| 15586 |
2023-03-05 00:03
|
http://huxere.xyz/gb2pnjsjcs/l...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
huxere.xyz(18.196.90.94) - malware
18.196.90.94
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15587 |
2023-03-05 00:03
|
http://ijtre.com/ldxdbr.php
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM JPEG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
49
http://ijtre.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
http://ijtre.com/wp-content/themes/academix/assets/js/main.js?ver=1.0.0
http://ijtre.com/wp-content/plugins/kingcomposer/assets/css/animate.css?ver=2.9.6
http://ijtre.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
http://ijtre.com/wp-content/themes/academix/assets/js/bootstrap.min.js?ver=3.3.2
http://ijtre.com/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9.6
http://ijtre.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.8.4
http://ijtre.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1
http://ijtre.com/wp-content/themes/academix/assets/js/jquery.meanmenu.js?ver=2.0.8
http://ijtre.com/wp-content/themes/academix/assets/css/ionicons.min.css?ver=2.9.6
http://ijtre.com/wp-content/themes/academix/assets/css/animate.min.css?ver=1.0.0
http://ijtre.com/wp-content/themes/academix/assets/js/bootstrap-dropdownhover.min.js?ver=1.0.0
http://ijtre.com/wp-includes/css/classic-themes.min.css?ver=1
http://ijtre.com/wp-content/plugins/academix-core/assets/js/hammer.min.js?ver=20181415
http://ijtre.com/wp-content/plugins/academix-core/assets/js/shortcode.main.js?ver=20181416
http://ijtre.com/ldxdbr.php
http://ijtre.com/wp-content/plugins/academix-core/assets/css/sequence-theme.basic.min.css?ver=6.1.1
http://ijtre.com/wp-content/plugins/kingcomposer/assets/css/icons.css?ver=2.9.6
http://ijtre.com/wp-content/plugins/academix-core/assets/js/ekko-lightbox.min.js?ver=20181415
http://ijtre.com/wp-content/themes/academix/assets/css/meanmenu.css?ver=2.0.7
http://ijtre.com/wp-content/uploads/redux/custom-fonts/fonts.css?ver=1677941344
http://ijtre.com/wp-content/themes/academix/assets/css/bootstrap.min.css?ver=3.3.2
http://ijtre.com/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001
http://ijtre.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
http://ijtre.com/wp-content/plugins/academix-core/assets/css/ekko-lightbox.min.css?ver=6.1.1
http://ijtre.com/wp-content/themes/academix/assets/css/bootstrap-dropdownhover.min.css?ver=1.0.0
http://ijtre.com/wp-content/plugins/kingcomposer/assets/frontend/css/kingcomposer.min.css?ver=2.9.6
http://ijtre.com/wp-content/plugins/jetpack/modules/contact-form/js/form-styles.js?ver=11.8.4
http://ijtre.com/wp-content/plugins/academix-core/assets/js/sequence.min.js?ver=20181415
http://ijtre.com/wp-content/themes/academix/assets/css/ionicons.min.css?ver=2.0.0
http://ijtre.com/wp-content/themes/academix/assets/css/main.css?ver=1.0.0
http://ijtre.com/wp-content/themes/academix/style.css?ver=1.2.1
http://ijtre.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
http://ijtre.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
http://ijtre.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
https://academix.wpcolorlab.com/wp-content/themes/academix/assets/img/footer_bg.jpg
https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM73w3aXw.woff
https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXw.woff
https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff
https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw3aXw.woff
https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff
https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw3aXw.woff
https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4uaVQ.woff
https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVQ.woff
https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVQ.woff
https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM73w5aXw.woff
https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%2C700%7COpen+Sans%3A300%2C400%2C400italic%2C600%2C700&subset=latin%2Clatin-ext
https://fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV4exg.woff
https://fonts.googleapis.com/css?family=Montserrat:400,700%7COpen%20Sans:400&display=swap&ver=1648563193
|
12
ijtre.com(103.21.59.7)
fonts.googleapis.com(142.250.207.106)
i0.wp.com(192.0.77.2)
academix.wpcolorlab.com(172.67.161.183)
fonts.gstatic.com(142.250.207.99)
stats.wp.com(192.0.76.3)
142.251.220.10
172.217.27.35
192.0.77.2 - mailcious
103.21.59.7 - mailcious
192.0.76.3
172.67.161.183
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15588 |
2023-03-05 00:03
|
http://www.vasterviksstenhugge...
