[nsp-sec] Several .IN (and similar .NET/.COM) domains distributing malware

Carles Fragoso cfragoso at cesicat.cat
Mon Jun 7 18:41:30 EDT 2010 

Hi,

We have had a phishing and distributing malware incident mainly located at .IN domains where registration data is certainly fake:

pixforum-001.in
pixforum-002.in
pixforum-003.in
pixforum-004.in
pixforum-005.in
pixforum-006.in
pixforum-007.in
pixforum-008.in
pixforum-009.in
pixforum-010.in
pixforum-011.in
pixforum-012.in
pixforum-013.in
pixforum-014.in
pixforum-015.in
pixforum-016.in
pixforum-017.in
pixup-1.in
pixup-2.in
pixup-3.in
pixup-4.in
pixup-5.in
pixup-6.in
pixup-7.in
pixup-8.in
pixup-9.in

Submitted malware doesn't seem to be detected by any AV vendor yet:

  https://www.virustotal.com/es/analisis/50357908b9461ad9f1f1d9fabe2068bcc1519b1038d4a6db9fdad42fb38007be-1275912370

Any contacts at TLD .IN registry or at Transecute Solutions Pvt. Ltd. registrar?

Thanks!

-- Carlos

Other similar .COM and .NET domains that seems to be related:

 pixoff-010.com	  
 pixfox-010.com	  
 pixoff-020.com	  
 pixfox-020.com	  
 pixfox-030.com	  
 pixoff-001.com	  
 pixfox-001.com	  
 pixoff-011.com	  
 pixfox-011.com	  
 pixfox-021.com	  
 pixoff-002.com	  
 pixfox-002.com	  
 pixoff-012.com	  
 pixfox-012.com	  
 pixfox-022.com	  
 pixoff-003.com	  
 pixfox-003.com	  
 pixfox-023.com	  
 pixoff-004.com	  
 pixfox-004.com	  
pixfox-014.com	  
 pixfox-024.com	  
 pixoff-005.com	  
 pixfox-005.com	  
 pixoff-006.com	  
 pixfox-006.com	  
 pixfox-016.com	  
 pixfox-026.com	  
 pixoff-007.com	  
 pixfox-007.com	  
 pixfox-017.com	  
 pixfox-027.com	  
 pixoff-008.com	  
 pixfox-008.com	  
 pixoff-018.com	  
 pixfox-018.com	  
 pixfox-028.com	  
 pixoff-009.com	  
 pixfox-009.com	  
 pixoff-019.com	  
 pixfox-019.com	  
 pixfox-029.com	  
 pixoff-010.net	  
 pixoff-020.net	  
 pixfox-040.net	  
 pixoff-001.net	  
 pixoff-011.net	  
 pixfox-031.net	  
 pixoff-002.net	  
 pixfox-032.net	  
 pixoff-003.net	  
 pixoff-013.net	  
 pixfox-033.net	  
 pixoff-004.net	  
 pixfox-034.net	  
 pixoff-005.net	  
 pixfox-035.net	  
 pixoff-006.net	  
 pixfox-036.net	  
 pixoff-007.net	  
 pixoff-017.net	  
 pixfox-037.net	  
 pixoff-008.net	  
 pixoff-018.net	  
 pixfox-038.net	  
 pixoff-009.net	  
 pixoff-019.net	  
 pixfox-039.net	  
pixmap-001.com	 
pixmap-002.com	 
pixmap-003.com	 
pixmap-004.com	 
pixmap-005.com	 
pixmap-006.com	 
pixmap-007.com	 
pixmap-008.com	 
pixmap-009.com	 
pixmap-010.com	 
pixmap-011.com	 
pixmap-012.com	 
pixmap-013.com	 
pixmap-014.com	 
pixmap-015.com	 
pixmap-016.com	 
pixmap-017.com	 
pixmap-018.com	 
pixmap-019.com

More information about the nsp-security mailing list