Sponsored by..

Monday 8 April 2013

Beware of jonejonesonley.org

One to watch in your logs today is jonejonesonley.org which is being used as a phone-home point for malware being spammed out at the moment.

jonejonesonley.org is hosted on 85.95.236.155 (Inetmar Internet Hizmetleri, Turkey) and is registered to:

Registrant ID:orgzs46077514499
Registrant Name:Zhong Si
Registrant Organization:Xicheng Co.
Registrant Street1:Huixindongjie 15 2
Registrant Street2:
Registrant Street3:
Registrant City:Beijing
Registrant State/Province:Chaoyang
Registrant Postal Code:101402
Registrant Country:CN
Registrant Phone:+86.1066569215
Registrant Phone Ext.:
Registrant FAX:+86.1066549216
Registrant FAX Ext.:
Registrant Email:zhongguancun@yahoo.com


Also connected is a Java exploit at 217.23.11.108 (Worldstream, Netherlands) so this IP is probably worth blocking as well.

Automated malware analysis is pretty patchy: VirusTotal - Comodo CAMAS - Anubis - ThreatExpert.

Blocklist:
85.95.236.155
217.23.11.108
jonejonesonley.org
3-bogatirja-2012-online.ru

No comments: