MalwareTips
Security Review

Is under-cover.info legit or a scam?

Our verdict:Dangerous· 25/100

Browser hijacker and fake search engine that collects user data and redirects searches through deceptive installers.

Top reasons
Classified as a browser hijacker by multiple independent security researchers; documented malware distribution vector.Distributed via bundled installers and PUPs that hijack browser settings without user consent.Collects browsing data and injects fake search results into user searches.
under-cover.infoScanned 2h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 87·MT 15
Category tags
browser hijackerfake search enginepup distribution#Malware#Data Harvester95% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
10 years old
Registered Mar 10, 2016
MT Intelligence
Dangerous
Critical likelihood · 95% confidence
DANGEROUS

Critical risk detected

Browser hijacker and fake search engine that collects user data and redirects searches through deceptive installers. Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

Screenshot of under-cover.info
LIVE RENDER
under-cover.info

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust15/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
Under-cover.info operates as a browser hijacker, not a legitimate search service. Security researchers at multiple independent sites have documented it being distributed via bundled installers and PUPs (potentially unwanted programs) that hijack browser settings without user knowledge. The domain shows no legitimate business registration, no contact information, and no positive user feedback anywhere. The page itself is minimal—just a search box and generic footer—with no operational transparency or company details. The evidence package contains four separate scam/malware reports from established security outlets, all describing the same pattern: deceptive promotion, browser hijacking, and data collection. Our antivirus network shows no current detections, likely because the malicious payload is delivered through the installer, not the landing page itself.
Full dossier
Analysis complete

Page Content

The page presents itself as a search engine with a simple interface: a search box, copyright notice dated 2026, and footer links to Terms, Privacy Policy, GDPR, and About. No company information, contact details, or operational transparency is provided. The minimal design and generic messaging are consistent with fake-search-engine landing pages used to distribute browser hijackers.

Infrastructure

Domain age is approximately 10 years (3743 days), hosted on IP 51.178.68.27 with clean abuse reputation (0/100). SSL certificate is valid and issued by Let's Encrypt. The domain is not indexed in global traffic rankings, indicating minimal legitimate user base or search-engine visibility.

Domain History

WHOIS shows the domain registered via GoDaddy with privacy protection disabled. Despite the 10-year age, the domain has no legitimate business presence, no company registration in any jurisdiction, and no operational history as a real search service.

Web Reputation

Four separate security research sites classify under-cover.info as a browser hijacker and fake search engine. Reports describe it being bundled with PUPs and fake calculator apps, promoted via deceptive installers that modify browser settings without consent. The domain collects browsing data and injects fake search results. No positive reviews, business registrations, or legitimate user feedback exist anywhere online.

Risk Factors
7
  • Classified as a browser hijacker by multiple independent security researchers; documented malware distribution vector.
  • Distributed via bundled installers and PUPs that hijack browser settings without user consent.
  • Collects browsing data and injects fake search results into user searches.
  • No legitimate business registration, company contact information, or operational transparency.
  • Zero positive reviews or user feedback; only malware-removal guides and security warnings found online.
  • Minimal landing page with no company details, privacy commitment, or legitimate operational indicators.
  • Associated with fake calculator apps and other PUPs in malware reports.
Positive Signals
3
  • Valid SSL certificate issued by Let's Encrypt.
  • Hosting IP has clean abuse reputation with no reported incidents.
  • Our antivirus network does not flag the landing page itself as malicious (payload is in the installer).
AI Recommendation
Do not visit, install, or use under-cover.info. If your browser has been redirected to this site or set it as your default search engine, follow removal instructions from established security sites to restore your browser settings and remove any associated PUPs. Use only legitimate search engines like Google, Bing, or DuckDuckGo.
Scam network detected
1 linked domain correlated

Under-cover.info is part of a broader ecosystem of fake-search-engine and browser-hijacker distribution. It is often bundled with other PUPs and fake tools in malware installer chains.

