Select Page

In case you didn’t catch these earlier at another site, here are some new domains floating around out there doing bad things.

In some cases, binaries can be captured by using the following example format:

roguesite.com/files/get.php?id=538090733

Created IP Site
4/29/2008 85.255.120.110 flwplayer. com
4/29/2008 85.255.118.214 protectalerts. com
4/29/2008 85.255.118.34 toolbarusage. com
4/29/2008 85.255.116.211 safehomesite. com
4/29/2008 216.255.179.243 getnewfiles. com
4/29/2008 216.255.179.243 asearchflame. com
4/29/2008 216.255.179.243 asearchpool. com
4/29/2008 216.255.179.243 asearchreview. com
4/29/2008 216.255.179.243 explorertool. net
4/29/2008 216.255.179.243 gateietool. com
4/29/2008 216.255.179.243 gatetofind. com
4/29/2008 216.255.179.243 homepagerestart. com
4/29/2008 216.255.179.243 ieservicegate. com
4/29/2008 216.255.179.243 iqsearches. com
4/29/2008 216.255.179.243 linkietool. com
4/29/2008 216.255.179.243 newuploads. net
4/29/2008 216.255.179.243 renewfiles. com
4/29/2008 216.255.179.243 searchinggate. com
4/29/2008 216.255.179.243 searchthruweb. com
4/29/2008 216.255.179.243 shareownfiles. com
4/29/2008 216.255.179.243 trysearchhere. com
4/29/2008 85.255.118.245 dns404rule. com
4/29/2008 85.255.118.212 secureprior. com

Patrick Jordan
Sunbelt Malware Research