home

es.afterdawn.com

AfterDawn Oy

Domain Information

The domain es.afterdawn.com registered by AfterDawn Oy was initially registered in March of 1999 through CSL COMPUTER SERVICE LANGENBACH GMBH D/B/A JOKER.COM. This domain has been seen distributing various forms of adware (some being very aggressive) directly or via bundled installations. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher AfterDawn who is located in Oulu, Finland.
Registrar:
CSL COMPUTER SERVICE LANGENBACH GMBH D/B/A JOKER.COM

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Wednesday, March 31, 1999

Expires date:
Sunday, March 31, 2019

Updated date:
Tuesday, February 11, 2014

ASN:
AS16265 LEASEWEB LeaseWeb B.V.

Root domain:
afterdawn.com

Whois:
2 afterdawn.com records

Scanner detections:
Adware distribution

Scan engine
Details
Detections

ViRobot
Trojan.Win32.A.Zbot.3389035, JS.A.Iframe.818001
50.00%

Vba32 AntiVirus
suspected of Archive.MailBomb
25.00%

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
25.00%

XVirus List
Win.Detected
25.00%

Reason Heuristics
PUP.Bundler.Meta (M)
25.00%

ESET NOD32
Win32/Adware.ADON
25.00%

Trend Micro House Call
TROJ_GEN.F47V0726
25.00%

ESET NOD32
Detection.Undefined
25.00%

Clam AntiVirus
Win.Trojan.Agent-953871
25.00%

Avira AntiVirus
TR/Patched.Gen
25.00%

The domain es.afterdawn.com has been seen to resolve to the following IP address.

62.212.68.41
varnish.afterdawn.net
February 5, 2014

File downloads found at URLs served by es.afterdawn.com.

0 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=106012&software_id=871&mirror_id=27873&installer=0&perion=0&air_installer=0  (hamachi.msi)

3 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=107574&software_id=771&mirror_id=0&installer=0&perion=0&air_installer=0  (uTorrent.exe)

0 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=104733&software_id=2070&mirror_id=0&installer=0&perion=0&air_installer=0  (updateinstaller.exe)

0 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=102510&software_id=1231&mirror_id=26572&installer=0&perion=0&air_installer=0  (minilyrics.7.7.49.sanet.me.exe)

0 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=1286&software_id=382&mirror_id=0&installer=0  (vobsub_2.23.exe)

0 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=16158&software_id=514&mirror_id=0&installer=0&perion=0&air_installer=0  (emule049c.exe)

5 / 68      (PUP)
http://es.afterdawn.com/programas/.../download.cfm?version_id=25708&software_id=514&mirror_id=0&installer=0&perion=0&air_installer=0  (emule0.50a-installer.exe)

2 / 68      (inconclusive)
http://es.afterdawn.com/programas/.../download.cfm?version_id=33897&software_id=3430&mirror_id=0&installer=0&perion=0&air_installer=0  (unlocker1.9.1-x64.exe)

0 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=66342&software_id=858&mirror_id=0&installer=0&perion=0&air_installer=0  (1471158_stp.exe)

0 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=108769&software_id=2070&mirror_id=0&installer=0&perion=0&air_installer=0  (ws1b311e40.dat)

0 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=74337&software_id=983&mirror_id=0&installer=0&perion=0  (winamp5666_lite_en-us.exe)

0 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=1647&software_id=753&mirror_id=0&installer=0&perion=0&air_installer=0  (nve-3.1.0.21.exe)

0 / 68
http://es.afterdawn.com/programas/general/.../hamachi?mirror_id=0&version_id=94536&software_id=871  (hamachi.msi)

1 / 68
http://es.afterdawn.com/programas/.../download.cfm?version_id=60312&software_id=706&mirror_id=0  (folder2iso20.exe)

The following 3 files have been seen to comunicate with es.afterdawn.com in live environments.

TCP » 62.212.68.41:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 62.212.68.41:80
e049a77f2fc23085cb95666a71d8f260.exe

TCP » 62.212.68.41:80
bs_disguise_folders.exe

URL:
http://es.afterdawn.com/

Google Analytics:
UA-2099875

Title:
“AfterDawn: Descarga de programas”

Description:
“Descarga programas gratis en AfterDawn - Limpios y sin virus!”

download.fi

blasteroids.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.