MalwareTips
Security Review

Is yg5sjx5kzy.com legit or a scam?

Our verdict:Dangerous· 12/100

This domain is a high-risk malware distribution hub linked to Hola VPN that is actively flagged by multiple security vendors for malicious activity.

Top reasons
Five antivirus engines (including Webroot and CyRadar) flag the site as malicious or phishing.Confirmed malware distribution point in multiple sandbox analysis reports.Associated with unwanted background processes and system driver installations.
yg5sjx5kzy.comScanned 18h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 18
Category tags
malwarephishing#malware90% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
5/92
Engines flagged this URL
Domain Age
Registration date unknown
MT Intelligence
Dangerous
Critical likelihood · 90% confidence
DANGEROUS

Critical risk detected

5 of 92 antivirus engines flag this page as malicious. Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

Screenshot of yg5sjx5kzy.com
LIVE RENDER
yg5sjx5kzy.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust18/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
Our analysis identifies this domain as a delivery vector for unwanted and malicious software. While it appears to be part of the Hola VPN network, five major antivirus engines including Webroot, CyRadar, and Criminal IP flag it for phishing and malware. Sandbox analysis from multiple sources confirms the site drops executables and launches background processes that security tools classify as malicious. Users frequently report that their antivirus software blocks connections to this domain's subdomains during software installations. The lack of transparent ownership information and the presence of crypto-only checkout patterns further decrease its reliability.
Full dossier
Analysis complete

Page Content

The page presents itself as an official portal for Hola VPN, offering free access to worldwide content. However, our crawler detected a 'Crypto-Only Checkout' pattern, which is highly unusual for a legitimate VPN service. The site lacks a visible postal address and does not use a domain-specific email for support.

Infrastructure

The site is hosted on an IP with a history of abuse reports. It utilizes a valid SSL certificate from Sectigo, but the underlying infrastructure is heavily flagged. Subdomains such as client.yg5sjx5kzy.com and perr.yg5sjx5kzy.com are actively used to serve files that trigger malware alerts.

Domain History

The domain was registered in September 2023 via GoDaddy. While it has been active for over two years, its reputation has steadily declined as security researchers have documented its role in distributing unwanted software and maintaining persistent connections on user devices.

Web Reputation

Reputation data is overwhelmingly negative across professional security circles. Multiple independent sandboxes have labeled the domain's activity as malicious. While some automated trust aggregators give it a moderate score based on age, these do not account for the specific malware signatures detected by our antivirus network.
Risk Factors
6
  • Five antivirus engines (including Webroot and CyRadar) flag the site as malicious or phishing.
  • Confirmed malware distribution point in multiple sandbox analysis reports.
  • Associated with unwanted background processes and system driver installations.
  • Subdomains are actively blacklisted by major antivirus providers like Avast.
  • Triggers 'Crypto-Only Checkout' scam family signatures.
  • No verifiable business address or domain-based contact email.
Positive Signals
2
  • The domain has been registered for over two years.
  • Valid SSL certificate is currently active.
AI Recommendation
Do not download any software from this site or allow it to install browser extensions. If you have already installed software from this domain, run a full system scan with a reputable antivirus immediately.
Scam network detected
4 linked domains correlated

The domain is deeply integrated into the Hola VPN infrastructure and is used to facilitate software updates and background communications that are frequently flagged as malicious.

client.yg5sjx5kzy.comperr.yg5sjx5kzy.comcdn4.yg5sjx5kzy.comhola.org
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for yg5sjx5kzy.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration
Active · Israel
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
4 scam reports · 2 positive
Key findings
7 headline facts from open-web research
  • Domain registered September 3, 2023 via GoDaddy.com, LLC (approx. 2.7 years old as of analysis).
  • Strongly associated with Hola VPN: multiple sandbox reports show Hola-Setup executables, hola_svc.exe, and connections during VPN installer analysis.
  • Multiple security vendors and sandboxes (ANY.RUN, Joe Sandbox, Avast, Kaspersky, AlienVault OTX) flag subdomains (client.yg5sjx5kzy.com, perr.yg5sjx5kzy.com, cdn4.yg5sjx5kzy.com, zagent*.yg5sjx5kzy.com) as malicious or blacklisted.
  • ANY.RUN verdict: "Malicious activity" (Sep 2024); observed dropping executables, self-launching processes, system driver, and network traffic to the domain.
  • Avast repeatedly blocks connections to subdomains as URL:Blacklist in Chrome; users report unwanted connections linked to Hola VPN installation.
  • Listed among sites using Adyen payment processing; some Joe Sandbox reports reference payment-related paths and Chrome Web Store traffic.
  • GridinSoft assigns 78/100 trust score citing age, registrar, and traffic; however, this contrasts with multiple malware analysis verdicts.
Scam reports (4)
Direct quotes from public scam databases, forums, and news.
  • ANY.RUNopen

