home

dl.4-zip.com

xianlin xie

Domain Information

The domain dl.4-zip.com registered by xianlin xie was initially registered in May of 2013 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dallas, Texas within the United States.
Registrar:
GODADDY.COM, LLC

Server location:
Texas, United States (US)

Create date:
Friday, May 17, 2013

Expires date:
Thursday, May 17, 2018

Updated date:
Friday, December 19, 2014

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
4-zip.com

Whois:
1 4-zip.com record

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Kaspersky
not-a-virus:Downloader.Win32.AdLoad, not-a-virus:Downloader.NSIS.AdLoad, Virus.Win32.Nimnul, Virus.Win32.Virut, Virus.Win32.Sality
59.09%

Dr.Web
Adware.Mutabaha.377, Adware.Mutabaha.395, Adware.Mutabaha.642, Adware.Mutabaha.229, Adware.Mutabaha.771, Adware.Mutabaha.642, Win32.Rmnet.12, Adware.Mutabaha.608, Adware.Mutabaha.944, Win32.Parite.2, Win32.Sector.30
56.82%

avast!
Dropper-gen [Drp], Win32:Malware-gen, Win32:PUP-gen [PUP], Win32:RmnDrp, Win32:Vitro, Win32:Virtu-A, Win32:Kukacka, Win32:SaliCode, Win32:Parite
54.55%

McAfee
Artemis!FF425D7D8D18, RDN/Generic.dx!d2q, Artemis!0FC6FADC398B, Artemis!5D202B18B01F, Artemis!00AA201560CC, Program.Artemis!25CCADD3C0B5
47.73%

ESET NOD32
Win32/ELEX.EO potentially unwanted application, Win32/Ramnit.H virus, Win32/Virut.NBP virus, Win32/Sality.NBA virus, Win32/ELEX.HE potentially unwanted application
47.73%

Emsisoft Anti-Malware
Gen:Variant.Mikey.27807, Gen:Variant.Application.Graftor.245459, Adware.Adload.R, Win32.Virtob.Gen.12, Win32.Sality, Win32.Ramnit.N
43.18%

F-Prot
W32/Ramnit.E, W32/Virut.AL!Generic, W32/Virut.AI, W32/Virut.AI!Generic, W32/Sality.gen2, W32/Parite.B, W32/Ramnit.B!Generic
43.18%

Microsoft Security Essentials
Threat.Undefined
40.91%

AVG
Generic_c, Elex, Win32/Virut, Win32/Sality, Win32/Zbot.G, Win32/Parite
38.64%

Reason Heuristics
PUP.Extension.ChromePlugin, PUP.Thinknice.TaiwanShuiMuChihChingTechnology.Installer (M), Threat.Win.Reputation.IMP, Adware.Mutabaha.DB (M), Adware.Downloader
36.36%

Norman
Gen:Variant.Application.Graftor.245459, Adware.Adload.R, Win32.Virtob.Gen.12, Win32.Sality.3, Win32.Ramnit.N, Win32.Parite.B
31.82%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4739697, Threat.4737366, Threat.4120919, Threat.4732184, Threat.4721115, Threat.46249
27.27%

Baidu Antivirus
Hacktool.Win32.AdLoad, Hacktool.NSIS.AdLoad, Adware.Win32.ELEX, Adware.Win32.Elex
20.45%

Vba32 AntiVirus
Downloader.AdLoad, suspected of Trojan.Downloader.gen.h
20.45%

Panda Antivirus
Generic Suspicious, Trj/Genetic.gen, PUP/Winzipper
18.18%

The domain dl.4-zip.com has been seen to resolve to the following 4 IP addresses.

173.193.171.11
b.ab.c1ad.ip4.static.sl-reverse.com
January 3, 2016

208.43.232.117
208.43.232.117-static.reverse.softlayer.com
January 3, 2016

208.43.232.115
208.43.232.115-static.reverse.softlayer.com
January 3, 2016

208.43.232.114
208.43.232.114-static.reverse.softlayer.com
January 3, 2016

File downloads found at URLs served by dl.4-zip.com.

