MalwareTips
Security Review

Is su89-cdn.net legit or a scam?

Our verdict:Suspicious· 55/100

Hola VPN's CDN infrastructure flagged in malware sandboxes for aggressive P2P activity; legitimate but controversial service with privacy and removal concerns.

Top reasons
Malware sandboxes flag multiple subdomains (zagent*.su89-cdn.net, client-cdn*.su89-cdn.net) with 'Malicious activity' verdicts linked to Hola client processes.Reddit users and security forums report persistent outbound pings to zagent subdomains that users cannot easily stop or remove.Hola's P2P model turns user devices into exit nodes for paying customers, creating privacy and liability concerns that have drawn criticism since 2015.
su89-cdn.netScanned 1h ago
Post Facebook
0
Trust score
SUSPICIOUS
Heuristics 100·MT 40
Category tags
cdn / infrastructurevpn / proxy service#Data Harvester72% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
3 years old
Registered Mar 13, 2023
MT Intelligence
Suspicious
High likelihood · 72% confidence
SUSPICIOUS

Warning signs detected

Hola VPN's CDN infrastructure flagged in malware sandboxes for aggressive P2P activity; legitimate but controversial service with privacy and removal concerns. Several risk indicators suggest caution. This site might be legitimate — but treat it as unverified until you can independently confirm.

Website Preview

Screenshot of su89-cdn.net
LIVE RENDER
su89-cdn.net

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
High scam likelihoodengineMT · Guardiantrust40/100
MT AgentLive web researchVisual inspection
0%
Confidence
su89-cdn.net is registered to Hola VPN Ltd, an Israeli company operating a peer-to-peer proxy service for over 16 years. The domain itself is not a scam, and our antivirus network shows no malicious detections. However, multiple malware sandboxes flag subdomains (zagent*.su89-cdn.net, client-cdn*.su89-cdn.net) with 'Malicious activity' verdicts tied to Hola's browser extension and client processes. Reddit users and security forums report persistent outbound pings to these subdomains that users cannot easily stop or remove. Hola's business model — turning user devices into exit nodes for paying customers — creates legitimate privacy and security concerns. The high sandbox flags and user complaints reflect the service's aggressive P2P behavior rather than traditional fraud, but the difficulty users face in removing the software and the persistent background connections elevate the risk profile.
Full dossier
Analysis complete

Page Content

The landing page presents Hola as a fast, secure VPN and proxy unblocker with 321 million members, 4.9-star Chrome Web Store rating, and 16 years in business. The page loads legitimate marketing copy and links to Hola's support, blog, and app stores. No phishing forms, countdown timers, or credential-harvest patterns detected.

Infrastructure

Domain su89-cdn.net is hosted on IP 107.22.193.119 (AWS) with a valid Sectigo SSL certificate. The IP has zero abuse reports and a clean reputation score. The domain is 1,184 days old (registered via GoDaddy), and WHOIS privacy is disabled. External resources load from legitimate CDN and analytics providers (Google Tag Manager, Google Analytics, Bright Data, Facebook Pixel, Clarity).

Domain History

Registered approximately 3.2 years ago by Hola VPN Ltd, an active Israeli company. The domain age and business registration are consistent with a legitimate, established service. No evidence of recent ownership changes, domain hijacking, or reregistration.

Web Reputation

Our antivirus network reports 0/92 engines flagged as malicious and 0 as suspicious. Browser blocklists are clean. However, malware sandboxes flag subdomains (zagent29, client-cdn4) with 'Malicious activity' verdicts. Reddit users report persistent outbound connections to zagent*.su89-cdn.net that Malwarebytes blocks. Independent traffic classifiers recognize the domain as Internet Software owned by Hola. One independent review site rates a proxyjs subdomain as 'very likely not a scam but legit and reliable,' while another rates a zagent subdomain as a scam with a 10/100 trust score.

