home

helper.sf-download.com

Domain Privacy Service FBO Registrant.  (Proxy Registrant)

Domain Information

The domain helper.sf-download.com is registered by proxy through DOMAIN.COM, LLC and was originally registered in December of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Berlin, Berlin within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
DOMAIN.COM, LLC

Server location:
Berlin, Germany (DE)

Create date:
Thursday, December 17, 2015

Expires date:
Sunday, December 17, 2017

Updated date:
Thursday, December 17, 2015

ASN:
AS24940 HETZNER-AS Hetzner Online GmbH,DE

Root domain:
sf-download.com

Whois:
1 sf-download.com record

Scanner detections:
Detections  (73% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Magicbit.Savefrom.Meta (L), PUP.SaveForm.Optional.Installer.Meta (L), (M), PUP.SaveForm.Optional (L)
90.91%

ESET NOD32
Win32/Magicbit.C potentially unwanted application, Win32/Magicbit.D potentially unwanted application
18.18%

Bkav FE
W32.HfsAdware
9.09%

Malwarebytes
PUP.Optional.OpenCandy
9.09%

K7 AntiVirus
Unwanted-Program
9.09%

ESET NOD32
Win32/Magicbit.A potentially unwanted
9.09%

AVG
Generic
9.09%

The domain helper.sf-download.com has been seen to resolve to the following IP address.

136.243.42.155
static.155.42.243.136.clients.your-server.de
February 13, 2016

File downloads found at URLs served by helper.sf-download.com.

0 / 68
http://helper.sf-download.com/.../SaveFromNetHelper-Setup.exe  (savefromnet-helper-setup.exe)

1 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=0616y&f=t&country=kz&ts=1454944308&s=b47e7549601c96aea4726e13906f84d955a5a008  (savefromnet-helper-setup.exe)

1 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=090216o&f=&country=th&ts=1456902664&s=7476e5c3ad0948e6d8c008f8d20ec8fbba05d71d  (mbsetup_helper-loader.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=th&ts=1456973880&s=e471508f70dba3fbe496d9b9b3d3030ef1b8f84a  (savefromnet-helper-setup.exe)

1 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=090216o&f=&country=sa&ts=1456864699&s=09edccb6161a42d4994440c9ebaef053272939ac  (mbsetup_helper-loader.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=tn&ts=1458434851&s=fb3c52530f22c801ab4d3a7677962294b26cd6a8  (savefromnet-helper-setup.exe)

1 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=090216o&f=&country=id&ts=1456204762&s=1886883e07707ea1eb044e608c23b396310e2075  (mbsetup_helper-loader.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=in&ts=1457420163&s=290b03ff6bc4b9b134e13d1b363338fc28e90549  (savefromnet-helper-setup.exe)

1 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316y&f=2&country=ru&ts=1459355977&s=8e4eb0bab20790edebda5158d45d5bd821f0ea55  (mbsetup_helper-loader.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=in&ts=1460006068&s=453468e586e012d781438761c47cf987cce57639  (savefromnet-helper-setup.exe)

5 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=0416o&f=&country=id&ts=1453533266&s=b540882aa824d8bb0aed765c00a06989f4153324  (mbsetup995.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=mx&ts=1460038983&s=e16b76cd8d6f23f305f6eb018a2b2512ae428fe8  (savefromnet-helper-setup.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../SaveFromNetHelper-Web-68077aba31-[373].exe  (savefromnethelper-web-8cf4d1779b-.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../SaveFromNetHelper-Web-1265918f73-[373].exe  (savefromnethelper-web-8cf4d1779b-.exe)

1 / 68      (Malware)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=in&ts=1458123997&s=46c20340915e52a3e7f8d7b36a0f2be95e3373cf  (savefromnet-helper-setup.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../SaveFromNetHelper-Web-e2baf585e1-[373].exe  (savefromnethelper-web-8cf4d1779b-.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../SaveFromNetHelper-Web-f7d031bbfb-[373].exe  (savefromnethelper-web-8cf4d1779b-.exe)

