home

app.dljquery.net

Whois protection, this company does not own this domain name s.r.o.

Domain Information

The domain app.dljquery.net registered by Whois protection, this company does not own this domain name s.r.o. was initially registered in January of 2016 through GRANSY S.R.O D/B/A SUBREG.CZ. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Loucovice, Jihocesky Kraj within Czech Republic which resides on the RIPE Network Coordination Centre network.
Registrar:
GRANSY S.R.O D/B/A SUBREG.CZ

Server location:
Jihocesky Kraj, Czech Republic (CZ)

Create date:
Monday, January 4, 2016

Expires date:
Wednesday, January 4, 2017

Updated date:
Monday, January 4, 2016

ASN:
AS60592 GRANSY Gransy s.r.o.,CZ

Root domain:
dljquery.net

Whois:
1 dljquery.net record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

MicroWorld eScan
Gen:Variant.Adware.AddLyrics.5, Gen:Variant.Adware.Graftor.131459, Gen:Variant.Adware.AddLyrics.4
100.00%

avast!
NSIS:Adware-LU [PUP]
100.00%

Bitdefender
Gen:Variant.Adware.AddLyrics.5, Gen:Variant.Adware.Graftor.131459, Gen:Variant.Adware.AddLyrics.4
100.00%

Lavasoft Ad-Aware
Gen:Variant.Adware.AddLyrics.5, Gen:Variant.Adware.Graftor.131459, Gen:Variant.Adware.AddLyrics.4
100.00%

Comodo Security
ApplicUnwnt, Application.Win32.AddLyrics.X
100.00%

F-Secure
Gen:Variant.Adware.AddLyrics.5, Gen:Variant.Adware.Graftor.131459, Gen:Variant.Adware.AddLyrics.4
100.00%

Dr.Web
Trojan.Lyrics.28, Trojan.Revizer.14, Trojan.Lyrics.53, Trojan.Revizer.12
100.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.AddLyrics, Gen:Variant.Adware.Graftor.131459
100.00%

G Data
Gen:Variant.Adware.AddLyrics, Gen:Variant.Adware.Graftor.131459
100.00%

Malwarebytes
PUP.Optional.AdLyrics, PUP.Optional.BHOInstaller.A
75.00%

NANO AntiVirus
Trojan.Win32.Lyrics.cqzdmv, Trojan.Win32.Revizer.cvlvqy, Trojan.Win32.Revizer.cutpsh
75.00%

VIPRE Antivirus
Trojan.Win32.Generic
75.00%

ESET NOD32
Win32/AdWare.AddLyrics (variant), Win32/AdWare.AddLyrics.AB
75.00%

IKARUS anti.virus
Win32.SuspectCrc, AdWare.AddLyrics
75.00%

Fortinet FortiGate
Riskware/AddLyrics
75.00%

The domain app.dljquery.net has been seen to resolve to the following 3 IP addresses.

185.28.193.192
192.193.28.185.gransy.com
June 7, 2016

31.170.178.179
June 7, 2016

23.253.76.160
March 3, 2016

File downloads found at URLs served by app.dljquery.net.

19 / 68    (PUP)
http://app.dljquery.net/apps/.../Buzz-it_2090-5290.exe  (aace17bee66e9f4807f451aaf3d6b1e5)

22 / 68    (PUP)
http://app.dljquery.net/apps/.../Buzz-it_2090-5290.exe  (5bace75a5549a707e4fdfaf601a02d01)

9 / 68      (PUP)
http://app.dljquery.net/apps/.../Buzz-it_2090-5290.exe  (086719a46dfd895f30ed876622a3f5cc)

21 / 68    (PUP)
http://app.dljquery.net/apps/.../Buzz-it_2090-5290.exe  (4d5d12357718a0ef382f2b4f9b775ccc)

The following 21 files have been seen to comunicate with app.dljquery.net in live environments.

TCP » 185.28.193.192:80
mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80
mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 185.28.193.192:80
winmbskillssvc.exe (MobinSkills Service by PT.USENET)

TCP » 185.28.193.192:80
triggerlogs.exe

TCP » 185.28.193.192:80
wdm.bin

TCP » 185.28.193.192:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 185.28.193.192:80
winmbtuscasvc.exe (MobinTusca Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian-v2.0.9.exe

TCP » 185.28.193.192:80
Downloader.exe (Downloader)

TCP » 185.28.193.192:80
onlineguardian-v2.exe

TCP » 185.28.193.192:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 185.28.193.192:80
d9re-markablep23.exe

TCP » 185.28.193.192:80
winzillsvc.exe (ModenZill Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian.exe

TCP » 185.28.193.192:80
online-guardian-v2.exe

TCP » 185.28.193.192:80
update.exe (by Winner Updater Solutions)

TCP » 185.28.193.192:80
windilandsvc.exe (ModinLand Service by PT.USENET)

TCP » 185.28.193.192:80
windihepssvc.exe (ModinHeps Service by PT.USENET)

TCP » 185.28.193.192:80
windimixsvc.exe (ModinMix Service by PT.USENET)

TCP » 185.28.193.192:8000
buool.exe (LgGJSHMt)

 
Latest 20 of 21 files

URL:
http://app.dljquery.net/

Web server:
nginx

always-wind.xyz

any-unix.xyz

app-match.xyz

bar-best.xyz

birdieu.xyz

birdle.xyz

contextdiscount.xyz

contract-your.xyz

creatorhelpusa.xyz

dog-clock-north.xyz

downloader-toolbar.info

downloads-toolbar.info

fajdmr.com

fastwindowlink.xyz

find-laboratory.xyz

findermultiple.xyz

firmproviders.xyz

fleshplayers.xyz

forceaggregator.xyz

forcefinaljob.xyz

goodgrab.xyz

groupparent.xyz

job-version-ios.xyz

masterests.xyz

muchotorrente.com

mysticed.xyz

north-system.xyz

operatorteam.xyz

position-title.xyz

sendard.xyz

30 of 37 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.