s2.sfcdn.in

Zettly HB

Domain Information

The domain s2.sfcdn.in registered by Zettly HB was initially registered in May of 2012 through Enom Inc. (R46-AFIN). Currently this domain has been known to host various forms of malware. The hosted servers are located in Bucharest, Bucuresti within Romania which resides on the RIPE Network Coordination Centre network.
Registrar:
Enom Inc. (R46-AFIN)

Server location:
Bucuresti, Romania (RO)

Create date:
Wednesday, May 30, 2012

Expires date:
Saturday, May 30, 2015

Updated date:
Wednesday, April 30, 2014

ASN:
AS39743 VOXILITY-AS Voxility S.R.L.,RO

Root domain:

Scanner detections:
Malware distribution  (67% detected)

Scan engine
Details
Detections

avast!
Win32:PUP-gen [PUP], MSIL:GenMalicious-IW [Trj], MSIL:GenMalicious-L [Trj]
80.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
80.00%

NANO AntiVirus
Trojan.Win32.Click.cqokrx, Trojan.Win32.FrauDrop.cwkwaq, Trojan.Win32.Fsysna.crnaos
60.00%

Quick Heal
HackTool.Gendows (Not a Virus), TrojanDropper.FrauDrop.r3, Trojan.Fsysna.r3
60.00%

McAfee
Artemis!3976BD5FCBB7, Artemis!CC1F2C1508A4, Artemis!96280F494DA7
60.00%

Norman
Suspicious_Gen4.DEDBN, Gen:Variant.Kazy.296255, Troj_Generic.RRANV
60.00%

Agnitum Outpost
HackTool.WinActivator, Trojan.DR.FrauDrop, Trojan.Fsysna
60.00%

Sophos
W32/AutoRun-BSY, Mal/Generic-S
60.00%

Comodo Security
ApplicUnwnt.Win32.HackTool.WinActivator.~A, UnclassifiedMalware
60.00%

Microsoft Security Essentials
HackTool:Win32/Gendows, Backdoor:MSIL/Bladabindi, Threat.Undefined
60.00%

IKARUS anti.virus
HackTool.Win32.Gendows, Backdoor.MSIL, Trojan.Win32.Fsysna
60.00%

Fortinet FortiGate
W32/AutoRun.BSY, W32/FrauDrop.ACDKC!tr, W32/Fsysna.EJL!tr
60.00%

AVG
Generic9_c, Dropper.Generic9, Generic35
60.00%

Kaspersky
HEUR:Trojan.Win32.Generic, Trojan.MSIL.Agent, Trojan.Win32.Fsysna
60.00%

Emsisoft Anti-Malware
Gen:Variant.Strictor.49801, Gen:Variant.Kazy.296255, Gen:Variant.Kazy.306876
60.00%

The domain s2.sfcdn.in has been seen to resolve to the following 2 IP addresses.

July 21, 2016

lh25632.voxility.net
January 23, 2014

File downloads found at URLs served by s2.sfcdn.in.

The following file have been seen to comunicate with s2.sfcdn.in in live environments.

URL:
http://s2.sfcdn.in/

Web server:
nginx