Risk Factors
7
  • Malware sandboxes flag multiple subdomains (zagent*.su89-cdn.net, client-cdn*.su89-cdn.net) with 'Malicious activity' verdicts linked to Hola client processes.
  • Reddit users and security forums report persistent outbound pings to zagent subdomains that users cannot easily stop or remove.
  • Hola's P2P model turns user devices into exit nodes for paying customers, creating privacy and liability concerns that have drawn criticism since 2015.
  • No email contact on the site's own domain; no phone number or postal address listed — typical of CDN infrastructure pages but limits user recourse.
  • Multiple independent review sites give conflicting ratings: one rates a zagent subdomain as a scam (10/100), another rates a proxyjs subdomain as legitimate.
  • Users report difficulty fully removing Hola software after installation, suggesting aggressive or persistent installation behavior.
  • Hola has faced past botnet-related controversy, raising questions about the trustworthiness of its P2P infrastructure.
Positive Signals
5
  • Domain is 1,184 days old with active business registration in Israel; not a newly-created throwaway domain.
  • Our antivirus network reports zero malicious or suspicious detections across 92 engines.
  • Valid SSL certificate issued by Sectigo; HTTPS connection is secure.
  • Hosting IP (AWS) has zero abuse reports and a clean reputation score.
  • Hola VPN is a recognized, long-established service with 321 million users and a 4.9-star Chrome Web Store rating.
AI Recommendation
Do not enter payment details or personal information on this domain — it is a CDN infrastructure page, not a user-facing service. If you have installed Hola VPN and wish to remove it, use your system's standard uninstall process and verify removal in your browser extensions and startup programs. Be aware that Hola's P2P model carries privacy risks; consider a mainstream VPN provider if privacy is
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for su89-cdn.net, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
3.2 yrs
Registered Mar 2023
Business registration
Active · Israel
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
4 scam reports · 2 positive
Key findings
7 headline facts from open-web research
  • su89-cdn.net is a CDN domain owned by and used exclusively by Hola VPN (Hola VPN Ltd / hola.org) for its peer-to-peer proxy/VPN service.
  • Subdomains such as zagent####.su89-cdn.net, client.su89-cdn.net, and client-cdn4.su89-cdn.net frequently appear in malware sandboxes (ANY.RUN) with "Malicious activity" verdicts, often linked to Hola Browser/Extension processes (chrome.exe
  • Multiple Reddit users and Malwarebytes forum posts report persistent outbound connections, pings, and blocked attempts to zagent*.su89-cdn.net, with some users unable to fully remove Hola software.
  • Hola VPN is a controversial P2P service that turns user devices into exit nodes for other users (including paid Luminati/Bright Data customers); it has faced major criticism since 2015 for privacy risks, potential liability, and past botnet
  • Domain age matches the provided 1184 days (~3.2 years); SSL certificate ties to *.hola.org; classified as Internet Software by traffic analyzers with significant global ranking.
  • No traditional scam reports for the root domain itself; security vendor flags stem from its association with Hola's aggressive P2P client behavior rather than direct fraud.
  • Page title claiming "Fast, Secure, and Reliable Proxy Unblocker & VPN" aligns with Hola's marketed functionality.
Scam reports (4)
Direct quotes from public scam databases, forums, and news.
  • ANY.RUNopen

    "Malware analysis zagent29.su89-cdn.net Malicious activity"

  • ANY.RUNopen

    "Online sandbox report for client-cdn4.su89-cdn.net/client_cgi/conn_test, verdict: Malicious activity"

  • Redditopen

    "My pc keeps pinging this website and I have no idea what it is... zagent2665.su89-cdn.net and malwarebytes says its outbound"

  • Scamminderopen

    "Is zagent1610.su89-cdn.net a Scam? 10/100 Trust Score (Scam)"

Positive reviews (2)
Quotes indicating the site is legitimate.
  • Klazifyopen

    "su89-cdn.net is classified under Internet Software, owned by Hola - Access Global Content"

  • Scamadviseropen

    "proxyjs.su89-cdn.net is very likely not a scam but legit and reliable"

Business registration
Status: active · Israel

Owned by Hola VPN Ltd (also referred to as Hola - Access Global Content); domain registered ~3.2 years ago via GoDaddy with privacy protection

