vzbucket.clara-labs.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain vzbucket.clara-labs.com is registered by proxy through ENOM, INC. and was originally registered in July of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Jose, California within the United States which resides on the CDNetworks Inc. network.
Registrar:
ENOM, INC.

Server location:
California, United States (US)

Create date:
Thursday, July 24, 2014

Expires date:
Sunday, July 24, 2016

Updated date:
Tuesday, July 7, 2015

ASN:
AS36408 CDNETWORKSUS-02 - CDNetworks Inc.,US

Root domain:

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Service.CLARALABSOFTWARE.M, PUP.Installer.CLARALABSOFTWARE.e, PUP.TitaniumGreatMinds.e, Adware.BrightCircle.AussieLabsBrightCircleInvestmentsLimited.e, PUP.ClaraLabs.Browser.Installer.Meta (M), PUP.Installer.ClaraLabSoftware, PUP.IminentTechnologySRL (M), PUP.ClaraLabSoftware.Installer (M), PUP.CLARALABSOFTWARE.Installer (M), PUP.ClaraLabSoftware (M), PUP.ClaraLabs.Meta (M), PUP.SIEN.1stBrowser.Meta (M), Adware.Bundle.SLI.Meta (M), PUP.ClaraLab.Installer (M), PUP.Brightcircle.Titanium.Installer (M)
98.00%

Dr.Web
Trojan.Crossrider.36271, Trojan.Crossrider.42854, Trojan.Crossrider1.25262, Adware.Iminent.33, Trojan.Crossrider.44427, Trojan.Crossrider.47736, Adware.Iminent.47, Adware.Iminent.50
28.00%

Malwarebytes
PUP.Optional.CrossRider, PUP.Optional.CrossRider.A, PUP.Optional.Clara.A, PUP.Optional.NSXgen
22.00%

Trend Micro House Call
ADW_ADWAPPER, Suspicious_GEN.F47V1120, Suspicious_GEN.F47V1128, Suspicious_GEN.F47V1121, Suspicious_GEN.F47V1127, TROJ_GEN.R047C0OA615
18.00%

Clam AntiVirus
Win.Trojan.Crossrider-36, Win.Trojan.Crossrider-31
18.00%

IKARUS anti.virus
not-a-virus:AdWare.Adwapper, PUA.ScrambleWrapper, PUA.Toolbar.Iminent, not-a-virus:AdWare.Agent
18.00%

NANO AntiVirus
Riskware.Nsis.Adwrapper.dgzfbk, Riskware.Win32.Chgt.diiysb, Riskware.Win32.Chgt.divuel, Riskware.Win32.Agent.djpkuq, Riskware.Win32.Agent.dewvkh
16.00%

Avira AntiVirus
ADWARE/CrossRider.Gen, Adware/CrossRider.11521208, Adware/CrossRider.KB, TR/Agent.11517200
16.00%

AVG
Morgan, Could be a potentially harmful program Toolbar.Crossrider, Generic
16.00%

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen, Win32/Virus.Adware.7a9
16.00%

Panda Antivirus
Generic Suspicious, Trj/Chgt.L, PUP/Clara, Trj/Chgt.G
16.00%

McAfee
Artemis!FDA1F4FA1AC1, Artemis!907DB19F709D, Artemis!6D46E4529EEB, Artemis!E32DD0D005E0, Artemis!AC80BA252E58, Artemis!79FC37F692F7
14.00%

ESET NOD32
Win32/Toolbar.CrossRider.BM (variant), Win32/Toolbar.CrossRider.BM potentially unwanted (variant), Win32/Packed.ScrambleWrapper.O potentially unwanted (variant)
14.00%

avast!
Win32:Adware-gen [Adw], Crossrider-DJ [PUP], Crossrider-DL [PUP], NSIS:Adware-RQ [PUP]
12.00%

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper, Trojan.NSIS.GoogUpdate, not-a-virus:WebToolbar.Win32.CroRi
10.00%

The domain vzbucket.clara-labs.com has been seen to resolve to the following 35 IP addresses.

May 16, 2016

May 16, 2016

April 18, 2016

April 12, 2016

March 3, 2016

March 3, 2016

March 3, 2016

February 26, 2016

February 26, 2016

February 9, 2016

February 7, 2016

February 4, 2016

February 2, 2016

February 1, 2016

February 1, 2016

February 1, 2016

February 1, 2016

February 1, 2016

February 1, 2016

February 1, 2016

February 1, 2016

January 5, 2016

January 5, 2016

January 5, 2016

January 5, 2016

January 5, 2016

January 5, 2016

January 4, 2016

January 4, 2016

January 4, 2016

 
Showing 30 of 35 IP Addresses

File downloads found at URLs served by vzbucket.clara-labs.com.

15 / 68    (Adware)

19 / 68    (Adware)

12 / 68    (Adware)

 
Latest 30 of 75 download URLs

The following 80 files have been seen to comunicate with vzbucket.clara-labs.com in live environments.

 
Latest 20 of 656 files

URL:
http://vzbucket.clara-labs.com/

Web server:
PWS/8.1.36