home

get.unicobrowser.info

Reactivation Period

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Jose, California within the United States which resides on the CDNetworks Inc. network.
Registrar:
eNom, Inc.

Server location:
California, United States (US)

ASN:
AS36408 CDNETWORKSUS-02 - CDNetworks Inc.,US

Root domain:
unicobrowser.info

Whois:
2 unicobrowser.info records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.CLARALABSOFTWARE, PUP.Installer.ClaraLabSoftware, PUP.ClaraLabSoftware.Installer (M), PUP.CLARALABSOFTWARE.Installer (M), PUP.CLARALAB.Installer (M), PUP.ClaraLab.Installer (M)
100.00%

Dr.Web
Adware.Searcher.2787, Adware.Iminent.63, Adware.Searcher.2787
76.92%

Malwarebytes
PUP.Optional.Clara.A
76.92%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
76.92%

Trend Micro House Call
Suspicious_GEN.F47V0323, Suspicious_GEN.F47V0426, Suspicious_GEN.F47V0405, Suspicious_GEN.F47V0507
61.54%

IKARUS anti.virus
AdWare.Searcher
53.85%

Avira AntiVirus
ADWARE/Searcher.1012880
43.59%

McAfee
Artemis!75636366217B
41.03%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
35.90%

ESET NOD32
Detection.Undefined
20.51%

herdProtect (fuzzy)
a variant of 693ca33bf4d01d8f6079e9ccfd3c774bc10b2731, a variant of d0b08392498588294721b549c6f91cbd90cc4e22, a variant of 69fad6383ef4b2f609052b0836593f8552bcce70
20.51%

Panda Antivirus
Generic Suspicious
20.51%

The domain get.unicobrowser.info has been seen to resolve to the following 20 IP addresses.

8.5.1.34
April 5, 2016

174.35.27.74
March 4, 2016

66.114.52.6
March 4, 2016

66.114.52.13
March 3, 2016

66.114.52.12
March 3, 2016

174.35.27.75
March 3, 2016

174.35.27.71
February 27, 2016

66.114.52.21
February 27, 2016

66.114.52.19
February 23, 2016

66.114.52.20
February 23, 2016

174.35.73.213
February 22, 2016

174.35.73.135
February 22, 2016

66.114.52.8
February 19, 2016

174.35.27.73
February 19, 2016

174.35.27.77
February 10, 2016

66.114.52.14
February 10, 2016

66.114.52.17
February 8, 2016

66.114.52.5
February 8, 2016

174.35.73.99
February 1, 2016

174.35.76.12
February 1, 2016

File downloads found at URLs served by get.unicobrowser.info.

1 / 68      (PUP)
http://get.unicobrowser.info/ClaraInstaller/.../setup.exe  (unicobrowser.exe)

The following 58 files have been seen to comunicate with get.unicobrowser.info in live environments.

TCP » 66.114.52.19:80
1468567241.exe

TCP » 66.114.52.14:80
1468567241.exe

TCP » 66.114.52.5:80
tools_update.exe

TCP » 66.114.52.21:80
1468567241.exe

TCP » 66.114.52.5:80
1468567241.exe

TCP » 174.35.27.73:80
1468567241.exe

TCP » 66.114.52.8:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 174.35.27.71:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 174.35.73.135:80
beamrise.exe (Beamrise by The Beamrise Authors)

TCP » 66.114.52.5:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 66.114.52.8:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 66.114.52.13:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 66.114.52.12:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 66.114.52.20:80
Iminent.Messengers.exe (Iminent Messengers by Iminent)

TCP » 66.114.52.17:80
1468567241.exe

TCP » 174.35.27.74:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 66.114.52.19:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 66.114.52.19:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 174.35.73.99:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 66.114.52.17:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

 
Latest 20 of 368 files

URL:
http://get.unicobrowser.info/

Google Analytics:
UA-2249740

Title:
“Unicobrowser.info”

Description:
“Find Cash Advance, Debt Consolidation and more at Unicobrowser.info. Get the best of Insurance or Free Credit Report, browse our section on Cell Phones or learn about Life Insurance. Unicobrowser.info is the site for Cash Advance.”

Web server:
Microsoft-IIS/8.5 (ASP.NET) (Version: 4.0.30319)

07zbu0gt6.com

08i8b4384.com

0g32br5rsg.com

0hnuuf2.com

0j2fxpvon.com

0k8wezr.com

0nosjf31uh.com

0o99hbzi.com

0p78qfr8q7.com

0softwaredreams.com

0uezhjx.com

0vin60f6.com

0x1m8x59b.com

1-vinstaller.com

1000descargas.com

123-telecharger.com

18v3y9y0ob.com

1btvoy0pn.com

1mmkkv2sfi.com

1r2qzosuf.com

1sfrtvms6.com

1tvonline.net

2-vinstaller.com

225bkry1.com

22aaf3.com

27call.com

27q2gqueo.com

29u3wfmjg.com

2k18x8b34s.com

2m891odz.com

30 of 685 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.