home

sf-apps.com

Domain Privacy Service FBO Registrant.  (Proxy Registrant)

Domain Information

The domain sf-apps.com is registered by proxy through DOMAIN.COM, LLC and was originally registered in April of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in London, England within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
DOMAIN.COM, LLC

Server location:
England, United Kingdom (GB)

Create date:
Tuesday, April 14, 2015

Expires date:
Friday, April 14, 2017

Updated date:
Saturday, August 8, 2015

ASN:
AS13213 UK2NET-AS UK2 - Ltd,GB

Whois:
1 sf-apps.com record

Scanner detections:
Detections  (87% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SaveForm.Optional.Installer.Meta (L), PUP.Magicbit.Downloader.Installer.Meta (M), PUP.OpenCandy.Installer (L), PUP.Magicbit.Downloader (M)
77.78%

AVG
OpenCandy, Generic
40.74%

ESET NOD32
Win32/OpenCandy.C potentially unsafe application, Detection.Undefined, Win32/Magicbit.A potentially unwanted application, Win32/Magicbit.D potentially unwanted application
29.63%

Dr.Web
Threat.Undefined, Adware.OpenCandy.116, Adware.OpenCandy.137
25.93%

herdProtect (fuzzy)
a variant of 87c9032edc09370a9589041dd5f929e5c3c5029e, a variant of 9f64165e613b268ad26e8fefaab5b2c7d4303961, a variant of 42a4bd44f2669b2bf5a5537c6dff9829117bf780
11.11%

ESET NOD32
Win32/OpenCandy.C potentially unsafe (variant)
11.11%

Trend Micro House Call
Suspicious_GEN.F47V0508, Suspicious_GEN.F47V0519
7.41%

McAfee
Artemis!617BAE82D235, Artemis!AA2605313129
7.41%

Baidu Antivirus
Adware.Win32.OpenCandy
7.41%

Bkav FE
W32.HfsAdware
7.41%

Fortinet FortiGate
Riskware/OpenCandy
3.70%

Rising Antivirus
PE:Trojan.Win32.SpeedingUpMyPC.a!1075357520
3.70%

Agnitum Outpost
Riskware.Agent
3.70%

G Data
Win32.Application.OpenCandy
3.70%

VIPRE Antivirus
Threat.4792085
3.70%

The domain sf-apps.com has been seen to resolve to the following IP address.

46.23.65.197
europe-20.banahosting.com
August 13, 2015

File downloads found at URLs served by sf-apps.com.

0 / 68
http://sf-apps.com/.../UmmyVideoDownloader_setup.exe  (6265d8bcc8852b13095cbee0722027b4)

1 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_0502&f=base&country=et  (ummyvideodownloader_setup.exe)

1 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_0502&f=base&country=ph  (ummyvideodownloader_setup.exe)

3 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2&f=base&country=rs  (ummyvideodownloader_setup.exe)

1 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2&f=base&country=bg  (ummyvideodownloader.exe)

1 / 68      (PUP)
http://sf-apps.com/helper/.../get.php?id=ya&f=base&country=tr  (tmpf1f3.exe)

2 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2&f=base&country=ke  (ummyvideodownloader.exe)

1 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2&f=base&country=ni  (ummyvideodownloader.exe)

1 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_1901&f=base&country=ni  (ummyvideodownloader_setup.exe)

3 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_0502&f=base&country=ni  (mbsetup_uvd-loader.exe)

1 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=default&f=&country=my  (mbsetup_uvd-loader.exe)

2 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2&f=base&country=uy  (ummyvideodownloader.exe)

2 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=ya_2&f=exp1&country=am  (ummyvideodownloader.exe)

2 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2203&f=base&country=iq  (mbsetup_uvd-loader.exe)

4 / 68      (PUP)
http://sf-apps.com/helper/.../get.php?id=oc&f=&country=in  (savefromnet-helper-setup.exe)

4 / 68      (PUP)
http://sf-apps.com/helper/.../get.php?id=oc_gp&f=&country=in  (tmp432e.exe)

5 / 68      (PUP)
http://sf-apps.com/helper/.../get.php?id=oc_gp&f=&country=at  (tmp2b4d.exe)

3 / 68      (PUP)
http://sf-apps.com/helper/.../get.php?id=oc&f=&country=bh  (tmpcbb7.exe)

1 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=ya_tr_0502&f=base&country=tr  (mbsetup_uvd-loader.exe)

6 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc&f=base&country=nz  (ummyvideodownloader.exe)

4 / 68      (PUP)
http://sf-apps.com/helper/.../get.php?id=oc&f=&country=jo  (tmpd845.exe)

6 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc&f=base&country=si  (ummyvideodownloader.exe)

1 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2&f=base&country=tz  (ummyvideodownloader.exe)

1 / 68      (PUP)
http://sf-apps.com/helper/.../get.php?id=ya&f=base&country=ge  (tmpf1f3.exe)

1 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2&f=base&country=kw  (ummyvideodownloader.exe)

2 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2&f=base&country=af  (ummyvideodownloader.exe)

1 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2&f=base&country=iq  (ummyvideodownloader.exe)

3 / 68      (PUP)
http://sf-apps.com/ummy/.../get.php?id=oc_2&f=base&country=bo  (ummyvideodownloader_setup.exe)

0 / 68
http://sf-apps.com/helper/.../get.php?id=oc2&f=oc&country=in  (tmpd2b7.exe)

1 / 68      (PUP)
http://sf-apps.com/helper/.../get.php?id=ya&f=base&country=az  (tmpf1f3.exe)

 
Latest 30 of 1,122 download URLs

The following 20 files have been seen to comunicate with sf-apps.com in live environments.

TCP » 46.23.65.197:80
ummyvd-web-loader-.exe

TCP » 46.23.65.197:80
ummyvd-web-loader.exe

TCP » 46.23.65.197:80
ummyvd-web-loader.exe

TCP » 46.23.65.197:80
ummyvd-web-loader-110.exe

TCP » 46.23.65.197:80
ummyvd-web-loader-110.exe

TCP » 46.23.65.197:80
uran.exe (Uran by uCoz Media and Chromium Authors)

TCP » 46.23.65.197:80
ummyvd-web-loader-[113-yt-apljdslxjks].exe

TCP » 46.23.65.197:80
ummyvc-web-loader.exe

TCP » 46.23.65.197:80
savefromnethelper-web-13d684de2d.exe

TCP » 46.23.65.197:80
savefromnethelper-web-3822855cf7.exe

TCP » 46.23.65.197:80
ummyvd-web-loader.exe

TCP » 46.23.65.197:80
savefromnethelper-web-8a890a1a0a-.exe

TCP » 46.23.65.197:80
savefromnethelper-web-95dc15467b-.exe

TCP » 46.23.65.197:80
ummyvd-web-loader-110.exe

TCP » 46.23.65.197:80
savefromnethelper-web-a51ff95026.exe

TCP » 46.23.65.197:80
savefromnethelper-web-c08eb68ead.exe

TCP » 46.23.65.197:80
savefromnethelper-web-0c33278988.exe

TCP » 46.23.65.197:80
ummyvd-web-loader-[148-yt-v_d4rrpabiw].exe

TCP » 46.23.65.197:80
ummyvd-web-loader-[148-yt-nzp_axebsfq].exe

TCP » 46.23.65.197:80
savefromnethelper-web-1f6ecf74b4-.exe

 
Latest 20 of 20 files

April 14, 2016
converter.sf-apps.com

URL:
http://sf-apps.com/

Title:
“SF Addon”

Web server:
nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.