[Emerging-Sigs] RBN fake codec and security software sites
Matt Jonkman
jonkman at jonkmans.com
Mon May 12 14:07:51 EDT 2008
Added to the list, thanks Jim
Matt
James McQuaid wrote:
> I added these fake codec and security software sites to
> http://doc.emergingthreats.net/pub/Main/SnortConfSamples/RussianBusinessNetworkIPs.txt
> today:
>
> 69.50.166.130/32 ns2.antivirprotect.com
> 69.50.166.139/32 mail.antivirprotect.com
> 69.50.190.3/32 ns2.dictionarysearch.net
> 69.50.190.6/32 dictionarysearch.net, ns1.dictionarysearch.net
> 69.50.190.14/32 antivirprotect.com
> 85.255.116.211/32 safehomesite.com
> 85.255.118.34/32 toolbarusage.com
> 85.255.118.212/32 secureprior.com
> 85.255.118.214/32 protectalerts.com
> 85.255.118.245/32 dns404rule.com
> 85.255.120.110/32 flwplayer.com
> 216.255.179.243/32 asearchflame.com, asearchpool.com, asearchreview.com
> explorertool.net, gateietool.com, gatetofind.com
> getnewfiles.com, homepagerestart.com, ieservicegate.com
> iqsearches.com, linkietool.com, renewfiles.com
> searchinggate.com, searchthruweb.com, shareownfiles.com
> trysearchhere.com
>
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Emerging-sigs
mailing list