goto-searchitnow (mentioned in Spanish PCRisk report as similar fake-search distribution)
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for under-cover.info, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
10 yrs
Registered Mar 2016
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
4 scam reports
Key findings
6 headline facts from open-web research
  • Domain under-cover.info (age ~10 years per provided data) is classified by multiple security sites as a browser hijacker and fake search engine.
  • pcrisk.com (2021) describes it as promoted via deceptive downloaders/installers that hijack browser settings and collect browsing data.
  • 2-spyware.com labels it a browser hijacker that shows fake search results; malwaretips.com provides removal instructions calling it a 'virus'.
  • Mentioned in Apple support threads and other malware reports as unwanted search redirect/malware component, often bundled with PUPs like fake calculator apps.
  • No positive reviews, Trustpilot/ScamAdviser data, or legitimate business presence found; distinct from legitimate truck accessory company undercoverinfo.com.
  • No WHOIS or registration details surfaced in searches; no evidence of legitimate operations or positive user feedback.
Scam reports (4)
Direct quotes from public scam databases, forums, and news.
  • pcrisk.comopen

    "Developers present under-cover.info as a legitimate Internet search engine that generates improved search results and, therefore, enhances the web browsing experience. These claims often trick users into believing that under-cover.info is a"

  • 2-spyware.comopen

    "Under-Cover.info is a browser hijacker that modifies web browser settings in order to show users fake search results"

  • malwaretips.comopen

    "This page contains instructions on how to remove Under-cover.info virus from Google Chrome, Firefox, Internet Explorer and Microsoft Edge."

  • pcrisk.com (Spanish)open

    "Dos de los sitios web (goto-searchitnow y under-cover.info) a los que esta app lleva cuando se usa el navegador ... están catalogados falsos buscadores que, si se usan, recaban varios datos vinculados a la navegación"

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Security researchers at PCRisk, 2-Spyware, and MalwareTips classify under-cover.info as a browser hijacker and fake search engine. Reports document it being distributed through deceptive installers and bundled with PUPs like fake calculator apps. The service hijacks browser settings, injects fake search results, and collects browsing data without user consent. No positive reviews, business registrations, or legitimate operational history were found. The domain is distinct from the legitimate truck-accessory company undercoverinfo.com and has no association with any real business entity.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious59Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age10 years old
RegistrarGoDaddy.com, LLC
RegisteredMar 10, 2016
ExpiresMar 10, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.2
IssuerLet's Encrypt · YE1
ExpiresSep 3, 2026 (85d)
Self-signedNo
Hosting & Technology
HostingOVH SAS
Server locationFR
Web servernginx

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPOVH SAS
Usage typeData Center/Web Hosting/Transit

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

  • Do not interact with under-cover.info

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags under-cover.info as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — under-cover.info scored 25/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. under-cover.info presents a valid TLSv1.2 certificate issued by Let's Encrypt · YE1, expiring in 85 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • under-cover.info is 10.3 years old, registered on 3/10/2016 through GoDaddy.com, LLC. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report under-cover.info as clean.
  • No. under-cover.info is not currently listed on the major browser blocklist feeds that modern browsers use.
  • under-cover.info resolves to an IP operated by OVH SAS in FR (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 10, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around under-cover.info have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·under-cover.info
DANGEROUS

Under-cover.info is a browser hijacker masquerading as a search engine. Multiple security researchers classify it as malware that modifies browser settings, injects fake search results, and collects browsing data without consent. Do not install or use this service.

Do not visit, install, or use under-cover.info. If your browser has been redirected to this site or set it as your default search engine, follow removal instructions from established security sites to restore your browser settings and remove any associated PUPs. Use only legitimate search engines like Google, Bing, or DuckDuckGo.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
1092bets10.com
8m ago
Read the review
Dangeroustrust25
lhub.to
19m ago
Read the review
Dangeroustrust1
namevids.com
23m ago
Read the review
Dangeroustrust12
megawinx500.online
24m ago
Read the review
Dangeroustrust1
chatirhate.com
26m ago
Read the review
Dangeroustrust43
hentaixpros.com
26m ago
Read the review
Dangeroustrust45
jilibb-com.ph
28m ago
Read the review
Dangeroustrust44
vigamovies.com
1h ago
Read the review
Dangeroustrust31
tompel-69.com
1h ago
Read the review
Dangeroustrust39
javitful.com
1h ago
Read the review
Dangeroustrust1
techiadd.com
1h ago
Read the review
Dangeroustrust37
mercon800.online
1h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.