home

i.get-soft.com

PERFECT PRIVACY, LLC  (Proxy Registrant)

Domain Information

The domain i.get-soft.com is registered by proxy through Network Solutions, LLC and was originally registered in May of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
Network Solutions, LLC

Server location:
Virginia, United States (US)

Create date:
Friday, May 16, 2014

Expires date:
Monday, May 16, 2016

Updated date:
Tuesday, March 17, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
get-soft.com

Whois:
1 get-soft.com record

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Win.Reputation, PUP.Nextup.BB, PUP.Nextup.I, PUP.Nextup.G, PUP.Nextup.EE, PUP.VertiTechnologyGroup.g, PUP.VertiTechnologyGroup.Y, Threat.Win.Reputation.IMP, PUP.Adknowledge.Nextup.Bundler (M)
97.96%

avast!
Win32:PUP-gen [PUP], Win32:Dropper-gen [Drp], Win32:Rootkit-gen [Rtk], Win32:Adware-BGF [PUP], Win32:Adware-gen [Adw], Win32:Malware-gen
93.88%

VIPRE Antivirus
Rocketfuel Installer, Threat.4786530
87.76%

AVG
Generic
85.71%

Malwarebytes
PUP.Optional.NextUp, PUP.Optional.Bundle, PUP.Optional.Verti, PUP.Optional.RocketFuel, PUP.Optional.Rocketfuel
73.47%

G Data
Win32.Application.Nextup, Dropped:Trojan.GenericKD.1943469, Trojan.GenericKD.1933785, MemScan:Application.Bundler.HR, Win32.Trojan.Agent.IHXFVJ
63.27%

McAfee
Artemis!C96BD5645D12, Program.Artemis!20BED7603DED, Artemis!CE8DA1A63129, Artemis!5604D42BE6B0, Artemis!B937664B7004, Artemis!578A283F462D, Artemis!8C5E8294C15A, Artemis!13886B1C6469, Artemis!E6B775504356, Artemis!1053EF4C542D, Artemis!72B47623E668, Artemis!B5292EE9102D
61.22%

Dr.Web
Adware.Downware.5905, Adware.Downware.6396, Adware.Downware.6704, Adware.Downware.8721
59.18%

Trend Micro House Call
Suspicious_GEN.F47V0708, Suspicious_GEN.F47V0718, Suspicious_GEN.F47V0717, Suspicious_GEN.F47V0802, Suspicious_GEN.F47V0719
55.10%

ESET NOD32
Win32/Verti (variant)
55.10%

Sophos
NextUp, Generic PUA BD, Generic PUA BJ
53.06%

K7 AntiVirus
Trojan , Unwanted-Program
44.90%

Baidu Antivirus
Trojan.Win32.Verti, PUA.Win32.Verti
44.90%

IKARUS anti.virus
PUA.Nextup, PUA.Verti
40.82%

SUPERAntiSpyware
Trojan.Agent/Gen-Verti, Trojan.Agent/Gen-Nullo[Short]
30.61%

The domain i.get-soft.com has been seen to resolve to the following 232 IP addresses.

