| 15556 |
2023-03-05 00:22
|
http://ahcteam.tech/login.php
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15557 |
2023-03-05 00:21
|
http://178.20.47.174/po02jewaf...
AntiDebug AntiVM MSOffice File Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
1
http://178.20.47.174/po02jewafo92/admin/login.php
|
1
|
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15558 |
2023-03-05 00:21
|
http://caudan-vous-accueille.c...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://caudan-vous-accueille.com/images/gmapfp/hsfgdyfy.php?pass=kod3
http://www.caudan-vous-accueille.com/images/gmapfp/hsfgdyfy.php?pass=kod3
https://www.caudan-vous-accueille.com/images/gmapfp/hsfgdyfy.php?pass=kod3
|
4
caudan-vous-accueille.com(172.67.139.34)
www.caudan-vous-accueille.com(172.67.139.34)
172.67.139.34
104.21.87.11
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15559 |
2023-03-05 00:20
|
http://esselfire.com/templets/...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://esselfire.com/templets/default/css/popup.php
|
2
esselfire.com(103.53.42.223)
103.53.42.223 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15560 |
2023-03-05 00:19
|
http://bsc.org.np/
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15561 |
2023-03-05 00:19
|
http://www.mibbpersonales.com/... 42db8ef0fc1085103e537456bb49492e
AntiDebug AntiVM MSOffice File Code Injection Creates executable files exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
7
http://ww1.mibbpersonales.com/
http://ww1.mibbpersonales.com/px.gif?ch=1&rn=7.881361022005077
http://ww1.mibbpersonales.com/js/parking.2.103.1.js
http://ww1.mibbpersonales.com/_fd
http://ww1.mibbpersonales.com/px.gif?ch=2&rn=7.881361022005077
http://ww1.mibbpersonales.com/favicon.ico
https://www.google.com/adsense/domains/caf.js
|
6
www.mibbpersonales.com(173.208.96.43) - mailcious
ww1.mibbpersonales.com(199.59.243.222)
www.google.com(142.250.76.132)
173.208.96.43
142.250.66.100
199.59.243.222 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15562 |
2023-03-05 00:18
|
http://goodlifestylenews.com/w...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM JPEG Format MSOffice File PNG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
48
http://goodlifestylenews.com/wp-admin/st.php
http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt
https://goodlifestylenews.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
https://goodlifestylenews.com/wp-content/uploads/2023/03/71d0bf650c87aae2fd73040e5b223344167785051746305b8b18f646b4f71c166b4965c6dc0.4245130016778505175-150x150.jpg
https://goodlifestylenews.com/wp-content/plugins/wp-autonomous-rss-image-replace/public/css/wp-autonomous-rss-public.css?ver=1.0.0
https://www.google-analytics.com/g/collect?v=2&tid=G-WJJ5P9F2X8>m=45je3310&_p=695162601&cid=757410115.1677906160&ul=&sr=1365x1024&_s=1&sid=1677906159&sct=1&seg=0&dl=https%3A%2F%2Fgoodlifestylenews.com%2Fwp-admin%2Fst.php&dt=Page%20not%20found%20-%20Good%20Lifestyle%20News&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
https://goodlifestylenews.com/wp-includes/css/classic-themes.min.css?ver=1
https://fonts.gstatic.com/s/amaranth/v18/KtkuALODe433f0j1zMnFHdY.woff
https://fonts.googleapis.com/css?family=Amaranth&ver=6.1.1
https://goodlifestylenews.com/wp-content/plugins/wp-autonomous-rss-image-replace/public/js/wp-autonomous-rss-public.js?ver=1.0.0
https://goodlifestylenews.com/wp-content/themes/disruptpress/js/sticky-menu-primary.js?ver=1.0.0
https://ioadserve.com/siteAds/io_16397269aceea5/1215:2772:919/728/90/goodlifestylenews.com?853
https://fonts.googleapis.com/css?family=Play&ver=6.1.1
https://ioadserve.com/siteAds/io_1639726e4047c6/1215:2772:920/300/250/goodlifestylenews.com?438
https://goodlifestylenews.com/wp-content/plugins/recent-posts-widget-with-thumbnails/public.css?ver=7.1.1
https://goodlifestylenews.com/wp-content/themes/disruptpress/js/disruptpress.js?ver=1.0.0
https://goodlifestylenews.com/wp-content/uploads/2023/03/d88103de3cbd87063b3bbe3fb8e367fd1677849419c9c7d45d2a2f9eebd7bd2dd4200aadf90.9760940016778494182-150x150.jpg
https://goodlifestylenews.com/wp-includes/css/dashicons.min.css?ver=6.1.1
https://s3.amazonaws.com/iores/16356de3a38653
https://goodlifestylenews.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
