home

sf-addon.com

Domain Privacy Service FBO Registrant.  (Proxy Registrant)

Domain Information

The domain sf-addon.com is registered by proxy through DOMAIN.COM, LLC and was originally registered in July of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Berlin, Berlin within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
DOMAIN.COM, LLC

Server location:
Berlin, Germany (DE)

Create date:
Friday, July 26, 2013

Expires date:
Wednesday, July 26, 2017

Updated date:
Sunday, April 12, 2015

ASN:
AS24940 HETZNER-AS Hetzner Online GmbH,DE

Whois:
3 sf-addon.com records

Scanner detections:
Detections  (64% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SaveForm.Optional.Installer.Meta (L), PUP.Magicbit.Savefrom.Meta (M), PUP.Magicbit.Downloader.Meta (M), PUP.Magicbit.Savefrom.Meta (L)
88.89%

ESET NOD32
Win32/OpenCandy.C potentially unsafe application, Win32/Magicbit.C potentially unwanted application, Win32/Magicbit.D potentially unwanted application
33.33%

AVG
OpenCandy, Generic
22.22%

Dr.Web
Threat.Undefined
11.11%

herdProtect (fuzzy)
a variant of 87c9032edc09370a9589041dd5f929e5c3c5029e
11.11%

The domain sf-addon.com has been seen to resolve to the following 3 IP addresses.

37.130.231.91
2582e75b.rdns.100tb.com
September 4, 2016

136.243.42.155
static.155.42.243.136.clients.your-server.de
December 7, 2015

146.185.29.11
mail.2iki.net
February 7, 2014

File downloads found at URLs served by sf-addon.com.

0 / 68
http://sf-addon.com/helper/app/.../octet-stream&D=SaveFromNet-Helper-Setup.exe  (7388e3d25a0299a66794d454d2c4cb34)

0 / 68
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-e0afb05424.exe  (898f0231b2fb0d3b258a2386f8eb6f09)

0 / 68
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-e3f8f1a9c7.exe  (0c34250eb5d2fbd8b391fe93ede1bbf1)

0 / 68
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-cd5b076376.exe  (c5045e88572cc4cee823d2373a626f4b)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-70000796c3-[312].exe  (ws1a6e0da0.dat)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-2e8c5350dd-[308].exe  (savefromnethelper-web-8cf4d1779b-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-d0e68cd675-[312].exe  (savefromnethelper-web-8cf4d1779b-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-6050ef3470.exe  (ws1a6e0da0.dat)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-cf4b7e8dfd-[360].exe  (savefromnethelper-web-8cf4d1779b-.exe)

4 / 68      (PUP)
http://sf-addon.com/helper/.../get.php?id=oc&f=&country=ae  (savefromnet-helper-setup.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-616df0fa1a-[350].exe  (savefromnethelper-web-8cf4d1779b-.exe)

1 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-5d4acdb1fe-[312].exe  (savefromnethelper-web-642b5b26e4-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-f47df41eb0-[308].exe  (savefromnethelper-web-7c8097d276-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-4c154f4094-[323].exe  (ws1a6e0da0.dat)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-68a461079c-[360].exe  (savefromnethelper-web-8cf4d1779b-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-65ef7ab0df-[308].exe  (savefromnethelper-web-8cf4d1779b-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-12532d85fc-[312].exe  (ws1a6e0da0.dat)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-c19e363b6d-[312].exe  (ws1a6e0da0.dat)

1 / 68      (PUP)
http://sf-addon.com/helper/.../get.php?id=2o&f=&country=sn  (tmp9701.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-780d19869f.exe  (savefromnethelper-web-7c8097d276-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-9fe03b3b35-[308].exe  (savefromnethelper-web-7c8097d276-.exe)

1 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-185e5c8e94.exe  (savefromnethelper-web-c59890c9ef-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-25cfe0d070-[360].exe  (savefromnethelper-web-7c8097d276-.exe)

1 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-8d5f88fd23-[360].exe  (savefromnethelper-web-760f80dab6-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-8e3580f6f9.exe  (savefromnethelper-web-8cf4d1779b-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-b5f0242f15-[360].exe  (ws1a6e0da0.dat)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-ebf15b7157-[360].exe  (savefromnethelper-web-7c8097d276-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-07cfaf08b5-[373].exe  (savefromnethelper-web-8cf4d1779b-.exe)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-7108e807b5-[312].exe  (ws1a6e0da0.dat)

2 / 68      (PUP)
http://sf-addon.com/helper/.../SaveFromNetHelper-Web-2b6cd3f57b-[308].exe  (savefromnethelper-web-8cf4d1779b-.exe)

 
Latest 30 of 10,097 download URLs

The following 173 files have been seen to comunicate with sf-addon.com in live environments.

TCP » 136.243.42.155:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 37.130.231.91:80
browser.exe (Yandex by YANDEX)

TCP » 136.243.42.155:80
ws1a6e0da0.dat

TCP » 37.130.231.91:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 136.243.42.155:80
browser.exe (Yandex by YANDEX)

TCP » 37.130.231.91:80
ws1a6e0da0.dat

TCP » 136.243.42.155:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 136.243.42.155:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 136.243.42.155:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 37.130.231.91:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 136.243.42.155:80
ffgogogo.exe (ffgogogo by Mozilla)

TCP » 136.243.42.155:80
savefromnethelper-web-642b5b26e4-.exe

TCP » 37.130.231.91:80
AdMunch.exe (Ad Muncher by Murray Hurps Software Pty)

TCP » 136.243.42.155:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 37.130.231.91:80
AdxEngine.exe (MPC AdCleaner by DotC United Inc)

TCP » 136.243.42.155:80
browser.exe (Yandex by YANDEX)

TCP » 136.243.42.155:80
savefromnethelper-web-6e428ee390.exe (by SaveFrom.net)

TCP » 37.130.231.91:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 37.130.231.91:80
savefromnethelper-web-642b5b26e4-.exe

TCP » 37.130.231.91:80
savefromnethelper-web-d0bd049cdf.exe (by SaveFrom.net)

 
Latest 20 of 231 files

URL:
http://sf-addon.com/

Title:
“SF Addon”

SSL certificate subject:
E=webmaster@sf-addon.com, CN=*.sf-addon.com, O=Mikhail Samokhvalov, L=Saint Petersburg, S=Saint Petersburg City, C=RU

SSL certificate issuer:
CN=StartCom Class 2 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Web server:
nginx

Facebook:
Shares:  1
Comments:  13

Statistics above are for the previous month of October 2024.

sf-download.com

sf-helper.com

sf-helper.net

ummyconverter.com

ummydownloader.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.