In case you didn’t catch these earlier at another site, here are some new domains floating around out there doing bad things.
In some cases, binaries can be captured by using the following example format:
roguesite.com/files/get.php?id=538090733
| Created | IP | Site | ||
| 4/29/2008 | 85.255.120.110 | flwplayer. com | ||
| 4/29/2008 | 85.255.118.214 | protectalerts. com | ||
| 4/29/2008 | 85.255.118.34 | toolbarusage. com | ||
| 4/29/2008 | 85.255.116.211 | safehomesite. com | ||
| 4/29/2008 | 216.255.179.243 | getnewfiles. com | ||
| 4/29/2008 | 216.255.179.243 | asearchflame. com | ||
| 4/29/2008 | 216.255.179.243 | asearchpool. com | ||
| 4/29/2008 | 216.255.179.243 | asearchreview. com | ||
| 4/29/2008 | 216.255.179.243 | explorertool. net | ||
| 4/29/2008 | 216.255.179.243 | gateietool. com | ||
| 4/29/2008 | 216.255.179.243 | gatetofind. com | ||
| 4/29/2008 | 216.255.179.243 | homepagerestart. com | ||
| 4/29/2008 | 216.255.179.243 | ieservicegate. com | ||
| 4/29/2008 | 216.255.179.243 | iqsearches. com | ||
| 4/29/2008 | 216.255.179.243 | linkietool. com | ||
| 4/29/2008 | 216.255.179.243 | newuploads. net | ||
| 4/29/2008 | 216.255.179.243 | renewfiles. com | ||
| 4/29/2008 | 216.255.179.243 | searchinggate. com | ||
| 4/29/2008 | 216.255.179.243 | searchthruweb. com | ||
| 4/29/2008 | 216.255.179.243 | shareownfiles. com | ||
| 4/29/2008 | 216.255.179.243 | trysearchhere. com | ||
| 4/29/2008 | 85.255.118.245 | dns404rule. com | ||
| 4/29/2008 | 85.255.118.212 | secureprior. com | ||
Patrick Jordan
Sunbelt Malware Research