-nxprime.in- Gobaku-moe-mama-tsurez... | Download -
Endpoint Protection
Email & Web Filtering
User Awareness
Given the filename or search query "-nxprime.in- gobaku-moe-mama-tsurez...", if this were related to an anime or video content: Download - -nxprime.in- gobaku-moe-mama-tsurez...
Content Title: Gobaku Moe Mama Tsurezure - nxprime Special Edition
Description: A special compilation or edition of the popular series, possibly including exclusive content or scenes.
If it's software or coding related:
Content Title: nxprime - Gobaku Moe Mama Tsurezure Plugin
Description: A plugin or module for a specific software or development environment, named after or inspired by the popular culture reference.
| Impact Dimension | Potential Consequence | Likelihood |
|------------------|----------------------|------------|
| System Compromise | Execution of unwanted software, possible further payload delivery. | High (user must run the EXE) |
| Data Leakage | Exfiltration of basic system info (hostname, OS version, IP). | Medium |
| Network Abuse | Bot‑like HTTP traffic to nxprime.in may increase bandwidth consumption and expose the network to reputation blacklisting. | Medium |
| Financial Loss | Ad‑ware may generate revenue for the attackers; rare cases of upsell to ransomware could cause higher loss. | Low‑Medium |
| Reputation | If spread inside an organization, could indicate poor user awareness. | Low | Endpoint Protection
| Attribute | Details |
|-----------|---------|
| Domain | nxprime.in |
| Registrar | GoDaddy.com, LLC |
| Creation Date | 12 Mar 2020 |
| Expiration | 12 Mar 2025 (renewed) |
| Registrant | Privacy‑protected (WHOIS Guard) |
| Name Servers | ns1.godaddy.com, ns2.godaddy.com |
| Hosting | Cloud VPS (IP blocks: 45.33.32.0/19, 103.255.120.0/22) |
| SSL/TLS | No valid HTTPS certificate (HTTP only) |
Note: The privacy‑protected registration is typical for domains used in illicit activities, making attribution difficult.
| Aspect | Details |
|--------|---------|
| Actors | Likely low‑skill cyber‑crime groups that sell “malicious downloader” kits on underground forums. No clear attribution to nation‑state actors. |
| Motivation | Monetization via ad‑ware and pay‑per‑install (PPI) schemes. Potential secondary use as a dropper for more dangerous payloads (e.g., ransomware). |
| Delivery Vectors | - Spam e‑mail with enticing subject lines (“Free anime wallpaper – click now”).
- Compromised websites (WordPress, Joomla) that inject malicious JavaScript redirecting to nxprime.in.
- Social media posts that embed shortened URLs (bit.ly, t.ly) pointing to the download page. |
| Target Audience | General public, with a focus on anime‑fans or Japanese‑culture communities (the word “moe” is a sub‑culture term). This is a classic “interest‑based” lure. |
| Related Campaigns | Similar naming conventions (e.g., gobaku_kaori_akari.exe, mama_tsurez_kaoru.exe) have been seen in campaigns from 2021‑2023 that used the same infrastructure. |
| Mitigations in the Wild | Some security vendors have already added the hashes to their cloud‑based blocklists; however, the operators frequently re‑package the binaries with new hashes, so behaviour‑based detection is essential. | Email & Web Filtering