Sponsored by..

Friday, 11 January 2013

Changelog spam / dimanakasono.ru

This fake "Changelog" spam leads to malware on dimanakasono.ru:

From: Ashley Madison [mailto:donotreply@ashleymadison.com]
Sent: 10 January 2013 08:25
Subject: Re: Fwd: Changelog as promised(updated)

Hi,


changelog update - View

L. Cook
The malicious payload is at [donotclick]dimanakasono.ru:8080/forum/links/column.php hosted on the following IPs:

91.224.135.20 (Proservis UAB, Lithunia)
187.85.160.106 (Ksys Soluções Web, Brazil)
212.112.207.15 (ip4 GmbH, Germany)

The following IPs and domains are related and should be blocked:
91.224.135.20
187.85.160.106
212.112.207.15
belnialamsik.ru
demoralization.ru
dimanakasono.ru
bananamamor.ru

1 comment:

unixfreaxjp said...

One more IP: 82.165.193.26
PoC: http://pastebin.com/TUKqDU3N