home

banhangpro.com

Domain Information

Server location:
Arizona, United States (US)

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Scanner detections:
Malware distribution  (67% detected)

Scan engine
Details
Detections

Microsoft Security Essentials
Threat.Undefined
100.00%

F-Prot
W32/Sality.gen2
100.00%

ESET NOD32
Win32/Sality.NBA virus
100.00%

avast!
Win32:SaliCode
100.00%

Norman
Win32.Sality.3
100.00%

Emsisoft Anti-Malware
Win32.Sality
100.00%

Kaspersky
Virus.Win32.Sality
50.00%

The domain banhangpro.com has been seen to resolve to the following IP address.

50.62.122.1
p3nlhg672c1672.shr.prod.phx3.secureserver.net
July 1, 2016

File downloads found at URLs served by banhangpro.com.

6 / 68      (Malware)
http://banhangpro.com/.../quan-ly-ban-hang-cong-no.exe  (7bd5a87e4da2082ddcc4e4b6f8c25180)

7 / 68      (Infected)
http://banhangpro.com/.../quan-ly-ban-hang.exe  (9f8b995f48dceb7089fbff4fbc5e7530)

0 / 68
http://banhangpro.com/.../quan-ly-ban-hang-cong-no.exe  (2383b61832fb99842ecf13545c4c297c)

The following 2 files have been seen to comunicate with banhangpro.com in live environments.

TCP » 50.62.122.1:80
online-guardian.exe

TCP » 50.62.122.1:80
online-guardian-v2.0.9.exe

aviapp.com

freewareupdate.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.