At the Security Labs, we see no shortage of peculiar things day in and day out. Today, our winner for Most Peculiar of Tuesday is this IP address: 


It is barely anything new:  the classic FBI ransomware that locks down browsers asks the victim to pay a fine by one of the locked windows as shown below:fbi_lockwindow

A big spread of this campaign targeting OS X Safari was reported in mid-July. OS X Chrome was NOT vulnerable back then. Well—it is now. An easy fix is to force close the locked browser or clicking “Leave this page” 150 times to get your way out, whichever works to your taste.  

Security researchers (Dhia’s write-up @DhiaLite, a blog post by @ydklijnsma) have reported a couple of other IP addresses prevailing with the same campaign.

Prefix      ASN Owner          44050        

PIN-AS Petersburg Internet Network LLC 86400


They are taking the game to a new AS and IP prefix. 

Prefix     ASN Owner          48031           


PE Ivanov Vitaliy Sergeevich 86400






For anyone who’d like to study these campaigns further, we posted 1000 domains from this campaign here. Please feel free to contact if you need more info. 

This post is categorized in: