| 15481 |
2023-03-05 01:15
|
http://nadser.ru/
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities suspicious TLD Windows Exploit DNS crashed |
|
1
|
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15482 |
2023-03-05 01:15
|
http://8babok.ru/
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
|
1
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15483 |
2023-03-05 01:15
|
http://boat.salvajesrp.com/log...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15484 |
2023-03-05 01:14
|
http://min888.ru/
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities suspicious TLD Windows Exploit DNS crashed |
|
1
|
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15485 |
2023-03-05 01:14
|
http://fintellectualadvisors.c...
AntiDebug AntiVM MSOffice File JPEG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
30
http://fintellectualadvisors.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.5
http://fintellectualadvisors.com/wp-content/plugins/goodlayers-core/plugins/elegant/ElegantIcons.eot?
http://fintellectualadvisors.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
http://fintellectualadvisors.com/wp-content/plugins/goodlayers-core/include/js/page-builder.js?ver=1.3.9
http://maps.google.com/maps-api-v3/api/js/52/3a/util.js
http://fintellectualadvisors.com/wp-content/themes/financity/images/404-background.jpg
http://fintellectualadvisors.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.3
http://fintellectualadvisors.com/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.2
http://fintellectualadvisors.com/wp-content/plugins/goodlayers-core/plugins/elegant/elegant-font.css?ver=6.1.1
http://fintellectualadvisors.com/wp-includes/css/classic-themes.min.css?ver=1
http://fintellectualadvisors.com/wp-includes/class-wp-document-query.php
http://fintellectualadvisors.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.5
http://fintellectualadvisors.com/wp-content/plugins/goodlayers-core/plugins/fontawesome/font-awesome.css?ver=6.1.1
http://fintellectualadvisors.com/wp-content/plugins/goodlayers-core/plugins/style.css?ver=1667306409
http://fintellectualadvisors.com/wp-content/plugins/wp-google-map-plugin/assets/css/frontend.css?ver=6.1.1
http://fintellectualadvisors.com/wp-content/plugins/goodlayers-core/plugins/fontawesome/fontawesome-webfont.eot?
http://fintellectualadvisors.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
http://fintellectualadvisors.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
http://fintellectualadvisors.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.3
http://fintellectualadvisors.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
http://fintellectualadvisors.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.5
http://fintellectualadvisors.com/wp-content/themes/financity/js/script-core.js?ver=1.0.0
http://fintellectualadvisors.com/wp-content/plugins/goodlayers-core/include/css/page-builder.css?ver=6.1.1
http://fintellectualadvisors.com/wp-content/themes/financity/css/style-core.css?ver=6.1.1
http://fintellectualadvisors.com/wp-content/plugins/wp-google-map-plugin/assets/js/maps.js?ver=2.3.4
http://fintellectualadvisors.com/wp-content/plugins/goodlayers-core/plugins/script.js?ver=1667306409
http://maps.google.com/maps/api/js?libraries=geometry%2Cplaces%2Cweather%2Cpanoramio%2Cdrawing&language=en&ver=6.1.1
http://fintellectualadvisors.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.3
http://maps.google.com/maps-api-v3/api/js/52/3a/common.js
https://fonts.googleapis.com/css?family=Montserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7COpen+Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CAsap%3Aregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic&subset=cyrillic%2Ccyrillic-ext%2Clatin%2Clatin-ext%2Cvietnamese%2Cgreek%2Cgreek-ext&ver=6.1.1
|
6
fintellectualadvisors.com(103.211.216.223)
maps.google.com(142.250.207.110)
fonts.googleapis.com(142.250.207.106)
142.250.207.78
103.211.216.223 - mailcious
216.58.200.234
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15486 |
2023-03-05 01:13
|
http://arku.xyz/w2/PvqDq929BSx...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://arku.xyz/w2/PvqDq929BSx_A_D_M1n_a.php
|
2
arku.xyz(3.64.163.50) - mailcious
3.64.163.50 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15487 |
2023-03-05 01:12
|
http://lkki.xyz/w2/PvqDq929BSx...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15488 |
2023-03-05 01:11
|
http://www.hudosantakakuuritai...
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
2
http://www.hudosantakakuuritai.com/wp/leafmailer2.8.php
http://hudosantakakuuritai.com/wp/leafmailer2.8.php
|
2
www.hudosantakakuuritai.com(133.167.8.177)
133.167.8.177
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15489 |
2023-03-05 01:11
|
http://onandoffagain.com/leafm...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://onandoffagain.com/leafmailer2.8.php
|
2
onandoffagain.com(192.185.52.109)
192.185.52.109
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15490 |
2023-03-05 01:09
|
http://engineeringsolutions.co... deab82e9d004d18ea5e4edb807893b97
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection Creates executable files exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
7
http://engineeringsolutions.com.au/px.js?ch=1&abp=1
http://engineeringsolutions.com.au/wp-content/plugins/cach/coment/index.php
http://engineeringsolutions.com.au/px.js?ch=2&abp=1
https://img1.wsimg.com/parking-lander/static/js/main.727544c3.chunk.js
https://img1.wsimg.com/parking-lander/static/js/0.40743286.chunk.js
https://img1.wsimg.com/parking-lander/static/js/1.3fa140ef.chunk.js
https://www.google.com/adsense/domains/caf.js?abp=1
|
6
img1.wsimg.com(23.43.165.163) - mailcious
engineeringsolutions.com.au(34.102.136.180)
www.google.com(142.250.76.132)
121.254.136.96
142.250.204.132
34.102.136.180 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15491 |
2023-03-05 01:09
|
http://www.westcoastguardservi...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
2
www.westcoastguardservices.com(132.148.82.30)
132.148.82.30 - mailcious
|
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15492 |
2023-03-05 01:09
|
http://192.40.58.223/leafmaile...
AntiDebug AntiVM MSOffice File Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
1
http://192.40.58.223/leafmailer2.8.php
|
1
|
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15493 |
2023-03-05 01:08
|
http://rdsforum.ro/xleet.php
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
1
http://rdsforum.ro/xleet.php
|
2
rdsforum.ro(92.81.20.50)
92.81.20.50
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15494 |
2023-03-05 01:08
|
http://alchemistcrm.com/wp-con...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15495 |
2023-03-05 01:06
|
http://mohantoursandtravels.co... 7d4b096effbfe68d5fbc867b5bc8504c
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
4
http://mohantoursandtravels.com/wp-includes/random_compat/
http://mohantoursandtravels.com/wp-includes/images/w-logo-blue-white-bg.png
http://mohantoursandtravels.com/favicon.ico
http://mohantoursandtravels.com/wp-includes/random_compat/index.php
|
2
mohantoursandtravels.com(198.54.126.10)
198.54.126.10 - malware
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|