i.versscom.net

PERFECT PRIVACY, LLC  (Proxy Registrant)

Domain Information

The domain i.versscom.net is registered by proxy through Network Solutions, LLC and was originally registered in July of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
Network Solutions, LLC

Server location:
Virginia, United States (US)

Create date:
Friday, July 25, 2014

Expires date:
Monday, July 25, 2016

Updated date:
Tuesday, May 26, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (86% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallX.Bundle, PUP.Itibiti.KNCTR.Optional.Installer.Meta (L), PUP.ValcanLabs.Optional.Installer.Meta (L), PUP.Installer.LocalWeather.F, PUP.Betwikx.BoostShopping.Installer (M), Threat.Win.Reputation.IMP
84.21%

Trend Micro House Call
Suspicious_GEN.F47V0828, Suspicious_GEN.F47V1029, Suspicious_GEN.F47V0130, Suspicious_GEN.F47V0127, TROJ_GEN.R047H05C315, Suspicious_GEN.F47V0324
68.42%

VIPRE Antivirus
Rocketfuel Installer, Wajam, Compete, Threat.4791953, Bonzuna, Sendori
63.16%

Dr.Web
Adware.Searcher.2673, Adware.Plugin.839, Adware.Siggen.30978, Adware.Downware.10519, Adware.Downware.9155, Adware.Plugin.222
31.58%

Malwarebytes
PUP.Optional.StormWatch.A, PUP.Optional.Wajam, PUP.Optional.DeskTopDock.A, PUP.Optional.LocalTemperature.C
26.32%

McAfee
Artemis!11983AE2D07C, Artemis!34227365671E, Artemis!FE462C10CF8E, Artemis!AFE87ED50398, Artemis!9142349D15F7
26.32%

K7 AntiVirus
Unwanted-Program , Trojan , Adware
26.32%

Bkav FE
W32.Clod966.Trojan, W32.HfsAdware
21.05%

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
21.05%

Panda Antivirus
Generic Suspicious, PUP/Nosibay, Trj/CI.A
21.05%

Zillya! Antivirus
Trojan.Win32.1DB12147, Adware.Sendori.Win32.8
15.79%

G Data
Win32.Application.Agent.0U7FQ8, Gen:Variant.Graftor.183869, Gen:Variant.Kazy.552993
15.79%

ESET NOD32
Win32/Wajam.K potentially unwanted, Win32/BubbleDock.A potentially unwanted, MSIL/Adware.Sendori (variant)
15.79%

AVG
Generic, Downloader
15.79%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen, suspected of Trojan.Downloader.gen.h
10.53%

The domain i.versscom.net has been seen to resolve to the following 68 IP addresses.

server-52-85-131-45.iad53.r.cloudfront.net
May 20, 2016

server-52-85-131-22.iad53.r.cloudfront.net
May 20, 2016

server-52-85-131-180.iad53.r.cloudfront.net
May 20, 2016

server-52-85-131-173.iad53.r.cloudfront.net
May 20, 2016

server-52-85-131-144.iad53.r.cloudfront.net
May 20, 2016

server-52-85-131-131.iad53.r.cloudfront.net
May 20, 2016

server-52-85-131-124.iad53.r.cloudfront.net
May 20, 2016

server-52-85-131-111.iad53.r.cloudfront.net
May 20, 2016

server-52-85-142-84.iad12.r.cloudfront.net
May 15, 2016

server-52-85-142-73.iad12.r.cloudfront.net
May 15, 2016

server-52-85-142-63.iad12.r.cloudfront.net
May 15, 2016

server-52-85-142-52.iad12.r.cloudfront.net
May 15, 2016

server-52-85-142-46.iad12.r.cloudfront.net
May 15, 2016

server-52-85-142-246.iad12.r.cloudfront.net
May 15, 2016

server-52-85-142-224.iad12.r.cloudfront.net
May 15, 2016

server-52-85-142-191.iad12.r.cloudfront.net
May 15, 2016

server-54-230-102-53.iad2.r.cloudfront.net
April 14, 2016

server-54-230-102-233.iad2.r.cloudfront.net
April 14, 2016

server-54-230-102-57.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-19.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-6.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-229.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-191.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-187.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-174.iad2.r.cloudfront.net
April 13, 2016

server-54-230-102-165.iad2.r.cloudfront.net
April 13, 2016

server-52-85-131-34.iad53.r.cloudfront.net
April 12, 2016

server-52-85-131-19.iad53.r.cloudfront.net
April 12, 2016

server-52-85-131-8.iad53.r.cloudfront.net
April 12, 2016

server-52-85-131-243.iad53.r.cloudfront.net
April 12, 2016

 
Showing 30 of 68 IP Addresses

File downloads found at URLs served by i.versscom.net.

3 / 68      (Adware)

4 / 68      (PUP)

3 / 68      (PUP)

4 / 68      (Adware)

2 / 68      (PUP)
http://i.versscom.net/inst/software/.../7z920.exe  (b3fdf6e7b0aecd48ca7e4921773fb606)

3 / 68      (Adware)

0 / 68
http://i.versscom.net/inst/software/.../mpc.exe  (mpc-homecinema.1.5.2.3456.x86.exe)

0 / 68

2 / 68      (inconclusive)

1 / 68      (Malware)

5 / 68      (PUP)

4 / 68      (PUP)

4 / 68      (Adware)

The following 26 files have been seen to comunicate with i.versscom.net in live environments.

 
Latest 20 of 42 files

URL:
http://i.versscom.net/

Network:
Amazon Cloudfront

Web server:
AmazonS3