home

dc111.4sharedhelper.com

China Capital Investment Limited

Domain Information

The domain dc111.4sharedhelper.com registered by China Capital Investment Limited was initially registered in August of 2015 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
LEATHERNECKDOMAINS.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Tuesday, August 4, 2015

Expires date:
Thursday, August 4, 2016

Updated date:
Monday, March 7, 2016

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Root domain:
4sharedhelper.com

Whois:
2 4sharedhelper.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.New IT Limited, PUP.Bundler.New IT Limited, Threat.New IT Limited.Bundler, PUP.New IT Limited.NewIT.Bundler (M), Threat.Win.Reputation.IMP, PUP.New IT Limited (M)
100.00%

McAfee
Program.PUP-FIV
23.08%

K7 AntiVirus
Unwanted-Program
23.08%

Agnitum Outpost
PUA.4Shared
23.08%

avast!
FourShared-D [PUP], Downloader-TQP [PUP], FourShared-T [PUP]
23.08%

Sophos
PUA '4Share Downloader'
23.08%

Comodo Security
Application.Win32.4Shared.G, Application.Win32.NewIT.A
23.08%

Dr.Web
Adware.Downware.2538, Adware.Siggen.26344, Adware.Toolbar.111, Adware.Downware.2538, Trojan.StartPage.61785
23.08%

VIPRE Antivirus
4Shared, Threat.4150696, Threat.4788236
23.08%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
23.08%

ESET NOD32
Win32/4Shared.C potentially unwanted application
23.08%

Rising Antivirus
PE:PUF.4Shared!1.9C25
23.08%

Fortinet FortiGate
Riskware/4Shared
23.08%

AVG
Adware MultiBundle, Adware BundleApp_r.G
23.08%

NANO AntiVirus
Trojan.Win32.Siggen.cxgqun, Riskware.Win32.Toolbar.dbxkdu, Riskware.Win32.Downware.dgoafz
23.08%

The domain dc111.4sharedhelper.com has been seen to resolve to the following 5 IP addresses.

192.230.92.93
192.230.92.93.ip.incapdns.net
September 1, 2016

199.83.132.93
199.83.132.93.ip.incapdns.net
July 17, 2016

104.130.124.96
April 20, 2016

184.168.221.46
ip-184-168-221-46.ip.secureserver.net
May 14, 2015

95.211.186.130
hosted-by.leaseweb.com
April 15, 2015

File downloads found at URLs served by dc111.4sharedhelper.com.

1 / 68      (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/xeroxep3230_br/XSLOT_cL/.../HIGH WAY TO HELL AC-DC.exe  (ff806c3d6b9514b9af95f0d9e53fc282)

1 / 68      (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/xerox3240_br/7Seapc4F/.../Nickelback_-_Hero.exe  (1a8e02bce3dce9ac6161ce4b49cd1f43)

1 / 68      (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/xerox3240_br/HBpGM18I/.../creedence clearwater revival - proud mary.exe  (707d03f74381a8cd37f6ce769ed1a800)

1 / 68      (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/trinity2240_br/zgzW1EGs/.../Cold Play - Paradise mp3.exe  (1c99d496583094bb465faaa53b40c06f)

1 / 68      (Malware)
http://dc111.4sharedhelper.com/downloadhelper/named/xeroxep3290_all/D_FkRmTu/.../Diante do Trono - Renovo (2013) - www.musicasparabaixar.org.exe  (diante do trono - renovo - www.musicasparabaixar.org.exe)

1 / 68      (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/trinityep2290_all/pQbG2UE5/.../??????? ?????????? _ ??????.exe  (أنطونيو وكليوباترا _ شكسبير.exe)

1 / 68      (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/trinityep22190_th/2DwltffT/.../Marron5 ¤ This Love.exe  (b7aa549e6e6aa33e52c2e74a2a523f8c)

1 / 68      (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/xerox3240_id/lK7MHfrI/.../01. Give Life Back to Music.exe  (aa6ac925640efc6df4efc1c4bc38d461)

1 / 68      (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/xerox3240_br/h0yXAWs8/.../adoração sem limites.exe  (9a3a240bf4fea7404c7c2f84f27a3c1e)

1 / 68      (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/xeroxep3290_all/sMhbAlLa/.../kdz jb.part4.exe  (fc8d85e96243ffd80e7348be7a17e759)

21 / 68    (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/xerox3240_br/jKPWD2-w/.../Antares.AVOX.Evo.VST.RTAS.v3.0.2_AiR.exe  (9b4802a7392a9dd199e043afb0934a09)

22 / 68    (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/xeroxmaxidelta/O_J-KTfq/.../latterchatter_junesharingtime.exe  (99e3ba5061b144c510e379add84646e0)

23 / 68    (Adware)
http://dc111.4sharedhelper.com/downloadhelper/named/xerox/fh48XWRw/.../Sex Talk.exe  ({blocked}.exe)

The following 67 files have been seen to comunicate with dc111.4sharedhelper.com in live environments.

TCP » 184.168.221.46:80
googleupdate.exe13d7b73 (globalUpdate Update by globalUpdate)

TCP » 184.168.221.46:80
ae6212c5-ce24-4ebf-a90f-66be73c1118b-4.exe (Radio Canyon)

TCP » 184.168.221.46:80
908b7dbe-dedf-404c-adbb-0f59c1cc5852-11.exe (Ge-Force by iWebar)

TCP » 184.168.221.46:80
browsers+_app+_pro+-codedownloader.exe (Browsers+_App+_Pro+ by browser)

TCP » 184.168.221.46:80
4404b884-5350-450e-8054-7a96f1dafaa1-11.exe (TheTorntv V10 by esc)

TCP » 184.168.221.46:80
489797e0-6d07-4499-b811-9b62c28697cc-4.exe (TotalPlusHD-3.1V07.10 by HDPlus-3.1TotalV07.10)

TCP » 184.168.221.46:80
b06ec901-7aa5-4e65-a22a-d033549a0b7d-11.exe (iWebar)

TCP » 184.168.221.46:80
online-guardian-v2.0.9.exe

TCP » 184.168.221.46:80
radio canyon-bg.exe (Radio Canyon)

TCP » 184.168.221.46:80
77490f47-3898-4690-84ef-0be7ef4f593f-11.exe (Object Browser)

TCP » 184.168.221.46:80
bobbu.exe (Senses by Object Browser)

TCP » 184.168.221.46:80
8882029d-8bc4-41d9-8f13-32d5f7c2eebf-4.exe (Wifi Protector BI by WFprotect)

TCP » 184.168.221.46:80
senses-codedownloader.exe (Senses by Object Browser)

TCP » 184.168.221.46:80
bardpy.exe (BrowsersApp_Pro_v1.1 by browser)

TCP » 184.168.221.46:80
77490f47-3898-4690-84ef-0be7ef4f593f-5.exe (Object Browser)

TCP » 184.168.221.46:80
ContentFinder.exe (ContentFinder by ContentFinder Software)

TCP » 184.168.221.46:80
cxnayxy.exe (Senses by Object Browser)

TCP » 184.168.221.46:80
4286713c-dfd0-4a66-af8d-7728381ac706-5.exe (TheGoPhoto.it V10 by joep)

TCP » 184.168.221.46:80
4087661f-fa62-4026-ac27-8891fc3f007f-2.exe (iWebar)

TCP » 184.168.221.46:80
fe4ae48e-dbf9-4b53-83be-e7cdd6a7d78e-11.exe (TheTorntv V10 by esc)

 
Latest 20 of 67 files

URL:
http://dc111.4sharedhelper.com/

Web server:
nginx/1.8.1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.