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Malware sandboxes flag multiple subdomains of su89-cdn.net with 'Malicious activity' verdicts, typically linked to Hola's browser extension and client processes. Reddit users and security forums report persistent outbound connections to zagent subdomains that users struggle to remove. Independent review sites show conflicting assessments: one rates a zagent subdomain as a scam (10/100), while another rates a proxyjs subdomain as legitimate. Traffic classifiers confirm the domain is owned by Hola VPN Ltd, an Israeli company operating a peer-to-peer proxy service. The sandbox flags and user complaints reflect Hola's aggressive P2P client behavior and the difficulty users face in removing the software, rather than traditional fraud.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious60Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
Has contact info, but not on the site's domain
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles1
Signal Summary
Several contact red flags
  • No email uses the site's own domain — legitimate shops usually do.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age3 years old
RegistrarGoDaddy.com, LLC
RegisteredMar 13, 2023
ExpiresMar 13, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerSectigo Limited · Sectigo Public Server Authentication CA DV R36
ExpiresOct 19, 2026 (131d)
Self-signedNo
Hosting & Technology
HostingAmazon.com, Inc.
Server locationUS
Web servernginx
Platform / CMSWordPress
PopularityTop 100k worldwide

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://su89-cdn.net/
  • 2200https://su89-cdn.net/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPAmazon.com, Inc.
Usage typeData Center/Web Hosting/Transit

Proceed with caution

Our automated review flagged enough risk that you should treat this site as unverified.

  • Treat su89-cdn.net as unverified

    Do not enter credentials or send money until you have independently verified the business.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

brightdata.comgoogletagmanager.comfonts.gstatic.comgoogle-analytics.comfacebook.comconnect.facebook.nethola.orgclarity.mssupport.hola.orgchromewebstore.google.comsupport.google.comsupport.apple.comwidget.intercom.io

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review marked su89-cdn.net as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.
  • su89-cdn.net currently scores 55/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.
  • Yes. su89-cdn.net presents a valid TLSv1.3 certificate issued by Sectigo Limited · Sectigo Public Server Authentication CA DV R36, expiring in 131 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • su89-cdn.net is 3.2 years old, registered on 3/13/2023 through GoDaddy.com, LLC. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report su89-cdn.net as clean.
  • No. su89-cdn.net is not currently listed on the major browser blocklist feeds that modern browsers use.
  • su89-cdn.net resolves to an IP operated by Amazon.com, Inc. in US (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Yes. su89-cdn.net sits in the global top-100k on Cloudflare Radar, which means it has substantial real-world traffic. That does not automatically make it safe, but established brands almost always rank here and throwaway scam domains almost never do.

Final Verdict

0
Trust / 100
Final Verdict·su89-cdn.net
SUSPICIOUS

su89-cdn.net is a legitimate CDN owned by Hola VPN Ltd, but the domain and its subdomains are flagged repeatedly in malware sandboxes for aggressive peer-to-peer client behavior. Users report persistent unwanted outbound connections and difficulty removing the software.

Do not enter payment details or personal information on this domain — it is a CDN infrastructure page, not a user-facing service. If you have installed Hola VPN and wish to remove it, use your system's standard uninstall process and verify removal in your browser extensions and startup programs. Be aware that Hola's P2P model carries privacy risks; consider a mainstream VPN provider if privacy is

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Suspicious reports

Browse all reports
Suspicioustrust73
crazyegg.com
36m ago
Read the review
Suspicioustrust49
kynvale.com
38m ago
Read the review
Suspicioustrust66
dailymail.com
38m ago
Read the review
Suspicioustrust52
aijiaox.com
40m ago
Read the review
Suspicioustrust52
livarodesign.com
41m ago
Read the review
Suspicioustrust63
filester.me
1h ago
Read the review
Suspicioustrust61
sdn002binsir.h2h.my.id
2h ago
Read the review
Suspicioustrust52
ems-ycfms-aden.moeenautomation.com
2h ago
Read the review
Suspicioustrust71
gettyimages.com
2h ago
Read the review
Suspicioustrust75
wps.cn
2h ago
Read the review
Suspicioustrust61
passwords.ddns.info
2h ago
Read the review
Suspicioustrust57
switchroms.com
3h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.