home

dc101.4sharedhelper.com

China Capital Investment Limited

Domain Information

The domain dc101.4sharedhelper.com registered by China Capital Investment Limited was initially registered in August of 2015 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
LEATHERNECKDOMAINS.COM, LLC

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Tuesday, August 4, 2015

Expires date:
Thursday, August 4, 2016

Updated date:
Monday, March 7, 2016

ASN:
AS16265 LEASEWEB LeaseWeb B.V.

Root domain:
4sharedhelper.com

Whois:
4 4sharedhelper.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.NewITLimited.u, PUP.NewITLimited.R, PUP.New IT Limited.NewIT.Bundler (M), PUP.New IT Limited.ITMANAGE.Bundler (M), PUP.New IT Limited.NewIT (M), PUP.New IT Limited (M)
100.00%

McAfee
PUP-FIV!91886FA6C8CB
3.85%

Malwarebytes
PUP.Optional.4Shared
3.85%

K7 AntiVirus
Unwanted-Program
3.85%

Agnitum Outpost
PUA.4Shared
3.85%

avast!
FourShared-D [PUP]
3.85%

Comodo Security
Application.Win32.4Shared.G
3.85%

Dr.Web
Adware.Siggen.26344
3.85%

VIPRE Antivirus
4Shared
3.85%

Avira AntiVirus
APPL/Downloader.Gen6
3.85%

Sophos
4Share Downloader
3.85%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
3.85%

ESET NOD32
Win32/4Shared.C potentially unwanted application
3.85%

Rising Antivirus
PE:PUF.4Shared!1.9C25
3.85%

IKARUS anti.virus
nbsp;
3.85%

The domain dc101.4sharedhelper.com has been seen to resolve to the following 7 IP addresses.

192.230.92.93
192.230.92.93.ip.incapdns.net
August 7, 2016

199.83.132.93
199.83.132.93.ip.incapdns.net
June 25, 2016

104.130.124.96
April 6, 2016

208.91.197.197
March 3, 2016

141.8.226.14
February 24, 2016

95.211.186.130
hosted-by.leaseweb.com
July 3, 2014

208.88.227.141
c-r111-uc0058-141.webazilla.com
January 25, 2014

File downloads found at URLs served by dc101.4sharedhelper.com.

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xeroxep3230_br/x6FhXTPc/.../Ac-dc - tnt.exe  (f032d62f59ff128f10faf7b805961877)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xeroxep3230_br/YM5Bgwif/.../Snow Patrol - Open Your Eyes.exe  (76b91685a2894b9416ea6b736e7c4de9)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xeroxep3230_br/VGEakjTm/.../king of leon-USE SOMEBODY.exe  (8225703c6695d46e94664deb50c1ff24)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xerox3240_br/-A6uvEiq/.../03-Pyro.exe  (fc4b196163c9e84101c6942fcfeb3f1b)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xeroxep3230_br/_gScA1Qc/.../03 Somebody That I Used To Know.exe  (7c5ed9e790408fb6c37584d37e40fce0)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xerox3240_br/ZY2mBm_b/.../I Want To Hold Your Hand B.exe  (a188f3d323057c6df7e101da62667415)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xerox3240_br/HVU5ssvV/.../Riana - Diamonds.exe  (8230dcea789fa64ee81e010dd2ec9918)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xeroxep3230_br/xIj5aLKE/.../Cd-novo 2013 Bruno e Marrone.exe  (46362d8086b322a48728a73a3df86177)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xerox/qpHJWHke/.../the amazing spider-man v1.1.4 .exe  (the amazing spider-man v1.1.4.exe)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xerox/IPGg12kL/.../CON Flag Remover.exe  (5db045cc98e774fcbe9f14d60a52b29f)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/trinityep2230_br/mZhYtlpb/.../Mc Anitta - Meiga e abusada.exe  (2d6e96e1cf3a4991d0bece5964d402ed)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xerox/lHaaEdBe/.../[Updated]Facebook Like Hack [Amazing New Working] 2013 .exe  ([updated]facebook like hack [amazing new working] 2013.exe)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/trinity2240_br/ujM4OKR_/.../Scorpion Send_Me_An_Angel.exe  (9ae0e69745abe6a23897d8acdf14544c)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/trinityep2290_all/4-pGCrgH/.../Macklemore-ft-Ryan-Lewis-Wanz-Thrift-Shop.exe  (06cc874ab219f217b52f1e4ba2b3879c)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/trinityep2290_all/ar831hv8/.../Uns e Outros - Carta aos missionários.exe  (b01f40689b5d799ae1dd795bad8c73db)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/trinityep2230_br/7LMNIOUh/.../FLÁVIO JOSÉ - FORRÓ PÉ DE SERRA.exe  (15e2fb3583fcf98d89ad0c5ebc138939)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xerox/I3dtU6C5/.../lukacs a-ontologia-do-ser-social-capitulo-sobre-o-trabalho.exe  (1d3aab4618a1181565d40fa62f269c0d)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/trinityep2230_th/MMmLmkxC/.../??????????????.exe  (หนี้แค้นแสนรัก.exe)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/trinitymaxidelta/LdJarEHz/.../Romario - Debochada (DJ BOLADO).exe  (ce6d37b317e866a155cc35a1915c9887)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/trinity2240_th/8draPVQd/.../??????? - ???? ?????.exe  (ไม่สนิท - นนท์ ธนนท์.exe)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xeroxep3290_all/ehWn3y0k/.../--askeland ciencia e ingeniería de los materiales--.exe  (c29a8b42e77240f489f2514e40da75f5)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/trinityep2230_br/j2AbzRi1/.../livraria_cleo3 [www.gtaspextreme.com.br].exe  (fa78a2e50163aad1a2eec54873bf7bdc)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xeroxep32190_br/yvVz0PGv/.../Redes Sociais na Internet - Raquel Recuero.exe  (02c2b62e3fc97aeb20d2ca7ed6e54ba6)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/trinity2240_th/Wm_WY8K7/.../???????? ????????? feat. ??? ???????.exe  (แผลราตรี มิราคูลัส feat. เป้ อารักษ์.exe)

18 / 68    (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xerox/BOXEPYc7/.../fifa 13-by lorans.exe  (66a5d19c3466efa16ff20bebbad72063)

1 / 68      (Adware)
http://dc101.4sharedhelper.com:8080/downloadhelper/named/xerox/5CTN0sIx/.../The Sims 3 Late Night 6.0.81.009001 Crack Only-RELOADED.exe  (bba77577cf6ad04ea2372f84263aeae6)

The following 6 files have been seen to comunicate with dc101.4sharedhelper.com in live environments.

TCP » 208.88.227.141:443
desktop.exe (Desktop by New IT Solutions)

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 141.8.226.14:80
google-bookmarks.crx

URL:
http://dc101.4sharedhelper.com/

Web server:
nginx/1.8.1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.