| 15541 |
2023-03-05 00:33
|
http://manvim.co/fd2/PvqDq929B... 96e4ef05b285e93b385140f42dff2a4a
AntiDebug AntiVM MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
9
http://ww1.manvim.co/_fd?terms=Auto%20Auction%20Inventory%20Management%20Software,Customer%20Account%20Management%20Software,Job%20Posting%20Board
http://ww1.manvim.co/js/parking.2.103.1.js
http://manvim.co/fd2/PvqDq929BSx_A_D_M1n_a.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3Nzk1MTAxNCwiaWF0IjoxNjc3OTQzODE0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDRrMjBpb3J0dXU4ZWprcDgwcWtxbzEiLCJuYmYiOjE2Nzc5NDM4MTQsInRzIjoxNjc3OTQzODE0NTA4OTU3fQ.c3CoXgSgaNYsXVERfaynL15hhaMkrEW4GBq1wyz6q1k&sid=75ab87d4-baa1-11ed-b52f-146e7f919896
http://ww1.manvim.co/favicon.ico
http://manvim.co/fd2/PvqDq929BSx_A_D_M1n_a.php
http://ww1.manvim.co/?terms=Auto%20Auction%20Inventory%20Management%20Software,Customer%20Account%20Management%20Software,Job%20Posting%20Board
http://ww1.manvim.co/px.gif?ch=2&rn=1.9913212041920722
http://ww1.manvim.co/px.gif?ch=1&rn=1.9913212041920722
https://www.google.com/adsense/domains/caf.js
|
6
ww1.manvim.co(199.59.243.222)
manvim.co(23.82.12.30) - mailcious
www.google.com(142.250.76.132)
199.59.243.222 - mailcious
23.82.12.30 - mailcious
172.217.24.228
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15542 |
2023-03-05 00:33
|
http://manvim.co/fd3/PvqDq929B... ba3db49700f94ac56238fef2180e5b62
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection Creates executable files exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
8
http://ww1.manvim.co/_fd?terms=Auto%20Auction%20Inventory%20Management%20Software,Customer%20Account%20Management%20Software,Job%20Posting%20Board
http://manvim.co/fd3/PvqDq929BSx_A_D_M1n_a.php
http://ww1.manvim.co/js/parking.2.103.1.js
http://ww1.manvim.co/px.gif?ch=2&rn=3.839398156032177
http://ww1.manvim.co/favicon.ico
http://ww1.manvim.co/px.gif?ch=1&rn=3.839398156032177
http://ww1.manvim.co/?terms=Auto%20Auction%20Inventory%20Management%20Software,Customer%20Account%20Management%20Software,Job%20Posting%20Board
https://www.google.com/adsense/domains/caf.js
|
6
ww1.manvim.co(199.59.243.222)
manvim.co(23.82.12.30) - mailcious
www.google.com(142.250.76.132)
142.250.204.36
199.59.243.222 - mailcious
23.82.12.30 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15543 |
2023-03-05 00:31
|
http://manvim.co/fd5/PvqDq929B... f287adaaa73a45f9e12c928f64ae480f
AntiDebug AntiVM MSOffice File Code Injection Creates executable files exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
http://ww1.manvim.co/_fd?terms=Auto%20Auction%20Inventory%20Management%20Software,Customer%20Account%20Management%20Software,Job%20Posting%20Board
http://ww1.manvim.co/js/parking.2.103.1.js
http://ww1.manvim.co/px.gif?ch=1&rn=6.178304801021685
http://ww1.manvim.co/favicon.ico
http://ww1.manvim.co/px.gif?ch=2&rn=6.178304801021685
http://manvim.co/fd5/PvqDq929BSx_A_D_M1n_a.php
http://ww1.manvim.co/?terms=Auto%20Auction%20Inventory%20Management%20Software,Customer%20Account%20Management%20Software,Job%20Posting%20Board
https://www.google.com/adsense/domains/caf.js
|
6
ww1.manvim.co(199.59.243.222)
manvim.co(23.82.12.30) - mailcious
www.google.com(142.250.76.132)
212.32.237.91 - mailcious
172.217.24.68
199.59.243.222 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15544 |
2023-03-05 00:30
|
http://iwebtechexpert.com/blog...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
14
http://www.iwebtechexpert.com/blog/wp-admin/js/assets/js/jquery.min.js
http://iwebtechexpert.com/blog/wp-admin/js/9givn.php
http://www.iwebtechexpert.com/blog/wp-admin/js/assets/bootstrap/js/bootstrap.min.js
http://www.iwebtechexpert.com/blog/wp-admin/js/assets/css/font-awesome.css
http://www.iwebtechexpert.com/blog/wp-admin/js/assets/bootstrap/css/bootstrap.min.css
http://www.iwebtechexpert.com/blog/wp-admin/js/9givn.php
http://www.iwebtechexpert.com/blog/wp-admin/js/assets/img/logo.png
http://www.iwebtechexpert.com/blog/wp-admin/js/assets/css/style.css
http://www.iwebtechexpert.com/blog/wp-admin/js/assets/prettyPhoto/css/prettyPhoto.css
http://www.iwebtechexpert.com/blog/wp-admin/js/assets/css/flexslider.css
https://www.google-analytics.com/gtm/js?id=GTM-W5D36CP&t=gtag_UA_31546441_1&cid=1882869175.1677906143