https://goodlifestylenews.com/wp-content/themes/disruptpress/js/responsive-menu-config.js?ver=1.0.0
https://goodlifestylenews.com/wp-content/plugins/wp-spamshield/js/jscripts.php
https://goodlifestylenews.com/wp-content/themes/disruptpress/js/responsive-menu.js?ver=1.0.0
https://goodlifestylenews.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
https://www.googletagmanager.com/gtag/js?id=G-WJJ5P9F2X8
https://goodlifestylenews.com/wp-content/uploads/2023/03/7c9f6169a8514dd518fdab88bc8893a6167784933856a148351f1c5f72f1a79a442b463f810.3644220016778493381-150x150.jpg
https://goodlifestylenews.com/wp-content/uploads/2023/03/afb29c2f2f63d3efedd9c85bae9c4efb16778502995b91899ade82fd5a055dda853e3064bb0.0927060016778502994-150x150.jpg
https://goodlifestylenews.com/wp-content/uploads/2023/03/dd86179f770b94ab2f353572ebf409e4167784992785aced08cc430f995db7e895394618180.6925810016778499273-150x150.jpg
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css?ver=6.1.1
https://goodlifestylenews.com/wp-admin/st.php
https://ioadserve.com/siteAds/io_1639726ec54c85/1215:2772:921/300/250/goodlifestylenews.com?90
https://goodlifestylenews.com/wp-content/themes/disruptpress/bxslider/jquery.bxslider.min.js?ver=1.0.0
https://s3.amazonaws.com/iores/161d88ef90044b
https://goodlifestylenews.com/wp-content/plugins/wp-spamshield/js/jscripts-ftr-min.js
https://goodlifestylenews.com/wp-content/uploads/2023/03/1d7e388cb1e1b46ddac1a96883e8579516778505917f6c717d204932945f8d39b069d1a0b60.3955240016778505916-150x150.jpg
https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw7w.woff
https://goodlifestylenews.com/wp-content/uploads/disruptpress/style.css?ver=6.1.1
https://s3.amazonaws.com/iores/16356ddd6e75a2
https://goodlifestylenews.com/wp-content/themes/disruptpress/css/responsive-menu.css?ver=6.1.1
https://goodlifestylenews.com/wp-includes/fonts/dashicons.eot?99ac726223c749443b642ce33df8b800
https://fonts.googleapis.com/css?family=Ubuntu&ver=6.1.1
https://ioadserve.com/siteAds/io_1639726fbe86e1/1215:2772:923/300/250/goodlifestylenews.com?955
https://ioadserve.com/siteAds/io_1639726f2cacee/1215:2772:922/300/250/goodlifestylenews.com?9
https://goodlifestylenews.com/wp-content/themes/disruptpress/bxslider/jquery.bxslider.min.css?ver=6.1.1
https://ioadserve.com/siteAds.js
https://s3.amazonaws.com/iosite/dispi.png
https://goodlifestylenews.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
https://goodlifestylenews.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
|
26
www.googletagmanager.com(142.250.207.104)
forms.aweber.com(151.101.194.137)
fonts.googleapis.com(142.250.207.106)
ioadserve.com(34.197.163.17)
goodlifestylenews.com(104.21.30.61)
cooking.autonomoussites.com(46.4.98.170)
www.google-analytics.com(142.250.206.206)
fonts.gstatic.com(142.250.207.99)
cdnjs.cloudflare.com(104.17.24.14) - mailcious
images.unsplash.com(151.101.110.208)
cacerts.digicert.com(152.195.38.76)
s3.amazonaws.com(52.216.90.54) - malware
platform.twitter.com(192.229.237.25)
192.229.237.25
104.17.25.14
142.250.66.110
142.250.66.106
172.67.172.49
152.195.38.76
146.75.50.208
142.250.66.99
52.217.137.248
46.4.98.170
34.197.163.17
146.75.50.137
142.250.66.40
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15563 |
2023-03-05 00:17
|
http://212.192.241.91/login.ph...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
6.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15564 |
2023-03-05 00:17
|
http://212.192.241.220/login.p...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
212.192.241.220 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
6.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15565 |
2023-03-05 00:16
|
http://aaastyloff.xyz/cheque/h...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15566 |
2023-03-05 00:15
|
http://locandasolagna.xyz/dar/...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15567 |
2023-03-05 00:15
|
http://axz1.xyz/wv1/PvqDq929BS...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15568 |
2023-03-05 00:14
|
http://vietphatjsc.xyz/dumbo/d...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15569 |
2023-03-05 00:13
|
http://greenbazaar.xyz/blac/pa...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15570 |
2023-03-05 00:12
|
http://lushbb.xyz/sngtt/w2/Pvq...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|