More DIRECTI
I have expressed concerned about DIRECTI in the past few posts, and I now have even more cause for concern.
Paul Ferguson of TrendMicro let me know about a slew of DIRECTI registered domains which are serving up exploits. How is this for a list (all of which were registered on 22 July 2009):
IP 78.47.25.168:
q0i.in, u1w.in, u1y.in, u3h.in, u3j.in, u3v.in, u3y.in, u4w.in, u5c.in, u5k.in, u5m.in, u5t.in, u5w.in, u6d.in, u6l.in, u6n.in, u6v.in, u6x.in, u7f.in, u8b.in, u8j.in, u8t.in, u9b.in, u9c.in, u9j.in, q1b.in, q1l.in, q1m.in, q1w.in, q3b.in, q3c.in, q3o.in, q5a.in, q5k.in, q5m.in, q5u.in, q0a.in, q0k.in, q0l.in, q0v.in, q0w.in, q0x.in, q5v.in, u1j.in, u3m.in, u5d.in, u7o.in, u8v.in, q1e.in, u1m.in, u6c.in, u0s.in
IP 91.121.174.19:
u7e.in
IP 91.121.141.101:
q1k.in, q1v.in
IP 91.121.167.41:
u0c.in, u5e.in, u5v.in, u7p.in, u8i.in, u9i.in, u9k.in,
IP 80.93.90.88:
x9d.in, q1d.in, q0c.in, u7g.in, u7z.in,
To be fair, there were some domains at the same IP address that were registered via "Vivesh Infotechnics Ltd", also based in India (just like Directi). I’ll leave it to others to try and find if there is any connection between DIRECTI and Vivesh Infotechnics Ltd.
IP 78.47.25.168:
x0c.in, x0v.in, x1i.in, x3a.in, x6q.in, x6r.in, x7c.in, x7l.in, x8c.in, x8e.in, x8f.in, x8m.in, x8n.in, x8v.in, x9e.in, x9f.in, x9g.in, x9o.in, x9u.in, x9w.in, x9y.in, x3y.in, x7d.in, x8y.in, x1h.in, x6i.in, x8w.in
IP 91.121.174.19:
x8u.in
IP: 91.121.167.41:
x7k.in, x8o.in
IP 80.93.90.88:
x1v.in
As always, the above domains should be treated with EXTREME CAUTION.
Edit: there are reports that 78.47.25.168 has been replaced (in some cases?) by 87.252.2.86.