home

dc106.4sharedhelper.com

China Capital Investment Limited

Domain Information

The domain dc106.4sharedhelper.com registered by China Capital Investment Limited was initially registered in August of 2015 through LEATHERNECKDOMAINS.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
LEATHERNECKDOMAINS.COM, LLC

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Tuesday, August 4, 2015

Expires date:
Thursday, August 4, 2016

Updated date:
Monday, March 7, 2016

ASN:
AS16265 LEASEWEB LeaseWeb B.V.

Root domain:
4sharedhelper.com

Whois:
2 4sharedhelper.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.NewITLimited.K, PUP.New IT Limited.ITMANAGEMENTGROUP.Bundler (M), PUP.New IT Limited.NewIT.Bundler (M), PUP.New IT Limited.NewIT (M), PUP.New IT Limited.ITMANAGE.Bundler (M), PUP.New IT Limited (M)
100.00%

McAfee
Program.PUP-FIV
7.69%

Malwarebytes
PUP.Optional.4Shared
7.69%

K7 AntiVirus
Unwanted-Program
7.69%

Agnitum Outpost
PUA.4Shared
7.69%

avast!
FourShared-D [PUP]
7.69%

Sophos
PUA '4Share Downloader'
7.69%

Comodo Security
Application.Win32.4Shared.G
7.69%

Dr.Web
Adware.Downware.2538, Adware.Siggen.26344
7.69%

VIPRE Antivirus
4Shared
7.69%

Avira AntiVirus
TR/Dropper.Gen
7.69%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
7.69%

ESET NOD32
Win32/4Shared.C potentially unwanted application
7.69%

Rising Antivirus
PE:PUF.4Shared!1.9C25
7.69%

IKARUS anti.virus
nbsp;
7.69%

The domain dc106.4sharedhelper.com has been seen to resolve to the following 6 IP addresses.

192.230.92.93
192.230.92.93.ip.incapdns.net
August 17, 2016

199.83.132.93
199.83.132.93.ip.incapdns.net
July 31, 2016

104.130.124.96
April 15, 2016

208.91.197.197
March 2, 2016

141.8.226.14
January 3, 2016

95.211.186.130
hosted-by.leaseweb.com
January 8, 2015

File downloads found at URLs served by dc106.4sharedhelper.com.

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/xeroxep3230_br/uCk1if61/.../03 - Nickelback - Photograph.exe  (9b89904b1082029a1a8f24d5125e1eb5)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/xerox3240_br/psHG2P4w/.../01. Closer.exe  (16008bf3364a3e2773bc0be621ee6821)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/trinity2240_id/KbhZ75DS/.../This Kiss.exe  (e62dfc2dce793bf6b2e7bfcdb4b6e9d6)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/trinitymaxidelta/L5JLbcM-/.../cbjr céu azul.exe  (83a2540eb062ba3ecd56393e24ad2109)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/xeroxep32300_sa/rOosAuze/.../???? ????????? ???????.exe  (اذان عبدالمجيد السريحي.exe)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/xerox/xHCIKeR0/.../soda stereo - trátame suavemente.exe  (4119c37b63d0f4096c4b5243e41c9f70)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/xerox/ISwp9312/.../12 bar exam (OST Nada Cinta).exe  (12be0658c67027197e00b0038a1a446a)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/xeroxep3290_all/JJdHfc6T/.../v20a(Sem Root,Sem CWM).exe  (4815c0c39a619512d526566e725a183c)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/xerox3240_br/N1DAE5r-/.../[6] Bossa n' Marley Sun Is Shining.exe  (1d3867285aa3e8985b38b1e17ff273fa)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/trinityep2230_id/-HiA0Aq8/.../maroon5 - secret.exe  (31844d7629080c067e34459a0b6adcb8)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/xeroxep3230_th/RQfqbzlA/.../??? ???? - ???????????.exe  (พีท พีระ - เจ็บกว่าจาก.exe)

1 / 68      (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/xeroxmaxidelta/tFmdW48j/.../john cena & the trademarc - you can't see me.exe  (4dd0ba13c2f5bb2b5eb1674846b4983e)

20 / 68    (Adware)
http://dc106.4sharedhelper.com/downloadhelper/named/xerox/S4UTuj2E/.../469sparrow.exe  (b668187f1f64a055408f3c250081ee85)

The following 5 files have been seen to comunicate with dc106.4sharedhelper.com in live environments.

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 141.8.226.14:80
google-bookmarks.crx

URL:
http://dc106.4sharedhelper.com/

Web server:
nginx/1.8.1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.