» content.unzipper.com
Overview
Analysis
IPs Addresses (8)
Downloads (1)
Network (2)
Website Detail

content.unzipper.com

JOHN NGUYEN

Domain Information

The domain content.unzipper.com registered by JOHN NGUYEN was initially registered in July of 2011 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Seattle, Washington within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).

Registrant:

JOHN NGUYEN

Registrar:

ENOM, INC.

Server location:

Washington, United States (US)

Create date:

Monday, July 11, 2011

Expires date:

Monday, July 11, 2016

Updated date:

Saturday, December 19, 2015

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

unzipper.com

Whois:

1 unzipper.com record

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.ClickStartMedia.Installer (M)

100.00%

MicroWorld eScan

Gen:Variant.Application.Bundler.DownloadAdmin.4

100.00%

McAfee

Artemis!97AE504EED88

100.00%

Zillya! Antivirus

Downloader.LMN.Win32.390398

100.00%

K7 AntiVirus

Adware

100.00%

Arcabit

Trojan.Application.Bundler.DownloadAdmin.4

100.00%

Agnitum Outpost

Riskware.Agent

100.00%

ESET NOD32

Win32/DownloadAdmin.P potentially unwanted (variant)

100.00%

avast!

Win32:Malware-gen

100.00%

Bitdefender

Gen:Variant.Application.Bundler.DownloadAdmin.4

100.00%

NANO AntiVirus

Trojan.Win32.Vittalia.dzdnyu

100.00%

Rising Antivirus

PE:Adware.DownloadAdmin!1.A243 [F]

100.00%

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.DownloadAdmin.4

100.00%

F-Secure

Gen:Variant.Application.Bundler

100.00%

Dr.Web

Trojan.Vittalia.1355

100.00%

The domain content.unzipper.com has been seen to resolve to the following 8 IP addresses.

52.85.131.138

server-52-85-131-138.iad53.r.cloudfront.net

April 5, 2016

52.85.131.66

server-52-85-131-66.iad53.r.cloudfront.net

April 5, 2016

52.85.131.36

server-52-85-131-36.iad53.r.cloudfront.net

April 5, 2016

52.85.131.13

server-52-85-131-13.iad53.r.cloudfront.net

April 5, 2016

52.85.131.244

server-52-85-131-244.iad53.r.cloudfront.net

April 5, 2016

52.85.131.196

server-52-85-131-196.iad53.r.cloudfront.net

April 5, 2016

52.85.131.143

server-52-85-131-143.iad53.r.cloudfront.net

April 5, 2016

52.85.131.139

server-52-85-131-139.iad53.r.cloudfront.net

April 5, 2016

File downloads found at URLs served by content.unzipper.com.

21 / 68 (PUP)

http://content.unzipper.com/unzipper-setup.exe (97ae504eed883d27fd10befcf5112eb4)

The following 2 files have been seen to comunicate with content.unzipper.com in live environments.

TCP » 52.85.131.196:80

SimpleDriverUpdater.exe (Simple Driver Updater)

TCP » 52.85.131.244:443

u.exe

URL:

http://content.unzipper.com/

Network:

Amazon Cloudfront

Web server:

AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.