home

s2.sfcdn.in

Zettly HB

Domain Information

The domain s2.sfcdn.in registered by Zettly HB was initially registered in May of 2012 through Enom Inc. (R46-AFIN). Currently this domain has been known to host various forms of malware. The hosted servers are located in Bucharest, Bucuresti within Romania which resides on the RIPE Network Coordination Centre network.
Registrar:
Enom Inc. (R46-AFIN)

Server location:
Bucuresti, Romania (RO)

Create date:
Wednesday, May 30, 2012

Expires date:
Saturday, May 30, 2015

Updated date:
Wednesday, April 30, 2014

ASN:
AS39743 VOXILITY-AS Voxility S.R.L.,RO

Root domain:
sfcdn.in

Whois:
2 sfcdn.in records

Scanner detections:
Malware distribution  (67% detected)

Scan engine
Details
Detections

avast!
Win32:PUP-gen [PUP], MSIL:GenMalicious-IW [Trj], MSIL:GenMalicious-L [Trj]
80.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
80.00%

NANO AntiVirus
Trojan.Win32.Click.cqokrx, Trojan.Win32.FrauDrop.cwkwaq, Trojan.Win32.Fsysna.crnaos
60.00%

Quick Heal
HackTool.Gendows (Not a Virus), TrojanDropper.FrauDrop.r3, Trojan.Fsysna.r3
60.00%

McAfee
Artemis!3976BD5FCBB7, Artemis!CC1F2C1508A4, Artemis!96280F494DA7
60.00%

Norman
Suspicious_Gen4.DEDBN, Gen:Variant.Kazy.296255, Troj_Generic.RRANV
60.00%

Agnitum Outpost
HackTool.WinActivator, Trojan.DR.FrauDrop, Trojan.Fsysna
60.00%

Sophos
W32/AutoRun-BSY, Mal/Generic-S
60.00%

Comodo Security
ApplicUnwnt.Win32.HackTool.WinActivator.~A, UnclassifiedMalware
60.00%

Microsoft Security Essentials
HackTool:Win32/Gendows, Backdoor:MSIL/Bladabindi, Threat.Undefined
60.00%

IKARUS anti.virus
HackTool.Win32.Gendows, Backdoor.MSIL, Trojan.Win32.Fsysna
60.00%

Fortinet FortiGate
W32/AutoRun.BSY, W32/FrauDrop.ACDKC!tr, W32/Fsysna.EJL!tr
60.00%

AVG
Generic9_c, Dropper.Generic9, Generic35
60.00%

Kaspersky
HEUR:Trojan.Win32.Generic, Trojan.MSIL.Agent, Trojan.Win32.Fsysna
60.00%

Emsisoft Anti-Malware
Gen:Variant.Strictor.49801, Gen:Variant.Kazy.296255, Gen:Variant.Kazy.306876
60.00%

The domain s2.sfcdn.in has been seen to resolve to the following 2 IP addresses.

8.5.1.32
July 21, 2016

37.221.163.214
lh25632.voxility.net
January 23, 2014

File downloads found at URLs served by s2.sfcdn.in.

8 / 68      (Malware)
http://s2.sfcdn.in/Njc1ZDFhZjRmN2Y2NjBhMjY4YzhkNDEzOTRhZWU0N2QyZDkyNjRjZToxVmoxNDc6bEU0X0dDR1FKOTZ3N2hLMTRvd1RCaVRwcEdV/.../update.exe  (hdrmcshrzzmzbxj.exe)

23 / 68    (Malware)
http://s2.sfcdn.in/NTA5NjYyYzA3ZDZlMzkzMjBiNTYzMmExODJlMTU5NTljYWQzNjlmZjoxVmxvODY6V3J2a0pGQ0tfdnlWQVhlS2h2N0JZLUptcm9z/.../internet.exe  (kgtpfvkuddpcdzm.exe)

34 / 68    (Malware)
http://s2.sfcdn.in/NjI4MWE0YWRkODJmMjk1MmZjZTg4Y2Q2NmMzM2E5ZDdkMzRjODBkNjoxVm9DS1I6NUJ0TnFwN2tmTXFhTWM4OFlqUnhrM3NHazN3/.../google.exe  (iwkkibebeb.exe)

0 / 68
http://s2.sfcdn.in/ODY5MDNkYTlmYjE0MjE1NTIxMTFkMjVhMTAyMjlkYWYzM2I5MTdlMzoxV0ZxT0I6WnF1RHVOXzNvUWF5dHgyUFBEdmRmclJEdnBF/.../VRoot_1.7.3.4388_Setup.exe  (e83cf18f313d701feb67a81f2a6b27ad)

0 / 68
http://s2.sfcdn.in/MjZjZjU1YTQwY2IwMzA4NWNlOTNkNWNiZmY5NjAxZDQzOTU1ODEzMDoxV1RmRHo6bkIwOThRSUVjVGxXNHlXOGxfWTFhdllwNkpz/.../VRoot_1.7.3.4388_Setup.exe  (e83cf18f313d701feb67a81f2a6b27ad)

1 / 68
http://s2.sfcdn.in/ZGQxY2FmMjM1MWVjZGU0ODQ1MjMwOTJlZmRmMDlhMzYxYTIyZWFhYToxVmltR2E6YVcxV2x6a2F2Q1J4WHhnZFFrVG9SbVRwNEkw/.../3._Patch_IDM_6.18_Build_7_-_Majax31.exe  (patch idm 6.18 build 7.exe)

18 / 68    (PUP)
http://s2.sfcdn.in/MzUyZjRlYzQ1NzgwOGMxZWJkZTQwMzIwOTUyNzJlYmMyZWU0ZDY2OToxVnJZVUU6aHdMeXpqcjNhV2pIRktfYjNwdjBtY053aE80/.../Windows_Loader_v2.2.1.zip  (e4d0f51884fdae5b3c0ccc1e114f9f00)

The following file have been seen to comunicate with s2.sfcdn.in in live environments.

TCP » 8.5.1.32:80
chrome.crx

URL:
http://s2.sfcdn.in/

Web server:
nginx

soliddl.com

soliddl.net

1tvonline.net

baixegetit.net

iq8download.com

javdownloaderx.com

leetsoftware.com

registry-scan.org

tracktfilerme.com

typingreflex.com

vik1installer.com

yanghack.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.