![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU3f67K6C0NBokv04V37IYb3DgiTWa7OqhYK9KLn1zOV5r2-ZvW_f2syAYwe10QTwKlZcGWVmmhhG55RFY6tig_hDj_f5v2h6jeWOfuRWYMniYMtooVpvmKTEEMF9oi_dDXZG18tettOE/s200/ru8080.png)
From: Ashley Madison [mailto:donotreply@ashleymadison.com]The malicious payload is at [donotclick]dimanakasono.ru:8080/forum/links/column.php hosted on the following IPs:
Sent: 10 January 2013 08:25
Subject: Re: Fwd: Changelog as promised(updated)
Hi,
changelog update - View
L. Cook
91.224.135.20 (Proservis UAB, Lithunia)
187.85.160.106 (Ksys Soluções Web, Brazil)
212.112.207.15 (ip4 GmbH, Germany)
The following IPs and domains are related and should be blocked:
91.224.135.20
187.85.160.106
212.112.207.15
belnialamsik.ru
demoralization.ru
dimanakasono.ru
bananamamor.ru
1 comment:
One more IP: 82.165.193.26
PoC: http://pastebin.com/TUKqDU3N
Post a Comment