6 / 68      (PUP)
http://dl.4-zip.com/update/new.2.0/wz/1.5.121/.../wzp2yac.exe  (zip_update_v1.5.132.exe)

9 / 68      (Infected)
http://dl.4-zip.com/update/new.2.0/wz/1.5.116/.../wzp2yac.exe  (3ae28727d1fe540ba40d98eb0717fbd0)

9 / 68      (Infected)
http://dl.4-zip.com/update/new.2.0/wz/1.5.129/.../2015.12.10.exe  (8fccdaa2a9e7726640233eb91576bc27)

11 / 68    (PUP)
http://dl.4-zip.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (9db8b4a3c070950548d83b267e370977)

2 / 68      (PUP)
http://dl.4-zip.com/update/new.2.0/wz/1.5.111/.../wzp2yac_2015.8.26_out.exe  (db815b04f64cce0f4f2a377849e5ab56)

1 / 68      (PUP)
http://dl.4-zip.com/update/wz/1.5.111/.../wzp2yac_2015.8.26_out.exe  (22cf4233d85ed9ed3b6a32417f4d68d3)

10 / 68    (Infected)
http://dl.4-zip.com/update/new.2.0/wz/1.5.132/.../wzp2yac.exe  (1c2e89c23e596950c89ac8de417e7874)

2 / 68      (PUP)
http://dl.4-zip.com/update/new.2.0/wz/1.5.105/.../wzpup_2015.07.24_out_2.exe  (0061fdf02891ef697850b4d1fd98129f)

12 / 68    (PUP)
http://dl.4-zip.com/update/new.2.0/wz/1.5.135/.../wzp2yac.exe  (5522a8a7b7d388a45051688e3d50834b)

10 / 68    (PUP)
http://dl.4-zip.com/update/new.2.0/wz/1.5.95/.../wzpup_2015.5.05_4.exe  (ff4d8ad3a2bbcd4ccd94e0e0bedbf3e3)

7 / 68      (Infected)
http://dl.4-zip.com/update/new.2.0/wz/1.5.129/.../wzp2yac_201512096_out.exe  (75144fc37eba1814c191d7926fe1cd94)

1 / 68      (Malware)
http://dl.4-zip.com/update/new.2.0/wz/1.5.113/.../wzp2yac_1008.exe  (fb76c844a2bd1802b96aea8442d29ebd)

10 / 68    (Infected)
http://dl.4-zip.com/update/new.2.0/wz/1.5.119/.../wzp2yac.exe  (fd76c762081662271e7154fc44839e04)

10 / 68    (Malware)
http://dl.4-zip.com/update/new.2.0/wz/1.5.123/.../wzp2yac.exe  (d579da84e52c5edb9666f7e5b0aa2094)

12 / 68    (PUP)
http://dl.4-zip.com/update/new.2.0/wz/1.5.108/.../wzp2yac_out.exe  (eeaa8dffd0bb9638542ff73c24439f6e)

5 / 68      (PUP)
http://dl.4-zip.com/update/wz/1.5.96/.../wzpup_2015.5.21_1.exe  (zip_update_v1.5.96.exe)

3 / 68      (inconclusive)
http://dl.4-zip.com/update/wz/1.5.108/.../wzp2yac_out.exe  (25ccadd3c0b567c69123fffb8010e65b)

1 / 68      (Malware)
http://dl.4-zip.com/update/new.2.0/wz/1.5.120/.../wzp2yac_out.exe  (zip_update_v1.5.120.exe)

9 / 68      (Adware)
http://dl.4-zip.com/update/new.2.0/wz/1.5.107/.../winzipper_update_setup_1.5.107.1005.exe  (f65f7c92209094d166bb2ae0aa4ba677)

15 / 68    (PUP)
http://dl.4-zip.com/update/wz/1.5.95/.../wzpup_2015.5.05_4.exe  (ff425d7d8d18a2b7132ab9ae6f15154c)

6 / 68      (PUP)
http://dl.4-zip.com/update/wz/1.5.101/.../wzpup_2015.06.18_out.exe  (a3f811d9d4d08c8659d06144c7b35701)

11 / 68    (PUP)
http://dl.4-zip.com/update/new.2.0/wz/1.5.103/.../wzpup_2015.07.01_out.exe  (43c1dc82b2798ee61f499dc980ed50f2)

11 / 68    (PUP)
http://dl.4-zip.com/update/wz/1.5.113/.../wzp2yac_1008.exe  (937c7f63819d0cc61349a1b38a9c4235)

1 / 68      (Adware)
http://dl.4-zip.com/update/new.2.0/wz/1.5.111/.../winzipper_update_setup_1.5.111.1010.exe  (zip_update_v1.5.111.exe)

16 / 68    (PUP)
http://dl.4-zip.com/update/wz/1.5.114/.../wzp2up.exe  (5d202b18b01fc96a14fafb8b0d336fae)

The following file have been seen to comunicate with dl.4-zip.com in live environments.

TCP » 208.43.232.117:80
wprotectmanager.exe (wmp control by Cherished Technololgy LIMITED)

URL:
http://dl.4-zip.com/

Web server:
openresty

abbhelpu.com

ali-b2c.com

astrills.com

brot-soft.com

globo-360.com

picexa.com

puphelp.com

qihutechs.com

wseclub.com

downkegja.com

downkfadx.com

downkhpiw.com

downkjcme.com

soft365.com

win10-apps.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.