sharesuperapp.info

Artur Kozak  (via a Proxy Registrant)

Domain Information

The domain sharesuperapp.info is registered by proxy through Go China Domains, Inc. (R426-LRMS). This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in San Francisco, California within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below). The domain is associated with the publisher Artur Kozak who is located in Kyiv, Ukraine.
Remove Malware from sharesuperapp.info - Powered by Reason Core Security
Registrar:
Go China Domains, Inc. (R426-LRMS)

Server location:
California, United States (US)

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.EE, Adware.WebPick.Installer.a, Adware.WebPick.Installer.V, Adware.WebPick.Installer.M, Adware.WebPick.Installer.X, Adware.WebPick.Installer.b
100.00%

Malwarebytes
PUP.Optional.InstalleRex, PUP.Optional.Installrex
85.71%

VIPRE Antivirus
Installerex/WebPick, Threat.4753027, Threat.4150696
85.71%

K7 Gateway Antivirus
Unwanted-Program
85.71%

K7 AntiVirus
Unwanted-Program
85.71%

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot
85.71%

avast!
Win32:InstalleRex-BI [PUP], Win32:InstalleRex-CD [PUP]
85.71%

Kaspersky
Trojan.Win32.AntiFW
85.71%

Sophos
InstallRex, MultiPlug
85.71%

Comodo Security
Application.Win32.InstalleRex.KG
85.71%

Dr.Web
Trojan.WebPick.29, Trojan.WebPick.2452
85.71%

Avira AntiVirus
ADWARE/InstallRex.Gen7, TR/AntiFW.b.89, Adware/InstallRex.4
85.71%

Antiy Labs AVL
RiskWare[Downloader:not-a-virus,HEUR]/Win32.AdLoad, Trojan/Win32.AntiFW.b
85.71%

G Data
Gen:Variant.Strictor.55164, Win32.Application.EZDownloader, Application.Generic.659013, Trojan.Generic.11418127
85.71%

AhnLab V3 Security
PUP/Win32.TSULoader
85.71%

The domain sharesuperapp.info has been seen to resolve to the following 3 IP addresses.

December 2, 2014

(CloudFlare)
February 8, 2014

(CloudFlare)
February 8, 2014

File downloads found at URLs served by sharesuperapp.info.

The following 2 files have been seen to comunicate with sharesuperapp.info in live environments.

February 8, 2014

URL:
http://sharesuperapp.info/

Web server:
nginx/1.7.5

Remove Malware from sharesuperapp.info - Powered by Reason Core Security