home

nl.afterdawn.com

AfterDawn Oy

Domain Information

The domain nl.afterdawn.com registered by AfterDawn Oy was initially registered in March of 1999 through CSL COMPUTER SERVICE LANGENBACH GMBH D/B/A JOKER.COM. This domain has been seen distributing various forms of adware (some being very aggressive) directly or via bundled installations. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher AfterDawn who is located in Oulu, Finland.
Registrar:
CSL COMPUTER SERVICE LANGENBACH GMBH D/B/A JOKER.COM

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Wednesday, March 31, 1999

Expires date:
Sunday, March 31, 2019

Updated date:
Tuesday, February 11, 2014

ASN:
AS16265 LEASEWEB LeaseWeb B.V.

Root domain:
afterdawn.com

Whois:
2 afterdawn.com records

Scanner detections:
Adware distribution

Scan engine
Details
Detections

Reason Heuristics
PUP.MusicLab.M, PUP.Installer.Perion.T, PUP.Optional.Musiclab.Installer, PUP.OpenCandy.Installer (L), PUP.chenjunhao.Installer (M)
58.33%

ESET NOD32
MSIL/AdvancedSystemProtector, Win32/OpenCandy, Win32/OpenCandy.C potentially unsafe (variant), Win32/Toptools.A potentially unwanted (variant), Win32/OpenCandy.A potentially unsafe (variant)
41.67%

Dr.Web
Adware.OpenCandy.7, Adware.IncrediMail.14, Adware.IncrediMail.36, Program.Unwanted.603, Adware.Toolbar.576
41.67%

Trend Micro House Call
Suspicious_GEN.F47V0815, Suspicious_GEN.F47V0413
16.67%

AVG
OpenCandy, Generic
16.67%

IKARUS anti.virus
not-a-virus:AdWare.Win32.Mostofate.j, PUA.OpenCandy
16.67%

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen, QVM06.1.Malware.Gen
16.67%

Fortinet FortiGate
Riskware/OpenCandy
16.67%

Rising Antivirus
PE:Malware.RDM.34!5.28[F1], PE:Trojan.Win32.SpeedingUpMyPC.a!1075357520
16.67%

McAfee
Artemis!A1630F4BDF5C
8.33%

Kaspersky
Trojan-Banker.Win32.ChePro
8.33%

Agnitum Outpost
Trojan.Kryptik
8.33%

Bkav FE
W32.HfsAdware
8.33%

Zillya! Antivirus
Adware.OutBrowse.Win32.64964
8.33%

Emsisoft Anti-Malware
Riskware.AdWare.Win32.Mostofate.j!IK
8.33%

The domain nl.afterdawn.com has been seen to resolve to the following IP address.

62.212.68.41
varnish.afterdawn.net
December 27, 2013

File downloads found at URLs served by nl.afterdawn.com.

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=26823&software_id=2854&mirror_id=0&installer=0&perion=0&air_installer=0  (fences_public.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=108515&software_id=858&mirror_id=0&installer=0&perion=0&air_installer=0  (aresregular240_installer.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=1286&software_id=382&mirror_id=0&installer=0&perion=0&air_installer=0  (vobsub_2.23.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=108660&software_id=1794&mirror_id=0&installer=0&perion=0&air_installer=0  (kodi-16.0-jarvis.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=96545&software_id=2620&mirror_id=0&installer=0&perion=0&air_installer=0  (w7inst142.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=44398&software_id=2483&mirror_id=0&installer=0&perion=0&air_installer=0  (altbinz_0.39.4.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=111412&software_id=3148&mirror_id=0&installer=0&perion=0&air_installer=0  (libreoffice_5.1.4_win_x86.msi)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=37073&software_id=2354&mirror_id=0&installer=0&perion=0&air_installer=0  (nero_kwikmedia-10.6.12200_free.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=65547&software_id=3329&mirror_id=19402&installer=0&perion=0&air_installer=0  (incredimailsetup_nl.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=89211&software_id=7444&mirror_id=0&installer=0&perion=0  (popcorn-time-0.3.4-setup.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=108233&software_id=3341&mirror_id=0&installer=0&perion=0&air_installer=0  (wrar531nl.exe)

4 / 68      (PUP)
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=9090&software_id=1580&mirror_id=0&installer=0&perion=0&air_installer=0  (mi2.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=105975&software_id=870&mirror_id=0&installer=0&perion=0&air_installer=0  (sketchupmake-en.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=78160&software_id=909&mirror_id=0&installer=0&perion=0&air_installer=0  (setup.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=110223&software_id=4066&mirror_id=0&installer=0&perion=0&air_installer=0  (torbrowser-install-5.5.5_nl.exe)

4 / 68      (PUP)
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=63320&software_id=724&mirror_id=18575&installer=0&perion=0&air_installer=0  (incredimailsetup.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=107418&software_id=10474&mirror_id=0&installer=0&perion=0&air_installer=0  (dws_lite_2.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=107572&software_id=7048&mirror_id=0&installer=0&perion=0&air_installer=0  (setup.exe)

1 / 68      (PUP)
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=57697&software_id=1580&mirror_id=0&installer=0&perion=0&air_installer=0  (bearsharev10.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=108229&software_id=1794&mirror_id=0&installer=0&perion=0&air_installer=0  (kodi-16.0-jarvis_rc3.exe)

1 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=104988&software_id=1794&mirror_id=0&installer=0&perion=0&air_installer=0  (kodi-15.2-isengard.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=32378&software_id=3262&mirror_id=0&installer=0&perion=0&air_installer=0  (spotnet1560.exe)

12 / 68    (PUP)
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=106597&software_id=2371&mirror_id=0&installer=0&perion=0&air_installer=0  (freeyoutubetomp3converter.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=85221&software_id=1222&mirror_id=0&installer=0&perion=0&air_installer=0  (mp3split.exe)

0 / 68
http://nl.afterdawn.com/downloads/algemeen/.../popcorn_time?mirror_id=0&version_id=102647&software_id=7444  (popcorn-time-0.3.8-3-setup.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=25654&software_id=2721&mirror_id=0&installer=0&perion=0&air_installer=0  (spotify installer.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=86679&software_id=3519&mirror_id=0&installer=0&perion=0&air_installer=0  (cdisplayexwin32v1.10.29.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=15732&software_id=584&mirror_id=0&installer=0&perion=0&air_installer=0  (autogordianknot.2.55.setup.exe)

0 / 68
http://nl.afterdawn.com/downloads/.../download.cfm?version_id=107212&software_id=2271&mirror_id=28354&installer=0&perion=0&air_installer=0  (hitmanpro.exe)

0 / 68
http://nl.afterdawn.com/downloads/algemeen/.../movie_maker_installer_win7?mirror_id=0&version_id=66335&software_id=2949  (wmminst_1.2.exe)

 
Latest 30 of 113 download URLs

The following 3 files have been seen to comunicate with nl.afterdawn.com in live environments.

TCP » 62.212.68.41:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 62.212.68.41:80
e049a77f2fc23085cb95666a71d8f260.exe

TCP » 62.212.68.41:80
bs_disguise_folders.exe

URL:
http://nl.afterdawn.com/

Google Analytics:
UA-2099875

Title:
“AfterDawn - Nieuws en software downloads”

Description:
“Laatste technologisch nieuws, handleidingen, product besprekingen en software downloads.”

Facebook:
Likes:  2
Shares:  6

Statistics are for the previous month.

download.fi

blasteroids.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.