home

cdn.zyczu.pl

Domain Information

Server location:
Mazowieckie, Poland (PL)

ASN:
AS42503 K2-AS K2 Internet S.A.

Root domain:
zyczu.pl

Scanner detections:
Malware distribution  (76% detected)

Scan engine
Details
Detections

Reason Heuristics
(M), Threat.Win.Reputation.IMP
86.84%

McAfee
Artemis!AF94B2D555D6, RDN/Generic.hra!bx, Artemis!EE0CFB150E00, Artemis!F84CB2DA7EB2, GenericR-DOI!A093BC926FF1
13.16%

Agnitum Outpost
Trojan.DR.Agent
13.16%

Avira AntiVirus
TR/Dropper.Gen, TR/Ranapama.AH
13.16%

MicroWorld eScan
Trojan.GenericKD.1618663, Trojan.Ranapama.AH, Trojan.GenericKD.1625202, Trojan.GenericKD.1620052
10.53%

nProtect
Trojan.GenericKD.1618663, Trojan.Ranapama.AH, Trojan.GenericKD.1625202, Trojan.GenericKD.1620052
10.53%

Trend Micro House Call
TROJ_GEN.F47V0221, TROJ_GEN.R0CBC0OE314, TROJ_GEN.F47V0329, TROJ_GEN.F47V0325
10.53%

Bitdefender
Trojan.GenericKD.1618663, Trojan.Ranapama.AH, Trojan.GenericKD.1625202, Trojan.GenericKD.1620052
10.53%

Lavasoft Ad-Aware
Trojan.GenericKD.1618663, Trojan.Ranapama.AH, Trojan.GenericKD.1625202, Trojan.GenericKD.1620052
10.53%

IKARUS anti.virus
Trojan.SuspectCRC, Trojan.Ranapama
10.53%

Emsisoft Anti-Malware
Trojan.GenericKD.1618663, Trojan.GenericKD.1625202, Trojan.GenericKD.1620052
7.89%

G Data
Trojan.GenericKD.1618663, Trojan.GenericKD.1625202, Trojan.GenericKD.1620052
7.89%

F-Secure
Trojan.Ranapama.AH, Trojan.GenericKD.1625202, Trojan.GenericKD.1620052
7.89%

K7 AntiVirus
Riskware
5.26%

ViRobot
Trojan.Win32.S.Agent.576004.C[h], Trojan.Win32.S.Agent.488452.A[h]
5.26%

The domain cdn.zyczu.pl has been seen to resolve to the following 6 IP addresses.

104.25.147.33
April 6, 2016

104.25.146.33
April 6, 2016

195.149.198.45
ocs-pl.oktawave.com
August 21, 2015

195.149.198.44
ocs-pl.oktawave.com
August 21, 2015

195.149.198.42
ocs-pl.oktawave.com
February 7, 2014

195.149.198.43
ocs-pl.oktawave.com
February 7, 2014

File downloads found at URLs served by cdn.zyczu.pl.

0 / 68
http://cdn.zyczu.pl/DokuCraft-Setup.exe  (efcb60a938d3fe04755e96d2bc1758ce)

0 / 68
http://cdn.zyczu.pl/MinecraftTextures/.../Defscape_64x_2.4.zip  (0b993f02eb1987149107a60782fbcbdf)

0 / 68
http://cdn.zyczu.pl/Defscape-Setup.exe  (7dd79f464a473573e72e401d4e9553b6)

13 / 68    (Malware)
http://cdn.zyczu.pl/Minecraft-Setup.exe  (af94b2d555d6958060c85bc486b74293)

0 / 68
http://cdn.zyczu.pl/download/.../MinecraftZyczu.exe  (1a097075b589c033821ebe824f044967)

6 / 68      (Malware)
http://cdn.zyczu.pl/Sphax-Setup.exe  (a093bc926ff1281e7d08a5da821d167f)

0 / 68
http://cdn.zyczu.pl/SimPackPVP_32x32.zip  (6fe9dbfdbbdaac70e20eed6f28349b51)

0 / 68
http://cdn.zyczu.pl/MinecraftTextures/.../Sphax_PureBDcraft_16x_MC16.zip  (b7fa7d73d421839a96eef581d95f03ee)

1 / 68      (Malware)
http://cdn.zyczu.pl/Faithful-Setup.exe  (d9cdb35d325fe2adcc7f2da76e095369)

0 / 68
http://cdn.zyczu.pl/MinecraftTextures/.../faithful32pack.zip  (faithful32pack_1_6_1.zip)

0 / 68
http://cdn.zyczu.pl/MinecraftTextures/.../DokuCraft_TSC_Dark.zip  (19cbb687891f1aab1189c5fd4d941125)

1 / 68      (Malware)
http://cdn.zyczu.pl/MinecraftTextures/.../Defscape_16x_2.4.zip  (464ddf72ba9e8a8d06febbf1754e0c9a)

1 / 68      (Malware)
http://cdn.zyczu.pl/MinecraftTextures/.../Gerudoku_Faithful.zip  (9638c5435c5388b0e89ace07196bf526)

13 / 68    (Malware)
http://cdn.zyczu.pl/CreativeOne-Setup.exe  (ee0cfb150e00ebaa474a4571a46c4986)

1 / 68      (Malware)
http://cdn.zyczu.pl/MinecraftTextures/.../Sphax_PureBDcraft_32x_MC16.zip  (aab44c35e573b1ff2b7db7acb5588fa3)

1 / 68      (Malware)
http://cdn.zyczu.pl/.../setup.exe  (9b57847fa31e3f1174fdaadfbe0ed7cc)

The following 2 files have been seen to comunicate with cdn.zyczu.pl in live environments.

TCP » 195.149.198.44:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 195.149.198.43:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 195.149.198.42:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 195.149.198.45:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 195.149.198.44:80
UCBrowser.exe (UC Browser by UCWeb)

oktawave.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.