i.vertitechnologygroup.com

PERFECT PRIVACY, LLC  (Proxy Registrant)

Domain Information

The domain i.vertitechnologygroup.com is registered by proxy through Network Solutions, LLC and was originally registered in October of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Seattle, Washington within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
Network Solutions, LLC

Server location:
Washington, United States (US)

Create date:
Tuesday, October 11, 2011

Expires date:
Wednesday, October 11, 2017

Updated date:
Tuesday, January 07, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.LessTabs.H, PUP.InstallX.Bundle, PUP.Installer.WhiteSmoke.V, PUP.SaveSense.D, PUP.Wajam.O, Adware.CMI.ClickMeInLimited.J, PUP.VertiTechnologyGroup.BB, PUP.VertiTechnologyGroup.EE, PUP.VertiTechnologyGroup.d, PUP.Installer.Weather, PUP.Conduit.Installer, PUP.Verti.VertiTechnologyGroup.Bundler (M), PUP.WhiteSmoke.Amonetize.Installer (M), PUP.Linkular.Installer (M), PUP.Weather.LocalWeather.Installer (M), PUP.Verti.VertiTec.Bundler (M), PUP.ELEX.LiMo (M), Adware.Injekt.StormWatch.Installer.Meta (M), PUP.Verti.Ignition.Bundler (M)
97.92%

Dr.Web
Adware.Plugin.71, Adware.Downware.1400, Adware.Shopper.363, Trojan.DownLoader8.47497, Adware.Downware.1411, Adware.Mutabaha.42
37.50%

ESET NOD32
Win32/AdWare.Vitruvian, Win32/Amonetize (variant), Win32/DealPly (variant), Win32/Wajam, Win32/ELEX, Win32/Verti (variant), Win32/Verti.O potentially unwanted
33.33%

K7 AntiVirus
Unwanted-Program , Trojan
31.25%

K7 Gateway Antivirus
Unwanted-Program , Trojan
31.25%

Malwarebytes
PUP.Optional.SaveSense.A, PUP.Optional.SkyTech.A, PUP.Optional.RocketFuel, PUP.Optional.Verti, PUP.Optional.StormWatch.A, PUP.Optional.DeskTopDock.A, PUP.Optional.Boost.A
29.17%

Trend Micro House Call
TROJ_SPNR.25JK13, TROJ_GEN.F47V0222, TROJ_GEN.F47V0225, TROJ_GEN.F47V1025, Suspici.D4722E90, Suspicious_GEN.F47V0905, Suspicious_GEN.F47V0127, Suspicious_GEN.F47V0310
25.00%

VIPRE Antivirus
Adware.LessTabs, Adware.SaveSense, Wajam, Rocketfuel Installer, Blinkx/Applon, Blinkx/SevereWeatherAlerts, Conduit, Trojan.Win32.Generic
22.92%

Agnitum Outpost
Riskware.AdWare, Riskware.Agent
20.83%

McAfee
Artemis!C479E1D766D3, Artemis!9A8A90D314EC, Artemis!9C971C43B59D, Trojan.Artemis!97E724503148, Artemis!5D882E29019E, Trojan.Artemis!5E73AAFA008E, Artemis!7A164800F975
18.75%

Avira AntiVirus
ADWARE/Adware.Gen2, TR/Verti.457240, ADWARE/Adware.Gen7
18.75%

Sophos
LessTabs IE Client, Amonetize, Generic PUA HI, Generic PUA CL, PUA 'Conduit Search Protect', Generic PUA MF, Generic PUA GP
14.58%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-PKR.S, Artemis!9A8A90D314EC, Artemis!9C971C43B59D, BehavesLike.Win32.Suspicious.ch
14.58%

avast!
Win32:WhiteSmoke-A [PUP], Win32:Malware-gen, Win32:PUP-gen [PUP], Win32:Adware-BGF [PUP], Win32:Adware-gen [Adw], Win32:Conduit-B [PUP]
14.58%

Fortinet FortiGate
Riskware/DealPly, Riskware/Elex, Riskware/Verti, Riskware/Conduit_SearchProtect
12.50%

The domain i.vertitechnologygroup.com has been seen to resolve to the following 550 IP addresses.

server-52-84-125-241.iad16.r.cloudfront.net
August 27, 2016

server-52-84-125-227.iad16.r.cloudfront.net
August 27, 2016

server-54-192-19-144.iad12.r.cloudfront.net
August 25, 2016

server-54-192-19-104.iad12.r.cloudfront.net
August 25, 2016

server-54-192-19-56.iad12.r.cloudfront.net
August 25, 2016

server-54-192-19-25.iad12.r.cloudfront.net
August 25, 2016

server-54-192-19-237.iad12.r.cloudfront.net
August 25, 2016

server-54-192-19-44.iad12.r.cloudfront.net
August 24, 2016

server-54-192-19-209.iad12.r.cloudfront.net
August 24, 2016

server-54-192-19-189.iad12.r.cloudfront.net
August 24, 2016

server-54-192-19-129.iad12.r.cloudfront.net
August 24, 2016

server-54-192-19-120.iad12.r.cloudfront.net
August 24, 2016

server-54-192-19-90.iad12.r.cloudfront.net
August 24, 2016

server-54-192-19-59.iad12.r.cloudfront.net
August 24, 2016

server-54-192-19-58.iad12.r.cloudfront.net
August 24, 2016

server-52-84-125-197.iad16.r.cloudfront.net
August 21, 2016

server-52-84-125-190.iad16.r.cloudfront.net
August 21, 2016

server-52-84-125-151.iad16.r.cloudfront.net
August 21, 2016

server-52-84-125-141.iad16.r.cloudfront.net
August 21, 2016

server-52-84-125-114.iad16.r.cloudfront.net
August 21, 2016

server-52-84-125-81.iad16.r.cloudfront.net
August 21, 2016

server-52-84-125-61.iad16.r.cloudfront.net
August 21, 2016

server-52-84-125-246.iad16.r.cloudfront.net
August 21, 2016

server-52-84-125-89.iad16.r.cloudfront.net
July 6, 2016

server-52-84-125-71.iad16.r.cloudfront.net
July 6, 2016

server-52-84-125-44.iad16.r.cloudfront.net
July 6, 2016

server-52-84-125-38.iad16.r.cloudfront.net
July 6, 2016

server-52-84-125-230.iad16.r.cloudfront.net
July 6, 2016

server-52-84-125-123.iad16.r.cloudfront.net
July 6, 2016

server-52-84-125-18.iad16.r.cloudfront.net
July 1, 2016

 
Showing 30 of 550 IP Addresses

File downloads found at URLs served by i.vertitechnologygroup.com.

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (PUP)

3 / 68      (PUP)

0 / 68
http://i.vertitechnologygroup.com/stub/.../Flv2PC.exe  (275e3c7c17944076185c18fde37d04b7)

3 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

8 / 68      (PUP)

3 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

23 / 68    (Adware)

8 / 68      (Adware)

 
Latest 30 of 281 download URLs

The following 1019 files have been seen to comunicate with i.vertitechnologygroup.com in live environments.

 
Latest 20 of 1,598 files

URL:
http://i.vertitechnologygroup.com/

Network:
Amazon Cloudfront

Web server:
AmazonS3