pattern of this infrastructure, and the naming convention (mimicking a VPN service) suggests this subdomain is likely being used for malware distribution or payload hosting.
Full dossier
Analysis complete

Page Content

The subdomain resolves to an Alibaba Cloud Object Storage Service (OSS) endpoint in Hong Kong. No legitimate website, service, or business information is hosted at this address. The subdomain name 'letivpn1' does not correspond to any registered business or known legitimate service.

Infrastructure

Hosted on Alibaba Cloud's OSS infrastructure (IP 47.79.64.252, Hong Kong region). SSL certificate is valid and issued by GlobalSign. The hosting IP has zero abuse reports and a clean reputation score. However, Alibaba OSS buckets are a known vector for malware distribution, particularly in campaigns targeting Asian users.

Domain History

The parent domain (aliyuncs.com) is 5181 days old (~14 years), reflecting Alibaba's long-standing cloud service. However, individual storage objects and subdomains can be created and repurposed at any time. The age of the parent infrastructure does not indicate the legitimacy of this specific subdomain.

Web Reputation

Zero scam reports, zero complaints, and zero positive reviews found. Similar OSS subdomains have been documented hosting Lumma Stealer, trojans, and other malware. No independent review aggregators have rated this subdomain. The absence of any web presence or legitimate use case is itself a risk signal.

Risk Factors
7
  • Subdomain of Alibaba Cloud OSS infrastructure, which is frequently abused for malware distribution and payload hosting in documented campaigns.
  • Similar subdomains under the same parent domain (oss-cn-hongkong.aliyuncs.com) have been linked to Lumma Stealer and other info-stealing trojans.
  • No legitimate web presence, business registration, or search results for 'letivpn1' — appears to be a storage object path, not a genuine service.
  • Subdomain name mimics a VPN service ('letivpn') but has no connection to any legitimate VPN provider.
  • Alibaba OSS Hong Kong buckets are commonly abused in SEO poisoning, phishing, and malware-loader campaigns targeting Asian users.
  • Zero scam reports and zero complaints may reflect low visibility rather than legitimacy — storage buckets used for malware distribution often have minimal public footprint.
  • No independent trust aggregators have rated this subdomain; no positive reviews or business verification found.
Positive Signals
5
  • Valid SSL certificate issued by a trusted certificate authority (GlobalSign).
  • Hosting IP has zero abuse reports and a clean reputation score.
  • Parent domain (Alibaba Cloud) is a legitimate, established cloud-infrastructure provider.
  • No antivirus engines flagged the subdomain as malicious in our scan.
  • No browser blocklists flagged the subdomain.
AI Recommendation
Do not download or execute any files from this subdomain. If you encountered this URL in an email, message, or advertisement, treat it as a potential malware-distribution vector and report it to your email provider or platform. Do not visit this URL on a device containing sensitive data.
Scam network detected
3 linked domains correlated

Similar subdomains under the same Alibaba OSS parent domain have been documented hosting malware, including Lumma Stealer and other info-stealing trojans. This subdomain follows the same pattern: minimal web presence, storage-object naming, and no legitimate business operation.

lusibuck.oss-cn-hongkong.aliyuncs.comkkwinapp.oss-cn-hongkong.aliyuncs.comyangyangoss8.oss-cn-hongkong.aliyuncs.com
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of letivpn1.oss-cn-hongkong.aliyuncs.com
LIVE RENDER
letivpn1.oss-cn-hongkong.aliyuncs.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for letivpn1.oss-cn-hongkong.aliyuncs.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
14 yrs
Registered Apr 2012
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
No scam reports found
No complaints, no negative coverage turned up in our sweep.
Key findings
7 headline facts from open-web research
  • Domain is a subdomain of Alibaba Cloud Object Storage Service (OSS) in the Hong Kong region, commonly used for hosting files, including malware payloads in multiple documented campaigns.
  • No direct search results, reports, reviews, or mentions of the exact subdomain "letivpn1.oss-cn-hongkong.aliyuncs.com" were found across web searches.
  • Similar OSS-CN-HONGKONG.ALIYUNCS.COM subdomains (e.g., lusibuck.oss-cn-hongkong.aliyuncs.com, kkwinapp.oss-cn-hongkong.aliyuncs.com, yangyangoss8.oss-cn-hongkong.aliyuncs.com) have been linked to malware distribution, including Lumma Steale
  • Alibaba OSS Hong Kong buckets are frequently abused in SEO poisoning, phishing, and malware loader campaigns targeting users in Asia, often delivering trojanized software or info-stealers.
  • The string "letivpn" shows minimal unrelated or garbled mentions (e.g., in social media OCR or blog spam); it may be a variant or typo related to the legitimate LetsVPN service (letsvpn.world), but no confirmed connection.
  • Domain age of 5181 days (~14 years) aligns with the long-standing Alibaba Cloud OSS infrastructure, not necessarily indicating legitimacy of specific objects stored there.
  • No VirusTotal, URL scanning, Reddit, Trustpilot, or complaint site results specifically for this subdomain.
Research summary
Narrative write-up from our AI analyst, grounded on the facts above

