chaosium.com

PERFECT PRIVACY, LLC  (Proxy Registrant)

Domain Information

The domain chaosium.com is registered by proxy through Network Solutions, LLC and was originally registered in October of 1996. Currently this domain has been known to host various forms of malware. The hosted servers are located in Washington, District of Columbia within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
Network Solutions, LLC

Server location:
District of Columbia, United States (US)

Create date:
Tuesday, October 22, 1996

Expires date:
Friday, October 21, 2022

Updated date:
Friday, June 27, 2014

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Qihoo 360 Security
HEUR/Malware.QVM19.Gen, HEUR/Malware.QVM10.Gen, Win32/Trojan.Multi.daf, Win32/Backdoor.117, Win32/Trojan.e6d, Win32/Trojan.c27
93.33%

Trend Micro House Call
TROJ_GEN.F47V0128, TROJ_GEN.F47V0131, TROJ_GEN.F47V0203, TROJ_GEN.F47V0124, TROJ_SPNR.06B414, TROJ_SPNR.06AR14, TROJ_SPNR.06BE14
86.67%

Kaspersky
Trojan.Win32.Agent, Trojan.Win32.Yakes, HEUR:Trojan.Win32.Generic, Trojan.Win32.Inject, Trojan-Spy.Win32.Zbot
86.67%

McAfee
Artemis!1E60C5FF84E5, BackDoor-FBRK!85861148F29B, Artemis!ADDE2AF3B122, Dowloader-FEX, PWSZbot-FRH!807B7CA64A39, PWSZbot-FRH!3DFD00525D71
86.67%

Emsisoft Anti-Malware
Trojan.GenericKD.1536484, Trojan.GenericKD.1547970, Trojan.GenericKD.1515739, Trojan.Inject.APV, Gen:Variant.Adware.Symmi.38378
86.67%

ESET NOD32
Win32/Kryptik.BUBT (variant), Win32/Injector.AWZH (variant), Win32/Napolar, Win32/Injector.AWDE (variant), Win32/Injector.AWOF (variant)
86.67%

Baidu Antivirus
HackTool.Win32.Packer, Trojan.Win32.Agent, Trojan.Win32.Injector, Trojan.Win32.Napolar, Trojan.Win32.Zbot
80.00%

MicroWorld eScan
Trojan.GenericKD.1536484, Trojan.GenericKD.1547970, Trojan.GenericKD.1515739, Trojan.Inject.APV, Gen:Variant.Adware.Symmi.38378
80.00%

Bitdefender
Trojan.GenericKD.1536484, Trojan.GenericKD.1547970, Trojan.GenericKD.1515739, Trojan.Inject.APV, Gen:Variant.Adware.Symmi.38378
80.00%

Lavasoft Ad-Aware
Trojan.GenericKD.1536484, Trojan.GenericKD.1547970, Trojan.GenericKD.1515739, Trojan.Inject.APV, Gen:Variant.Adware.Symmi.38378
80.00%

VIPRE Antivirus
Trojan.Win32.Generic, Trojan.Win32.Fareit.if, Worm.Win32.Dorkbot.b, Threat.4150696, Trojan.Win32.Injector.awxd
80.00%

McAfee Web Gateway
Artemis!1E60C5FF84E5, Artemis!85861148F29B, Artemis!ADDE2AF3B122, BehavesLike.Win32.Kudj.cc, Downloader-FEX!09B9623826F9
80.00%

G Data
Trojan.GenericKD.1536484, Trojan.GenericKD.1547970, Trojan.GenericKD.1515739, Trojan.Inject.APV, Gen:Variant.Adware.Symmi.38378
80.00%

Malwarebytes
Trojan.Inject.ED, Spyware.Zbot, Trojan.Injector.ED, Spyware.ZeuS, Trojan.Zbot, Trojan.Agent.ED, Spyware.Zbot.ED
80.00%

Microsoft Security Essentials
Trojan:Win32/Napolar.A, VirTool:Win32/CeeInject, Trojan:Win32/Bulta!rfn, VirTool:Win32/Injector.EP, Threat.Undefined
80.00%

The domain chaosium.com has been seen to resolve to the following 3 IP addresses.

August 19, 2014

chaosium.com
May 30, 2014

chaosium.com
April 4, 2014

File downloads found at URLs served by chaosium.com.

40 / 68    (Malware)

40 / 68    (Malware)
http://chaosium.com/?cw8rinrx1=13cb036299  (video_player_upgrade.exe)

6 / 68      (Malware)
http://chaosium.com/?1oqrqd7o7n=7f0713cbeafac  (video_player_upgrade.exe)

7 / 68      (Malware)
http://chaosium.com/?ji7hr05=8181aecb3566c  ({800e6ae9-2934-8564-b224-bab1800e6ae9}.exe)

39 / 68    (Malware)

40 / 68    (PUP)

40 / 68    (Malware)

40 / 68    (Malware)
http://chaosium.com/?afr5g99=fd0c4f699b29202  (video_player_upgrade.exe)

46 / 68    (Malware)

6 / 68      (Malware)
http://chaosium.com/?g8nz4vfi6cx0afbe=5d2171  (video_player_upgrade.exe)

39 / 68    (PUP)

6 / 68      (Malware)
http://chaosium.com/?5neub4lx62j=b91f4b4368f8d5479bccc7f1  ({5412b260-8eb8-14dc-a5a9-bf285412b260}.exe)

39 / 68    (Malware)
http://chaosium.com/?oyfhsm=d7f747  (video_player_upgrade.exe)

39 / 68    (Malware)

40 / 68    (Malware)
http://chaosium.com/?feg91vg3og1ccc=4dac0983  (video_player_upgrade.exe)

23 / 68    (Malware)
http://chaosium.com/?nxk7airun4u8wnp=f8c9e73daad6a704cff2  ({d5d45d37-b62d-81ee-c3b9-1609d5d45d37}.exe)

31 / 68    (Malware)
http://chaosium.com/?8aiqwpziyugp=988a3d5266863  ({d3828b7b-524d-bab8-1c48-7610d3828b7b}.exe)

19 / 68    (Malware)

URL:
http://chaosium.com/

Title:
“Chaosium Inc.”

Description:
“A publisher of books and games since 1975”

SSL certificate subject:
CN=www.chaosium.com, O=Chaosium Inc., L=Hayward, S=California, C=US, SERIALNUMBER=C0951605, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US

SSL certificate issuer:
CN=GeoTrust EV SSL CA - G4, O=GeoTrust Inc., C=US

Web server:
nginx

Facebook:
Likes:  1,585
Shares:  503
Comments:  318

Statistics above are for the previous month of March 2017.