    "Verdict: Malicious activity"

  • Avast Communityopen

    "URL:Blacklist ... perr.yg5sjx5kzy.com ... client.yg5sjx5kzy.com"

  • Avast Communityopen

    "my Avast is constantly detecting URLs ... client-cdn4.yg5sjx5kzy.com"

  • Joe Sandboxopen

    "Automated Malware Analysis Report for http://yg5sjx5kzy.com"

Positive reviews (2)
Quotes indicating the site is legitimate.
  • GridinSoftopen

    "Yg5sjx5kzy.com Review: Is It Safe? (78/100 Trust Score) ... domain age of 2.7 years; popular site; standard payment methods"

  • Scamadviseropen

    "cdn4.yg5sjx5kzy.com is very likely not a scam but legit and reliable"

Business registration
Status: active · Israel

Associated with Hola Networks Ltd. (Hola VPN); registered via GoDaddy on 2023-09-03

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
Our research uncovered several critical security reports. Malware analysis platforms have issued verdicts of 'Malicious activity' after observing the domain dropping executables and launching unauthorized system processes. Users on antivirus community forums have reported constant blocks when their browsers attempt to connect to this domain's subdomains. Although some trust aggregators cite its 2.7-year age as a positive, the consensus among threat intelligence sources is that the domain is used for harmful software distribution.

Antivirus Engines

Detection matrix · live
5 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

5Malicious0Suspicious57Harmless92Engines
0
of 92
alphaMountain.ai
Malicious· malicious
Chong Lua Dao
Malicious· malicious
Criminal IP
Malicious· phishing
CyRadar
Malicious· malicious
Webroot
Malicious· malicious

5 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
Has contact info, but not on the site's domain
Emails on site's domainNone
Phone numbers1-888-538-9204
Postal addressNot listed
Linked social profiles1
Signal Summary
Several contact red flags
  • No email uses the site's own domain — legitimate shops usually do.
  • No postal address visible on the page.
  • Scam family match: Crypto-Only Checkout.
  • Phone number listed (1-888-538-9204).

Domain & Encryption

Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerSectigo Limited · Sectigo Public Server Authentication CA DV R36
ExpiresSep 3, 2026 (75d)
Self-signedNo
Hosting & Technology
HostingAmazon Technologies Inc.
Server locationUS
Web servernginx
Platform / CMSWordPress

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://yg5sjx5kzy.com/
  • 2200https://yg5sjx5kzy.com/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file1
ISPAmazon Technologies Inc.
Usage typeData Center/Web Hosting/Transit

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

  • Do not interact with yg5sjx5kzy.com

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

brightdata.comgoogletagmanager.comfonts.gstatic.comgoogle-analytics.comfacebook.comconnect.facebook.nethola.orgclarity.mssupport.hola.orgchromewebstore.google.comsupport.google.comsupport.apple.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags yg5sjx5kzy.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — yg5sjx5kzy.com scored 12/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. yg5sjx5kzy.com presents a valid TLSv1.3 certificate issued by Sectigo Limited · Sectigo Public Server Authentication CA DV R36, expiring in 75 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • 5 out of 92 antivirus engines in our malware network flagged yg5sjx5kzy.com as malicious or suspicious (5 outright malicious). Even one detection is a meaningful signal.
  • No. yg5sjx5kzy.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • yg5sjx5kzy.com resolves to an IP operated by Amazon Technologies Inc. in US (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 20, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around yg5sjx5kzy.com have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·yg5sjx5kzy.com
DANGEROUS

This domain is a known distribution point for malicious software associated with the Hola VPN infrastructure. Multiple security engines and sandboxes have confirmed it serves malware and triggers browser blocklists. You should avoid interacting with this site or any software it attempts to download.

Do not download any software from this site or allow it to install browser extensions. If you have already installed software from this domain, run a full system scan with a reputable antivirus immediately.

AV engines
92
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
auspost.customerserviceqp.com
39m ago
Read the review
Dangeroustrust3
jpphantom.com
40m ago
Read the review
Dangeroustrust22
melaniatrumpcoffee.com
40m ago
Read the review
Dangeroustrust3
tomolife1.vercel.app
42m ago
Read the review
Dangeroustrust1
0991contacto.github.io
42m ago
Read the review
Dangeroustrust3
btc-veralith-v30.sbs
44m ago
Read the review
Dangeroustrust1
moonshot-listing-khe.netlify.app
44m ago
Read the review
Dangeroustrust1
moonshot-listing-kvc.netlify.app
44m ago
Read the review
Dangeroustrust1
moviepire.net
46m ago
Read the review
Dangeroustrust1
alert-navyfederal.web.app
46m ago
Read the review
Dangeroustrust1
org-007.github.io
46m ago
Read the review
Dangeroustrust5
mercadolivreoutlet.com
2h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.