home

download.bandooo.com

Milen Radumilo

Domain Information

The domain download.bandooo.com registered by Milen Radumilo was initially registered in December of 2015 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
TUCOWS DOMAINS INC.

Server location:
Dublin City, Ireland (IE)

Create date:
Thursday, December 31, 2015

Expires date:
Saturday, December 31, 2016

Updated date:
Thursday, December 31, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:
bandooo.com

Whois:
2 bandooo.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.BandooMedia.F, PUP.Optional.Installer.I, PUP.Optional.Installer.O, Win32.Generic.Installer.Bandoo.Meta
100.00%

Dr.Web
Adware.Bandoo.15, Adware.Bandoo.8, Adware.Bandoo.280, Adware.Bandoo.15
61.54%

Trend Micro House Call
TROJ_GEN.F47V0722, TROJ_GEN.F47V0509, HV_ZYX_BK0846DB.TOMC
38.46%

Emsisoft Anti-Malware
Riskware.Win32.Toolbar.SearchSuite.AMN
23.08%

herdProtect (fuzzy)
a variant of 1bc9a91058e2e1fe2a2e63105c005961345e48c9, a variant of c286edb2d863dc3a803a938e6a0d00192aea7fed
15.38%

ESET NOD32
Win32/Toolbar.SearchSuite
15.38%

MicroWorld eScan
Win32/Toolbar.SearchSuite
15.38%

Bkav FE
W32.HfsAdware
15.38%

VIPRE Antivirus
Trojan.Win32.Generic
15.38%

Baidu Antivirus
PUA.Win32.Toolbar.SearchSuite
15.38%

AVG
Bandoo
15.38%

NANO AntiVirus
Trojan.Win32.Bandoo.bbfacc
15.38%

avast!
Adware-gen [Adw]
15.38%

K7 AntiVirus
Unwanted-Program
7.69%

F-Prot
W32/Bandoo.A
7.69%

The domain download.bandooo.com has been seen to resolve to the following 4 IP addresses.

185.53.177.13
July 18, 2016

54.72.9.51
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
April 9, 2016

185.53.177.9
February 1, 2016

94.31.0.25
94.31.0.25.IPYX-076665-ZYO.above.net
April 6, 2014

File downloads found at URLs served by download.bandooo.com.

3 / 68      (PUP)
http://download.bandooo.com/o/5/r/.../BandooV8.exe  (files.exe)

13 / 68    (PUP)
http://download.bandooo.com/o/5/r/.../BandooV8.exe  (caa92289847d7b0620d050f22902a128)

7 / 68      (PUP)
http://download.bandooo.com/o/2/r/.../BandooV8.exe  (d4d60de2dedf9e85e936b45d90c48cca)

1 / 68      (PUP)
http://download.bandooo.com/o/5/r/.../BandooV8.exe  (aa79e2b7922c76bddcbee8ca42903934)

3 / 68      (PUP)
http://download.bandooo.com/o/5/r/.../BandooV8.exe  (9821fbdb6dfe438a78240927b5161fe7)

2 / 68      (PUP)
http://download.bandooo.com/o/2/r/.../BandooV8.exe  (7331659b53415d4a7fdcd01bba4db0db)

1 / 68      (PUP)
http://download.bandooo.com/o/5/r/.../BandooV8.exe  (90fe0cca771a66be822138f5b7ec70a0)

3 / 68      (PUP)
http://download.bandooo.com/o/2/r/.../BandooV8.exe  (bandoov8.ussafe.exe)

1 / 68      (PUP)
http://download.bandooo.com/o/5/r/.../BandooV8.exe  (665b337bad5142f5791b2a95e3620b7e)

1 / 68      (PUP)
http://download.bandooo.com/o/5/r/.../BandooV8.exe  (7fa440581d2c22c8a33d1432cdb6c07c)

1 / 68      (PUP)
http://download.bandooo.com/o/5/r/.../BandooV8.exe  (f9192bab4f9b10f6171d2fcb625514bb)

14 / 68    (PUP)
http://download.bandooo.com/o/5/r/.../BandooV8.exe  (508954edf90f11e77d108d394c3a3bdc)

2 / 68      (PUP)
http://download.bandooo.com/o/2/r/.../BandooV8.exe  (d3afeea0c8fc90ef0b215e352bd99f45)

2 / 68      (PUP)
http://download.bandooo.com/o/2/r/.../BandooV8.exe  (d3afeea0c8fc90ef0b215e352bd99f45)

The following 231 files have been seen to comunicate with download.bandooo.com in live environments.

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
onedrvup.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
247843.ftf (Optimizer Pro v3.2 by PC Utilities Software Limited)

TCP » 54.72.9.51:80
1799877.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
install_flashplayer14x32_x64md_aaa_aih.exe (bon joueur)

TCP » 54.72.9.51:80
optimizerproinstaller.exe (Optimizer Pro v3.2 by PCUtilities Software Limited)

TCP » 54.72.9.51:80
charles.exe (by Apple)

TCP » 54.72.9.51:80
onedrv.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 54.72.9.51:80
install_flashplayer16x33_masp_aaa_aih.exe (by Apple)

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
g.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
hqghumeaylnlf.exe (Optimizer Pro v3.2 by PC Utilities Software Limited)

 
Latest 20 of 235 files

URL:
http://download.bandooo.com/

Google Analytics:
UA-48689684

Title:
“bandooo.com”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx

1337xproxy.in

1clickdownloader.com

1dschool.com

1flymusic.com

1freesoftwareonline.com

215115638.com

360adstrack.com

4god.biz

4shared.net

55tjk.com

acidco.net

adexprt.me

adjalauto.com

adsclever.com

adsobject.com

adsservingowl.biz

adtrkx.com

africa-2010.com

agamefix.com

aiprosoft.com

alawar.it

all-baza.com

alwayswindcat.com

aminst.net

angelijah.com

angelijah.net

antivirus-gratuit.pro

anyras.com

app-mak.com

appapia.com

30 of 618 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.