Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Wed, Jan 8 2014
- #DhiaLite - New browser-based ransomware domains on 37.220.11.148. The fake "Mandiant" banner and threating President Obama look trick ;)
- They started resolving to 37.220.11.148 yesterday.
- #Sample url of the Browloack page
- http://zdvzdrtra.fuetechs.co.uk/police/zRnxM_/oNRAfrnI_/vp0dJ5eJuUvc6mIf7QySgmD_/baP5ahKHHxgLAlGMe8uwp7bHOQJH3NeDJtewCS/CoxtWllmw%7E%7E/MWU0YjViYWQ5NGNiNzZhNjMxZDczOWZlOTMzOT
- Same path will work for all domains below.
- /police/zRnxM_/oNRAfrnI_/vp0dJ5eJuUvc6mIf7QySgmD_/baP5ahKHHxgLAlGMe8uwp7bHOQJH3NeDJtewCS/CoxtWllmw%7E%7E/MWU0YjViYWQ5NGNiNzZhNjMxZDczOWZlOTMzOT
- https://www.virustotal.com/en/ip-address/37.220.11.148/information/
- #Sample domains on 37.220.11.148
- sdfezsf.haircloning.tv
- sdfsef.haircloning.name
- sfsefsc.haircloningdoctor.com
- dfvzdg.haircloning.name
- sdfzsef.haircloning4u.com
- cfefgrea.glomedpa.com
- cfzsew.haircloning4u.com
- #end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement