home

get.clara-labs.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain get.clara-labs.com is registered by proxy through ENOM, INC. and was originally registered in July of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Campbell, California within the United States which resides on the CDNetworks Inc. network.
Registrar:
ENOM, INC.

Server location:
California, United States (US)

Create date:
Thursday, July 24, 2014

Expires date:
Sunday, July 24, 2016

Updated date:
Tuesday, July 7, 2015

ASN:
AS36408 CDNETWORKSUS-02 - CDNetworks Inc., US

Root domain:
clara-labs.com

Whois:
2 clara-labs.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.CLARALABSOFTWARE.Installer (M), PUP.CLARALAB.Installer (M), PUP (M)
100.00%

Malwarebytes
PUP.Optional.Clara.A
6.00%

Trend Micro House Call
Suspicious_GEN.F47V0221
6.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
6.00%

F-Secure
Gen:Variant.Adware.Symmi.49687
6.00%

Qihoo 360 Security
Malware.QVM20.Gen
6.00%

Dr.Web
Adware.Searcher.2787
6.00%

Panda Antivirus
PUP/Clara
6.00%

IKARUS anti.virus
AdWare.Searcher
6.00%

The domain get.clara-labs.com has been seen to resolve to the following 86 IP addresses.

174.35.73.109
August 25, 2016

174.35.73.137
July 30, 2016

174.35.32.155
July 27, 2016

174.35.73.84
July 21, 2016

174.35.73.95
July 21, 2016

174.35.76.23
July 16, 2016

174.35.76.12
July 15, 2016

174.35.73.102
July 11, 2016

174.35.73.162
June 18, 2016

174.35.76.26
June 18, 2016

174.35.73.140
June 18, 2016

174.35.73.200
June 8, 2016

174.35.72.81
i0-h0-s3054.p9-jfk.cdngp.net
June 6, 2016

174.35.73.174
June 6, 2016

174.35.73.198
June 5, 2016

174.35.32.137
June 4, 2016

174.35.32.143
June 4, 2016

174.35.56.213
i0-h0-s1123.p6-ord.cdngp.net
June 2, 2016

174.35.56.197
June 2, 2016

174.35.56.234
i0-h0-s1132.p6-ord.cdngp.net
May 29, 2016

174.35.56.166
May 29, 2016

174.35.73.94
May 25, 2016

174.35.73.97
May 22, 2016

174.35.73.104
May 22, 2016

174.35.73.141
May 21, 2016

174.35.73.80
May 21, 2016

174.35.76.20
May 21, 2016

174.35.73.158
May 21, 2016

174.35.73.142
May 20, 2016

174.35.73.139
May 20, 2016

 
Showing 30 of 86 IP Addresses

File downloads found at URLs served by get.clara-labs.com.

1 / 68      (PUP)
http://get.clara-labs.com/ClaraInstaller/.../setup.exe  (bobrowser.exe)

The following 129 files have been seen to comunicate with get.clara-labs.com in live environments.

TCP » 66.114.52.19:80
1468567241.exe

TCP » 174.35.76.24:80
1468567241.exe

TCP » 174.35.76.28:80
1468567241.exe

TCP » 66.114.52.14:80
1468567241.exe

TCP » 174.35.73.80:80
1468567241.exe

TCP » 174.35.27.72:80
1468567241.exe

TCP » 174.35.73.98:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 174.35.73.95:80
1468567241.exe

TCP » 174.35.73.218:80
1468567241.exe

TCP » 174.35.56.234:80
1468567241.exe

TCP » 174.35.73.141:80
ailments.exe (Ailments)

TCP » 66.114.52.5:80
tools_update.exe

TCP » 174.35.73.102:80
1468567241.exe

TCP » 174.35.73.102:80
jingling.exe

TCP » 66.114.52.21:80
1468567241.exe

TCP » 174.35.73.137:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 174.35.73.106:80
1468567241.exe

TCP » 174.35.73.139:80
1468567241.exe

TCP » 174.35.73.198:80
claraupdater.exe (ClaraUpdater by ClaraLabs)

TCP » 174.35.73.107:80
1468567241.exe

 
Latest 20 of 1,366 files

URL:
http://get.clara-labs.com/

Web server:
PWS/8.1.36

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.