https://www.google-analytics.com/analytics.js
https://www.googletagmanager.com/gtag/js?id=UA-31546441-1
https://www.googletagmanager.com/gtm.js?id=GTM-M3RR77B
|
7
www.googletagmanager.com(142.250.207.104)
www.iwebtechexpert.com(68.178.145.237)
iwebtechexpert.com(68.178.145.237)
www.google-analytics.com(142.250.206.206)
68.178.145.237
142.250.204.136
216.239.32.178
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15545 |
2023-03-05 00:29
|
http://asilcosmetics.ru/module... 0d989a423d3bb2356b77507c5493781d
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit Webshell DNS crashed Password |
2
http://asilcosmetics.ru/modules/mod_articles/mod_articles.php
http://asilcosmetics.ru/favicon.ico
|
2
asilcosmetics.ru(90.156.201.49)
90.156.201.84 - malware
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET WEB_CLIENT Generic WSO Webshell Password Prompt Accessed on External Compromised Server
ET WEB_CLIENT Generic Webshell Password Prompt Accessed on External Compromised Server
ET INFO TLS Handshake Failure
|
|
4.6 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15546 |
2023-03-05 00:29
|
http://security-apple-manage.c...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
security-apple-manage.com()
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15547 |
2023-03-05 00:29
|
http://test.danrinok.ru/admini... 0d989a423d3bb2356b77507c5493781d
AntiDebug AntiVM MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities suspicious TLD Windows Exploit Webshell DNS crashed Password |
2
http://test.danrinok.ru/administrator/components.php
http://test.danrinok.ru/favicon.ico
|
2
test.danrinok.ru(90.156.201.114)
90.156.201.42 - mailcious
|
2
ET WEB_CLIENT Generic WSO Webshell Password Prompt Accessed on External Compromised Server
ET WEB_CLIENT Generic Webshell Password Prompt Accessed on External Compromised Server
|
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15548 |
2023-03-05 00:29
|
http://212.192.241.97/~botboyz...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15549 |
2023-03-05 00:28
|
http://iryston.com/lndex.php
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
5
http://iryston.com/files/fonts/pfdintextcomppro-light-webfont.eot
http://iryston.com/files/logo.png
http://iryston.com/files/style.css
http://iryston.com/files/account.svg
http://iryston.com/files/favicon.png
|
2
iryston.com(90.156.201.41) - mailcious
90.156.201.101 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15550 |
2023-03-05 00:27
|
http://adkpower.in/class.php
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15551 |
2023-03-05 00:25
|
http://www.tsgprivatskver.ru/l... 0d989a423d3bb2356b77507c5493781d
AntiDebug AntiVM MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities suspicious TLD Windows Exploit Webshell DNS crashed Password |
2
http://www.tsgprivatskver.ru/favicon.ico
http://www.tsgprivatskver.ru/lndex.php
|
2
www.tsgprivatskver.ru(90.156.201.112)
90.156.201.44 - phishing
|
2
ET WEB_CLIENT Generic WSO Webshell Password Prompt Accessed on External Compromised Server
ET WEB_CLIENT Generic Webshell Password Prompt Accessed on External Compromised Server
|
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15552 |
2023-03-05 00:25
|
http://allonston.com/modules/m... 958706503b6734de9731026c998dc617
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
4
http://allonston.com/files/favicon.png
http://allonston.com/modules/mod_fxprev/files/logo.png
http://allonston.com/modules/mod_fxprev/files/style.css
http://allonston.com/modules/mod_fxprev/helper.php
|
2
allonston.com(90.156.201.41)
90.156.201.59 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15553 |
2023-03-05 00:24
|
http://www.chika1995.xyz/enfix...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15554 |
2023-03-05 00:24
|
http://10words.radiofreepirate...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
2
10words.radiofreepirate.org(50.116.10.92)
50.116.10.92
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15555 |
2023-03-05 00:22
|
http://51.222.56.151/tsc/login...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
1
http://51.222.56.151/tsc/login.php
|
1
|
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|