home

dl.fajdmr.com

Whois protection, this company does not own this domain name s.r.o.

Domain Information

The domain dl.fajdmr.com registered by Whois protection, this company does not own this domain name s.r.o. was initially registered in January of 2016 through GRANSY S.R.O D/B/A SUBREG.CZ. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Loucovice, Jihocesky Kraj within Czech Republic which resides on the RIPE Network Coordination Centre network.
Registrar:
GRANSY S.R.O D/B/A SUBREG.CZ

Server location:
Jihocesky Kraj, Czech Republic (CZ)

Create date:
Sunday, January 24, 2016

Expires date:
Tuesday, January 24, 2017

Updated date:
Sunday, January 24, 2016

ASN:
AS60592 GRANSY Gransy s.r.o.,CZ

Root domain:
fajdmr.com

Whois:
1 fajdmr.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Solimba.FIRSERIA.Bundler (M)
100.00%

The domain dl.fajdmr.com has been seen to resolve to the following 3 IP addresses.

31.170.178.179
August 7, 2016

185.28.193.192
192.193.28.185.gransy.com
August 7, 2016

23.253.76.160
January 31, 2016

File downloads found at URLs served by dl.fajdmr.com.

1 / 68      (Adware)
http://dl.fajdmr.com/n/.../PowerPlugs Transitions for PowerPoint.exe  (f6f1eec9543c936eb7d6c16227faa18e)

1 / 68      (Adware)
http://dl.fajdmr.com/n/.../Windows_Media_Player.exe  (02ec92795a4a4c2ee2d615ab84be9a02)

1 / 68      (Adware)
http://dl.fajdmr.com/n/.../Mon Budget Familial.exe  (04c987aa74724dd6a87d00e9c5a26d0e)

The following 21 files have been seen to comunicate with dl.fajdmr.com in live environments.

TCP » 185.28.193.192:80
mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80
mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 185.28.193.192:80
winmbskillssvc.exe (MobinSkills Service by PT.USENET)

TCP » 185.28.193.192:80
triggerlogs.exe

TCP » 185.28.193.192:80
wdm.bin

TCP » 185.28.193.192:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 185.28.193.192:80
winmbtuscasvc.exe (MobinTusca Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian-v2.0.9.exe

TCP » 185.28.193.192:80
Downloader.exe (Downloader)

TCP » 185.28.193.192:80
onlineguardian-v2.exe

TCP » 185.28.193.192:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 185.28.193.192:80
d9re-markablep23.exe

TCP » 185.28.193.192:80
winzillsvc.exe (ModenZill Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian.exe

TCP » 185.28.193.192:80
online-guardian-v2.exe

TCP » 185.28.193.192:80
update.exe (by Winner Updater Solutions)

TCP » 185.28.193.192:80
windilandsvc.exe (ModinLand Service by PT.USENET)

TCP » 185.28.193.192:80
windihepssvc.exe (ModinHeps Service by PT.USENET)

TCP » 185.28.193.192:80
windimixsvc.exe (ModinMix Service by PT.USENET)

TCP » 185.28.193.192:8000
buool.exe (LgGJSHMt)

 
Latest 20 of 21 files

always-wind.xyz

any-unix.xyz

app-match.xyz

bar-best.xyz

birdieu.xyz

birdle.xyz

contextdiscount.xyz

contract-your.xyz

creatorhelpusa.xyz

dljquery.net

dog-clock-north.xyz

downloader-toolbar.info

downloads-toolbar.info

fastwindowlink.xyz

find-laboratory.xyz

findermultiple.xyz

firmproviders.xyz

fleshplayers.xyz

forceaggregator.xyz

forcefinaljob.xyz

goodgrab.xyz

groupparent.xyz

job-version-ios.xyz

masterests.xyz

muchotorrente.com

mysticed.xyz

north-system.xyz

operatorteam.xyz

position-title.xyz

sendard.xyz

30 of 37 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.