52.85.131.106
server-52-85-131-106.iad53.r.cloudfront.net
June 7, 2016

52.85.131.80
server-52-85-131-80.iad53.r.cloudfront.net
June 7, 2016

52.85.131.144
server-52-85-131-144.iad53.r.cloudfront.net
May 17, 2016

52.85.131.131
server-52-85-131-131.iad53.r.cloudfront.net
May 17, 2016

52.85.131.124
server-52-85-131-124.iad53.r.cloudfront.net
May 17, 2016

52.85.131.111
server-52-85-131-111.iad53.r.cloudfront.net
May 17, 2016

52.85.131.45
server-52-85-131-45.iad53.r.cloudfront.net
May 17, 2016

52.85.131.22
server-52-85-131-22.iad53.r.cloudfront.net
May 17, 2016

52.85.131.180
server-52-85-131-180.iad53.r.cloudfront.net
May 17, 2016

52.85.131.173
server-52-85-131-173.iad53.r.cloudfront.net
May 17, 2016

54.192.101.213
server-54-192-101-213.iad2.r.cloudfront.net
October 7, 2015

54.192.101.87
server-54-192-101-87.iad2.r.cloudfront.net
October 7, 2015

54.230.102.199
server-54-230-102-199.iad2.r.cloudfront.net
October 7, 2015

54.192.55.161
server-54-192-55-161.jfk6.r.cloudfront.net
May 4, 2015

54.230.52.91
server-54-230-52-91.jfk6.r.cloudfront.net
May 4, 2015

54.230.55.223
server-54-230-55-223.jfk6.r.cloudfront.net
May 4, 2015

54.230.53.82
server-54-230-53-82.jfk6.r.cloudfront.net
May 4, 2015

54.192.54.173
server-54-192-54-173.jfk6.r.cloudfront.net
May 4, 2015

54.192.54.195
server-54-192-54-195.jfk6.r.cloudfront.net
May 4, 2015

54.192.54.193
server-54-192-54-193.jfk6.r.cloudfront.net
May 4, 2015

54.192.54.198
server-54-192-54-198.jfk6.r.cloudfront.net
May 4, 2015

54.240.160.66
server-54-240-160-66.iad12.r.cloudfront.net
March 5, 2015

54.230.19.158
server-54-230-19-158.iad12.r.cloudfront.net
March 5, 2015

54.230.18.97
server-54-230-18-97.iad12.r.cloudfront.net
March 5, 2015

54.230.17.253
server-54-230-17-253.iad12.r.cloudfront.net
March 5, 2015

54.240.160.211
server-54-240-160-211.iad12.r.cloudfront.net
March 5, 2015

54.230.102.48
server-54-230-102-48.iad2.r.cloudfront.net
January 13, 2015

54.192.101.102
server-54-192-101-102.iad2.r.cloudfront.net
January 13, 2015

54.230.102.214
server-54-230-102-214.iad2.r.cloudfront.net
January 13, 2015

54.192.101.119
server-54-192-101-119.iad2.r.cloudfront.net
December 27, 2014

 
Showing 30 of 232 IP Addresses

File downloads found at URLs served by i.get-soft.com.

11 / 68    (Adware)
http://i.get-soft.com/stub/.../MediaPlayerClassicInstaller.exe  (408e8969cd0abd153eab6696f8add363)

1 / 68      (Adware)
http://i.get-soft.com/stub/NEXTUP/.../MediaPlayerClassicInstaller.exe  (96d6f5bb30ca27ae201a983fbc8e1606)

1 / 68      (inconclusive)
http://i.get-soft.com/stub/RFI/.../MediaPlayerClassic_RocketFuelInstaller.exe  (3c0d81faa007e011dfde841f67ea52be)

18 / 68    (Adware)
http://i.get-soft.com/stub/NEXTUP/.../XvidInstaller.exe  (b5292ee9102d6ffaace79d2e44290270)

23 / 68    (Adware)
http://i.get-soft.com/stub/RFI/.../Xvid_RocketFuelInstaller.exe  (1fd859d819cf32fb47e3a37f6e39b7b3)

12 / 68    (Adware)
http://i.get-soft.com/stub/NEXTUP/.../MediaPlayerClassicInstaller.exe  (f61e7e704cc07b16e2ffce470c919501)

18 / 68    (Adware)
http://i.get-soft.com/stub/RFI/.../Xvid_RocketFuelInstaller.exe  (f008751bf6f86fabd89743d300b6acde)

9 / 68      (Adware)
http://i.get-soft.com/stub/RFI/.../MediaPlayerClassic_RocketFuelInstaller.exe  (fe6e47a245f630fb395a822758465325)

6 / 68      (Adware)
http://i.get-soft.com/stub/RFI/.../7zip_RocketFuelInstaller.exe  (c222056957bd250dc7103a73f4f10730)

6 / 68      (Adware)
http://i.get-soft.com/stub/RFI/.../YoutubeDownloader.exe  (018d69bd37b89fde99bf498a272d9cd0)

13 / 68    (Adware)
http://i.get-soft.com/stub/.../XvidInstaller.exe  (45175945.exe)

21 / 68    (Adware)
http://i.get-soft.com/stub/NEXTUP/.../7zipInstaller.exe  (a337cd52ea19e2bbf01d7ece6a41b59f)

19 / 68    (PUP)
http://i.get-soft.com/stub/.../MediaPlayerClassicInstaller.exe  (df9ebb069b9e7c7de2c14d81fbe46d45)

15 / 68    (Adware)
http://i.get-soft.com/stub/.../MixxxDJInstaller.exe  (c51e183631e68cd9aee6c9f6f48c5e9d)

14 / 68    (Adware)
http://i.get-soft.com/stub/NEXTUP/.../XvidInstaller.exe  (130513.exe)

The following 92 files have been seen to comunicate with i.get-soft.com in live environments.

TCP » 54.230.192.149:443
online-guardian-v2.0.9.exe

TCP » 54.192.192.120:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.230.51.38:80
upd.exe

TCP » 54.230.50.12:443
onlineguardian-v2.exe

TCP » 54.192.192.242:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.230.50.12:443
apptrailers.exe

TCP » 52.85.131.106:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.192.55.161:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.230.19.32:443
whatsapptime.exe

TCP » 54.230.51.38:80
spassist.exe (SoftPlanet Software Assistant by Secure Download)

TCP » 54.230.51.38:80
mine-craft-setup.exe

TCP » 54.192.55.161:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.230.19.5:443
dailybee.exe

TCP » 54.230.19.5:443
whatsapptime.exe

TCP » 54.192.55.161:80
browser.exe (speed browser by Smart Applications)

TCP » 54.192.55.161:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.230.51.38:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.192.120:80
browser.exe (Browser)

TCP » 54.192.192.242:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.230.50.12:443
online-guardian.exe

 
Latest 20 of 122 files

URL:
http://i.get-soft.com/

Network:
Amazon Cloudfront

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.