sharesuperapp.info

Artur Kozak  (via a Proxy Registrant)

Domain Information

The domain sharesuperapp.info is registered by proxy through Go China Domains, Inc. (R426-LRMS). This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in San Francisco, California within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below). The domain is associated with the publisher Artur Kozak who is located in Kyiv, Ukraine.
Registrar:
Go China Domains, Inc. (R426-LRMS)

Server location:
California, United States (US)

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.EE, Adware.WebPick.Installer.a, Adware.WebPick.Installer.V, Adware.WebPick.Installer.M, Adware.WebPick.Installer.X, Adware.WebPick.Installer.b, Adware.WebPick.Installer (M)
100.00%

Malwarebytes
PUP.Optional.InstalleRex, PUP.Optional.Installrex
75.00%

VIPRE Antivirus
Installerex/WebPick, Threat.4753027, Threat.4150696
75.00%

K7 Gateway Antivirus
Unwanted-Program
75.00%

K7 AntiVirus
Unwanted-Program
75.00%

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot
75.00%

avast!
Win32:InstalleRex-BI [PUP], Win32:InstalleRex-CD [PUP]
75.00%

Kaspersky
Trojan.Win32.AntiFW
75.00%

Sophos
InstallRex, MultiPlug
75.00%

Comodo Security
Application.Win32.InstalleRex.KG
75.00%

Dr.Web
Trojan.WebPick.29, Trojan.WebPick.2452
75.00%

Avira AntiVirus
ADWARE/InstallRex.Gen7, TR/AntiFW.b.89, Adware/InstallRex.4
75.00%

Antiy Labs AVL
RiskWare[Downloader:not-a-virus,HEUR]/Win32.AdLoad, Trojan/Win32.AntiFW.b
75.00%

G Data
Gen:Variant.Strictor.55164, Win32.Application.EZDownloader, Application.Generic.659013, Trojan.Generic.11418127
75.00%

AhnLab V3 Security
PUP/Win32.TSULoader
75.00%

The domain sharesuperapp.info has been seen to resolve to the following 3 IP addresses.

December 2, 2014

(CloudFlare)
February 8, 2014

(CloudFlare)
February 8, 2014

File downloads found at URLs served by sharesuperapp.info.

The following 2 files have been seen to comunicate with sharesuperapp.info in live environments.

February 8, 2014

URL:
http://sharesuperapp.info/

Web server:
nginx/1.7.5