home

sdance.su

Private Person  (Proxy Registrant)

Domain Information

The domain sdance.su is registered by proxy through RUCENTER-REG-FID and was originally registered in April of 2012. Currently this domain has been known to host various forms of malware. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
RUCENTER-REG-FID

Server location:
Moscow City, Russia (RU)

Create date:
Thursday, April 5, 2012

Expires date:
Tuesday, April 5, 2016

ASN:
AS48287 RU-SERVICE-AS RU-SERVICE Ltd,RU

Whois:
1 sdance.su record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

MicroWorld eScan
Trojan.GenericKD.2260781, Trojan.GenericKD.2262459
100.00%

K7 AntiVirus
Trojan , Trojan-Downloader
100.00%

Bitdefender
Trojan.GenericKD.2260781, Trojan.GenericKD.2262459
100.00%

Kaspersky
Trojan-Dropper.Win32.Sysn, Trojan-Downloader.Win32.Genome
100.00%

Lavasoft Ad-Aware
Trojan.GenericKD.2260781, Trojan.GenericKD.2262459
100.00%

Sophos
Troj/DarkCom-Z, Troj/Agent-AMJN
100.00%

F-Secure
Trojan.Delf.QDR, Trojan-Downloader:W32/Onkods.A
100.00%

Emsisoft Anti-Malware
Trojan.GenericKD.2260781, Trojan.GenericKD.2262459
100.00%

G Data
Trojan.GenericKD.2260781, Trojan.GenericKD.2262459
100.00%

ESET NOD32
Win32/Injector.BXGJ (variant), Win32/TrojanDownloader.Tiny.NLQ (variant)
100.00%

Panda Antivirus
Generic Suspicious, Trj/CI.A
100.00%

AVG
BackDoor.Ircbot, Downloader.Generic14
100.00%

nProtect
Trojan.GenericKD.2262459
50.00%

Quick Heal
TrojanDownloader.gen.r4
50.00%

McAfee
RDN/Generic Downloader.x!nd
50.00%

The domain sdance.su has been seen to resolve to the following 3 IP addresses.

93.183.204.25
May 20, 2016

109.70.26.37
expirepages-kiae-1.nic.ru
April 12, 2016

194.85.61.76
expirepages-kiae-2.nic.ru
April 12, 2016

File downloads found at URLs served by sdance.su.

32 / 68    (PUP)
http://sdance.su/.../d.exe  (62b5382e51328836194273760b9a5bd3)

12 / 68    (Malware)
http://sdance.su/.../wrk.exe  (winsvc.exe)

The following 15 files have been seen to comunicate with sdance.su in live environments.

TCP » 109.70.26.37:80
online-guardian-v2.0.9.exe

TCP » 109.70.26.37:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 109.70.26.37:80
7eda.tmp.exe

TCP » 109.70.26.37:443
client.exe (ClientWrapper)

TCP » 194.85.61.76:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

TCP » 109.70.26.37:80
onlineguardian-v2.exe

TCP » 194.85.61.76:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

TCP » 194.85.61.76:80
7eda.tmp.exe

TCP » 109.70.26.37:993
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 109.70.26.37:80
oujzmdpj.exe

TCP » 109.70.26.37:9997
svchostupdate.exe

TCP » 109.70.26.37:80
UCBrowser.exe (by UCWeb)

TCP » 194.85.61.76:443
client.exe (ClientWrapper)

TCP » 109.70.26.37:443
injector.txt (Windows by Microsoft)

TCP » 109.70.26.37:80
online-guardian-v2.exe

TCP » 109.70.26.37:80
dsjrdhmsdoen.exe

TCP » 109.70.26.37:993
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 194.85.61.76:80
oujzmdpj.exe

URL:
http://sdance.su/

Web server:
nginx

0aautix21m.ru

2-flashadobe.ru

abandon-little.ru

amgone.ru

audiobookmaker.com

avallon2013.ru

beauty-mix-probe.ru

cheapsunday.ru

cowboyscale378.ru

epubkindle.com

feed-extend.ru

file-storemy.ru

fireprog.ru

genser-auto.ru

getfile-bs.ru

getfile-prosoft-one.ru

middle-loudly979.ru

moywot.ru

needright.ru

office-skachat.ru

press-set356.ru

programmibesplatno.ru

relisting.ru

roadshortway.ru

severalrecognize.ru

snowik.ru

softplaneta.ru

sysfilepro.ru

syspro-file.ru

tanjune.ru

30 of 35 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.