home

www.download.fi

Domain Information

This domain is owned and operated by AfterDawn.
Server location:
Virginia, United States (US)

ASN:
AS30633 LEASEWEB-US - Leaseweb USA, Inc.

Root domain:
download.fi

Registered by:
AfterDawn

Scanner detections:
Adware distribution

Scan engine
Details
Detections

ESET NOD32
Win32/InstallMonetizer.AF, Win32/OpenCandy (variant), Win32/OpenCandy.A potentially unsafe (variant), Win32/OpenCandy.C potentially unsafe (variant)
50.00%

Reason Heuristics
PUP.InstallMonetizer.Bundle (M), PUP.OpenCandy.Installer (L), PUP.Bundle.Toolbar (M)
50.00%

avast!
Win32:Evo-gen [Susp]
25.00%

Fortinet FortiGate
Riskware/OpenCandy
25.00%

Trend Micro House Call
Suspicious_GEN.F47V0413
25.00%

G Data
Win32.Application.Dealply
25.00%

Dr.Web
Adware.Toolbar.576
25.00%

Rising Antivirus
PE:Trojan.Win32.SpeedingUpMyPC.a!1075357520
25.00%

Baidu Antivirus
Adware.Win32.OpenCandy
25.00%

ESET NOD32
Detection.Undefined, Win32/Bundled.Toolbar.Google.D potentially unsafe application
25.00%

Emsisoft Anti-Malware
Gen:Variant.Graftor.66610
12.50%

Clam AntiVirus
Win.Trojan.Agent-953871
12.50%

Avira AntiVirus
TR/Patched.Gen
12.50%

Bkav FE
W32.HfsAtITA
12.50%

AegisLab AV Signature
Troj.W32.Agent
12.50%

The domain www.download.fi has been seen to resolve to the following 2 IP addresses.

62.212.68.41
varnish.afterdawn.net
February 5, 2014

108.59.5.145
varnish-us.afterdawn.net
February 2, 2014

File downloads found at URLs served by www.download.fi.

0 / 68
http://www.download.fi/.../download.cfm?version_id=59452&software_id=3758&mirror_id=0&installer=0&perion=0&air_installer=0  (install_flashplayer11x32_mssa_aih.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=98469&software_id=1336&mirror_id=0&installer=0&perion=0&air_installer=0  (java8latest.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=110697&software_id=633&mirror_id=0&installer=0&perion=0&air_installer=0  (7z1602.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=77694&software_id=571&mirror_id=21332&installer=0  (SkypeSetup.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=111577&software_id=8250&mirror_id=0&installer=0&perion=0&air_installer=0  (57b94adc_stp.exe)

0 / 68
http://www.download.fi/general/.../ffdshow64?mirror_id=0&version_id=88814&software_id=2523  (ffdshow_rev4533_20140929_clsid_x64.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=111321&software_id=1174&mirror_id=0&installer=0&perion=0&air_installer=0  (cdbxp_setup_4.5.7.6229_minimal.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=1706&software_id=813&mirror_id=0&installer=0&perion=0&air_installer=0  (install_msn_messenger.exe)

0 / 68
http://www.download.fi/general/.../excel_viewer_suomeksi?mirror_id=0&version_id=30027&software_id=3077  (excelviewer.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=104545&software_id=2721&mirror_id=0&installer=0&perion=0&air_installer=0  (spotifysetup.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=105110&software_id=2064&mirror_id=27536&installer=0&perion=0&air_installer=0  (teamspeak3-client-win32-3.0.18.2.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=80102&software_id=1934&mirror_id=0&installer=0  (avast_free_antivirus_setup.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=15684&software_id=2039&mirror_id=0&installer=0&perion=0  (file_recovery.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=24544&software_id=1592&mirror_id=0&installer=0&perion=0&air_installer=0  (Setup_MagicISO.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=111597&software_id=612&mirror_id=29736&installer=0&perion=0&air_installer=0  (bitcomet_1.41_x86_setup.exe)

2 / 68
http://www.download.fi/.../download.cfm?version_id=111421&software_id=789&mirror_id=0&installer=0&perion=0&air_installer=0  (ccsetup519.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=106459&software_id=3278&mirror_id=28051&installer=0&perion=0&air_installer=0  (install_virtualdj_pc_v8.1.2587.msi)

3 / 68
http://www.download.fi/general/.../utorrent?mirror_id=0&version_id=106565&software_id=771  (uTorrent.exe)

0 / 68
http://www.download.fi/general/.../xnview?mirror_id=0&version_id=110276&software_id=1079  (xnview-win.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=110630&software_id=3455&mirror_id=29416&installer=0&perion=0&air_installer=0  (freemakevideoconverterfull.exe_1)

0 / 68
http://www.download.fi/.../download.cfm?version_id=79941&software_id=529&mirror_id=0&installer=0  (opera_20.0.1387.91_setup.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=107987&software_id=680&mirror_id=28560&installer=0&perion=0&air_installer=0  (avg_antivirus_free_x86_694.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=57594&software_id=945&mirror_id=0&installer=0&perion=0&air_installer=0  (3dmark06_v121_installer.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=101499&software_id=680&mirror_id=26270&installer=0&perion=0&air_installer=0  (avg_free_x86_all_2015_ltst_222.exe)

8 / 68      (false positives)
http://www.download.fi/.../download.cfm?version_id=106115&software_id=2371&mirror_id=0&installer=0&perion=0&air_installer=0  (freeyoutubetomp3converter.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=110229&software_id=783&mirror_id=0&installer=0&perion=0&air_installer=0  (avast_free_antivirus_setup.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=64429&software_id=6135&mirror_id=0&installer=0&perion=0&air_installer=0  (alt-cda-mp3-setup.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=110117&software_id=829&mirror_id=0&installer=0&perion=0&air_installer=0  (mediacoder-0.8.43.5830.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=91481&software_id=603&mirror_id=0&installer=0&perion=0  (firefox setup 34.0b11.exe)

0 / 68
http://www.download.fi/.../download.cfm?version_id=104685&software_id=603&mirror_id=27322&installer=0&perion=0&air_installer=0  (firefox setup 41.0.2.exe)

 
Latest 30 of 454 download URLs

The following 3 files have been seen to comunicate with www.download.fi in live environments.

TCP » 62.212.68.41:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 62.212.68.41:80
e049a77f2fc23085cb95666a71d8f260.exe

TCP » 62.212.68.41:80
bs_disguise_folders.exe

afterdawn.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.