The domain s2.sfcdn.in registered by Zettly HB was initially registered in May of 2012 through Enom Inc. (R46-AFIN). Currently this domain has been known to host various forms of malware. The hosted servers are located in Bucharest, Bucuresti within Romania which resides on the RIPE Network Coordination Centre network.
Enom Inc. (R46-AFIN)
Bucuresti, Romania (RO)
Wednesday, May 30, 2012
Saturday, May 30, 2015
Wednesday, April 30, 2014
AS39743 VOXILITY-AS Voxility S.R.L.,RO
Malware distribution (67% detected)
Win32:PUP-gen [PUP], MSIL:GenMalicious-IW [Trj], MSIL:GenMalicious-L [Trj]
Trojan.Win32.Click.cqokrx, Trojan.Win32.FrauDrop.cwkwaq, Trojan.Win32.Fsysna.crnaos
HackTool.Gendows (Not a Virus), TrojanDropper.FrauDrop.r3, Trojan.Fsysna.r3
Artemis!3976BD5FCBB7, Artemis!CC1F2C1508A4, Artemis!96280F494DA7
Suspicious_Gen4.DEDBN, Gen:Variant.Kazy.296255, Troj_Generic.RRANV
HackTool.WinActivator, Trojan.DR.FrauDrop, Trojan.Fsysna
McAfee Web Gateway
Artemis!3976BD5FCBB7, Artemis!Trojan, BehavesLike.Win32.Trojan.dc
Microsoft Security Essentials
HackTool:Win32/Gendows, Backdoor:MSIL/Bladabindi, Threat.Undefined
HackTool.Win32.Gendows, Backdoor.MSIL, Trojan.Win32.Fsysna
W32/AutoRun.BSY, W32/FrauDrop.ACDKC!tr, W32/Fsysna.EJL!tr
Generic9_c, Dropper.Generic9, Generic35
HEUR:Trojan.Win32.Generic, Trojan.MSIL.Agent, Trojan.Win32.Fsysna
The domain s2.sfcdn.in has been seen to resolve to the following 2 IP addresses.
January 23, 2014
File downloads found at URLs served by s2.sfcdn.in.
The following file have been seen to comunicate with s2.sfcdn.in in live environments.