The domain bookchi.in registered by Amir Tol was initially registered in July of 2014 through Name.com LLC (R65-AFIN). Currently this domain has been known to host various forms of malware. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
Name.com LLC (R65-AFIN)
Server location:
Oregon, United States (US)
Create date:
Sunday, July 13, 2014
Expires date:
Monday, July 13, 2015
Updated date:
Thursday, September 11, 2014
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US
Scanner detections:
Malware distribution (100% detected)
Scan engine
Details
Detections
Reason Heuristics
nbsp;
50.00%
avast!
Win32:MultiPlug-JU [PUP]
50.00%
Dr.Web
Trojan.Crossrider.37584, Trojan.Crossrider.37839
50.00%
ESET NOD32
Win32/AdWare.MultiPlug.CN application, Win32/AdWare.MultiPlug.CT application
50.00%
MicroWorld eScan
Adware.Agent.OZI, Adware.Agent.OZM
50.00%
nProtect
Adware.Agent.OZI, Adware.Agent.OZM
50.00%
McAfee
MultiPlug-FRO, Program.MultiPlug-FRO
50.00%
Malwarebytes
PUP.Optional.MultiPlug
50.00%
Zillya! Antivirus
Backdoor.PePatch.Win32.52188, Backdoor.PePatch.Win32.52509
50.00%
K7 AntiVirus
Unwanted-Program
50.00%
Bitdefender
Adware.Agent.OZI, Adware.Agent.OZM
50.00%
NANO AntiVirus
Riskware.Win32.MultiPlug.dfjscb
50.00%
Sophos
MultiPlug, PUA 'MultiPlug' (of type Adware)
50.00%
Comodo Security
Application.Win32.Multiplug.CT
50.00%
Emsisoft Anti-Malware
Adware.Agent.OZI, Adware.Agent.OZM
50.00%
The domain bookchi.in has been seen to resolve to the following 3 IP addresses.
ec2-54-68-56-152.us-west-2.compute.amazonaws.com
May 3, 2015
File downloads found at URLs served by bookchi.in.
Google Analytics:
UA-19438610
Title:
“PC Experts :: Home”
Network:
Amazon Web Services (AWS), running an EC2 instance
SSL certificate subject:
CN=sni32774.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Related Domains