We searched scam-report databases, consumer-review sites, and general web sources for letivpn1.oss-cn-hongkong.aliyuncs.com and found no scam reports, complaints, or positive reviews. However, our research identified that the parent Alibaba Cloud OSS infrastructure in Hong Kong is frequently abused for malware distribution. Similar subdomains under the same parent domain have been linked to Lumma Stealer and other trojans targeting Asian users. The specific subdomain 'letivpn1' has no legitimate web footprint, no business registration, and no search results — consistent with a storage bucket used for payload hosting rather than a genuine service.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious60Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Sandbox Render
Sandbox capture incomplete — no traffic recorded
Requests made0
Unique IPs0
Countries0
Detected brandsNone

Domain & Encryption

Domain History
Age14 years old
RegistrarAlibaba Cloud Computing (Beijing) Co., Ltd.
RegisteredApr 1, 2012
ExpiresApr 1, 2030
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.2
IssuerGlobalSign nv-sa · GlobalSign GCC R3 OV TLS CA 2024
ExpiresMar 8, 2027 (272d)
Self-signedNo
Hosting & Technology
HostingAlibaba Cloud LLC
Server locationHK

Server Reputation

Hosting
CountryUnknown
NetworkUnknown
IP addressUnknown
Abuse Intelligence
Confidence score0%
Reports on file0
ISPAlibaba Cloud LLC
Usage typeData Center/Web Hosting/Transit

Scam-Type Likelihood

1 scam-type patterns detected
Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Malware
Malware
Low-level signals
15/100
  • AI analyst tagged this as malware / drive-by / cracked app.

Possible malware risk

Signals suggest this page may deliver malicious files or exploit the browser.

  • Treat letivpn1.oss-cn-hongkong.aliyuncs.com as unverified

    Do not enter credentials or send money until you have independently verified the business.

  • If you downloaded or ran a file from here

    Disconnect the device from the internet, run a full scan with a reputable antivirus (Malwarebytes, ESET, Bitdefender), and consider a second-opinion scanner. Change passwords on any account you used from the device afterwards — ideally from a different device.

  • Get free cleanup help

    MalwareTips has a dedicated malware-removal team who walk you through cleanup one-on-one.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review marked letivpn1.oss-cn-hongkong.aliyuncs.com as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.
  • letivpn1.oss-cn-hongkong.aliyuncs.com currently scores 55/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.
  • Yes. letivpn1.oss-cn-hongkong.aliyuncs.com presents a valid TLSv1.2 certificate issued by GlobalSign nv-sa · GlobalSign GCC R3 OV TLS CA 2024, expiring in 272 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • letivpn1.oss-cn-hongkong.aliyuncs.com is 14.2 years old, registered on 4/1/2012 through Alibaba Cloud Computing (Beijing) Co., Ltd.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report letivpn1.oss-cn-hongkong.aliyuncs.com as clean.
  • No. letivpn1.oss-cn-hongkong.aliyuncs.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • letivpn1.oss-cn-hongkong.aliyuncs.com resolves to an IP operated by Alibaba Cloud LLC in HK (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • We cache results for 24 hours. Signed-in MalwareTips members can trigger a manual rescan at any time using the "Rescan" button on the report page, which re-runs every check from scratch and refreshes this page.

Final Verdict

0
Trust / 100
Final Verdict·letivpn1.oss-cn-hongkong.aliyuncs.com
SUSPICIOUS

This is a subdomain of Alibaba Cloud's object-storage service in Hong Kong. While the domain itself is old and has clean antivirus scans, the same Alibaba OSS infrastructure is frequently abused to host malware and info-stealers targeting Asian users. The specific subdomain 'letivpn1' has no legitimate web presence and shows no signs of legitimate use.

Do not download or execute any files from this subdomain. If you encountered this URL in an email, message, or advertisement, treat it as a potential malware-distribution vector and report it to your email provider or platform. Do not visit this URL on a device containing sensitive data.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Suspicious reports

Browse all reports
Suspicioustrust56
llaun.ch
1h ago
Read the review
Suspicioustrust75
ssl.com
2h ago
Read the review
Suspicioustrust50
footprintiq.app
2h ago
Read the review
Suspicioustrust72
softpedia.com
3h ago
Read the review
Suspicioustrust47
mixcloud.com
4h ago
Read the review
Suspicioustrust59
asmrfree.com
5h ago
Read the review
Suspicioustrust67
joinclnr.co
5h ago
Read the review
Suspicioustrust52
teamhealth.com
5h ago
Read the review
Suspicioustrust55
papyrio.app
5h ago
Read the review
Suspicioustrust61
xrares.com
6h ago
Read the review
Suspicioustrust59
racingfamilyvillage.com
6h ago
Read the review
Suspicioustrust64
asfaleia-zois.gr
6h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.