1 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=090216o&f=&country=id&ts=1456406371&s=4f8a0ff2c00f780fba1dba2c485b7169bc1a7044  (mbsetup_helper-loader.exe)

1 / 68      (Malware)
http://helper.sf-download.com/.../get.php?id=090216o&f=&country=in&ts=1455265230&s=b105c46679fe95eab29430fdac813cc84e529f62  (get.exe)

1 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=090216o&f=&country=id&ts=1456145902&s=a4284ee0a54bcce0dcf105cf40ae7d0ff2842cc5  (mbsetup_helper-loader.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../SaveFromNetHelper-Web-a4c61e754a-[308].exe  (savefromnethelper-web-8cf4d1779b-.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=ph&ts=1458626231&s=d0eed2819afac03f1d04a3943008874bf4302fe2  (savefromnet-helper-setup.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=id&ts=1460126565&s=7821278966a284293aa8c306a5fda08431ce5108  (savefromnet-helper-setup.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=in&ts=1459849016&s=8f8fc332cf6179d2a4b2975aad089e62f65fba7f  (savefromnet-helper-setup.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=br&ts=1459198040&s=85cdce80da1179630bf50b38873bd4e6df9d0d1c  (savefromnet-helper-setup.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=id&ts=1459474383&s=1c572d25a3a4b10345908b188985b5b266787367  (savefromnet-helper-setup.exe)

1 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316y&f=1&country=ru&ts=1457491926&s=3ad31eec821239b078b37391b585701939c2ea4e  (mbsetup_helper-loader.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=id&ts=1458726398&s=5af84ba30a72728864e58663d5570719af7a1e16  (savefromnet-helper-setup.exe)

1 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=090216o&f=&country=ng&ts=1456138327&s=85704e04bbbaadeb2925600d780efaeaa45852a6  (mbsetup_helper-loader.exe)

2 / 68      (PUP)
http://helper.sf-download.com/.../get.php?id=020316o&f=&country=in&ts=1459801213&s=16c570495d97a1d98b689d7eed53392c16cd0dc5  (savefromnet-helper-setup.exe)

 
Latest 30 of 94 download URLs

The following 78 files have been seen to comunicate with helper.sf-download.com in live environments.

TCP » 136.243.42.155:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 136.243.42.155:80
ws1a6e0da0.dat

TCP » 136.243.42.155:80
browser.exe (Yandex by YANDEX)

TCP » 136.243.42.155:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 136.243.42.155:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 136.243.42.155:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 136.243.42.155:80
ffgogogo.exe (ffgogogo by Mozilla)

TCP » 136.243.42.155:80
savefromnethelper-web-642b5b26e4-.exe

TCP » 136.243.42.155:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 136.243.42.155:80
browser.exe (Yandex by YANDEX)

TCP » 136.243.42.155:80
savefromnethelper-web-6e428ee390.exe (by SaveFrom.net)

TCP » 136.243.42.155:80
AdxEngine.exe (MPC AdCleaner by DotC United Inc)

TCP » 136.243.42.155:80
savefromnethelper-web-56bb1ba70f-307.exe (by SaveFrom.net)

TCP » 136.243.42.155:80
savefromnethelper-web-ef178ea141.exe

TCP » 136.243.42.155:80
savefromnethelper-web-a7de26c634-307.exe (by SaveFrom.net)

TCP » 136.243.42.155:80
savefromnethelper-web-loader.exe (by SaveFrom.net)

TCP » 136.243.42.155:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 136.243.42.155:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 136.243.42.155:80
savefromnethelper-web-8097c47386.exe

TCP » 136.243.42.155:443
e049a77f2fc23085cb95666a71d8f260.exe

 
Latest 20 of 119 files

URL:
http://helper.sf-download.com/

Web server:
nginx (PHP/5.4.45)

sf-addon.com

sf-helper.com

sf-helper.net

ummyconverter.com

ummydownloader.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.