sandisoft.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain sandisoft.com is registered by proxy through GODADDY.COM, LLC and was originally registered in December of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
New York, United States (US)

Create date:
Monday, December 7, 2015

Expires date:
Wednesday, December 7, 2016

Updated date:
Monday, December 7, 2015

ASN:
AS393406 DIGITALOCEAN-ASN-NY3 - Digital Ocean, Inc.,US

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.OOOAlians.R, PUP.OOOAlians.Installer (M), PUP.installCore.OOOAlians.Installer (M), PUP.installCore.OOOAlian.Installer (M), PUP.installCore (M)
100.00%

ESET NOD32
Win32/InstallCore.QC potentially unwanted application, Win32/InstallCore.QW potentially unwanted application
25.00%

Malwarebytes
PUP.Optional.Installcore
25.00%

Kaspersky
not-a-virus:AdWare.Win32.InstallCore
20.00%

avast!
PUP-gen [PUP]
20.00%

K7 AntiVirus
Trojan , Unwanted-Program
20.00%

Avira AntiVirus
Adware/InstallCore.c.4
20.00%

AVG
Generic
20.00%

IKARUS anti.virus
PUA.Alians
15.00%

nProtect
Trojan-Clicker/W32.InstallCore.780552
15.00%

Zillya! Antivirus
Adware.InstallCore.Win32.258
15.00%

Comodo Security
Application.Win32.Installcore.QC
15.00%

VIPRE Antivirus
Threat.4150696
15.00%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
15.00%

Clam AntiVirus
Win.Adware.Installcore-567
5.00%

The domain sandisoft.com has been seen to resolve to the following 10 IP addresses.

May 22, 2016

jobqueue-listener.jobqueue.netcraft.com-ubc48bdce18714e5b98ec0994d0668fdbu-digitalocean-2gb
April 6, 2016

April 6, 2016

April 6, 2016

April 6, 2016

April 2, 2016

February 24, 2016

ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
December 15, 2015

ip-50-63-202-43.ip.secureserver.net
February 8, 2015

September 9, 2014

File downloads found at URLs served by sandisoft.com.

The following 218 files have been seen to comunicate with sandisoft.com in live environments.

TCP » 54.72.9.51:80

 
Latest 20 of 224 files

URL:
http://sandisoft.com/

Title:
“Loading”

Web server:
Apache/2.4.7 (Ubuntu) (PHP/5.5.9-1ubuntu4.14)