AntiDebug AntiVM JPEG Format MSOffice File PNG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
http://www.vasterviksstenhuggeri.se/wp-content/plugins/rqwuzl/vfetdmtvfb.php
|
4
apps.identrust.com(23.216.159.9)
www.vasterviksstenhuggeri.se(46.28.147.132)
46.28.147.132
23.216.159.9
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15589 |
2023-03-05 00:01
|
http://firenzelavori.lt/loki/P...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
firenzelavori.lt() - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15590 |
2023-03-05 00:00
|
http://ipmedia.info/roc/PL341/...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
ipmedia.info(99.83.154.118)
99.83.154.118 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15591 |
2023-03-05 00:00
|
http://begadi.ga/chud/PvqDq929...
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
1
|
3
ET INFO DNS Query for Suspicious .ga Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15592 |
2023-03-04 23:57
|
http://akmos.com.br/wp-admin/s...
AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
70
http://akmos.com.br/wp-includes/js/wp-embed.min.js?ver=5.8.6
http://akmos.com.br/wp-content/plugins/agile-store-locator/public/js/asl_libs.min.js?ver=1.2.9
http://akmos.com.br/wp-content/themes/akmos/public/dist/css/main.css
http://akmos.com.br/wp-content/plugins/squirrly-seo/view/assets/css/frontend.min.css?ver=12.1.13
http://akmos.com.br/wp-content/themes/akmos/public/src/img/logo-flow.svg
http://akmos.com.br/wp-content/themes/akmos/public/dist/assets/icons/angle-down.svg
http://akmos.com.br/wp-admin/send.php
http://akmos.com.br/wp-content/themes/akmos/public/src/img/angle-down-footer.svg
http://akmos.com.br/wp-includes/css/dist/block-library/style.min.css?ver=5.8.6
http://maps.googleapis.com/maps/api/js?libraries=places,drawing&key=AIzaSyBUOs3XNcOnNfn7tuS9QxGYBxHduywIoQk&language=PT®ion=BR
http://akmos.com.br/wp-content/themes/akmos/public/dist/js/utils/swiper.min.js
http://maps.googleapis.com/maps-api-v3/api/js/52/3a/intl/pt_ALL/util.js
http://akmos.com.br/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1
http://akmos.com.br/cdn-cgi/apps/head/WufHrCnYY-aYJnvVplyck9v8w6I.js
http://akmos.com.br/wp-content/themes/akmos/public/dist/js/toggleContainerLinks.js
http://akmos.com.br/wp-includes/js/wp-emoji-release.min.js?ver=5.8.6
http://akmos.com.br/wp-content/themes/akmos/public/dist/js/toggleContent.js
http://akmos.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
http://akmos.com.br/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
http://akmos.com.br/cdn-cgi/apps/body/EagOuDc87XHysw_kt1BbkY4scpc.js
http://akmos.com.br/wp-content/plugins/agile-store-locator/public/css/asl.css?ver=1.2.9
http://akmos.com.br/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.15
http://akmos.com.br/wp-content/plugins/agile-store-locator/public/css/all-css.min.css?ver=1.2.9
http://maps.googleapis.com/maps-api-v3/api/js/52/3a/intl/pt_ALL/common.js
http://akmos.com.br/wp-content/themes/akmos/public/dist/js/index.js
http://akmos.com.br/wp-content/plugins/agile-store-locator/public/css/asl_responsive.css?ver=1.2.9
https://akmos.com.br/wp-content/uploads/2021/01/youtube.svg
https://akmos.com.br/wp-content/uploads/2021/01/insta.svg
https://akmos.com.br/wp-content/uploads/2021/01/face.svg
https://akmos.com.br/wp-content/uploads/2021/01/logo-akmos.png
https://www.google.co.kr/pagead/1p-user-list/11020849332/?random=1677906154340&cv=11&fst=1677906000000&bg=ffffff&guid=ON&async=1>m=45je3310&u_w=1365&u_h=1024&frm=0&url=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php&tiba=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Akmos&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3352046358&rmt_tld=1&ipr=y
https://analytics.google.com/g/collect?v=2&tid=G-Q5FTSD9YJ3>m=45je3310&_p=394153486&cid=1987150333.1677906154&ul=&sr=1365x1024&_s=3&sid=1677906155&sct=1&seg=0&dl=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php&dt=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Akmos&en=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11020849332/?random=1677906154340&cv=11&fst=1677906154340&bg=ffffff&guid=ON&async=1>m=45je3310&u_w=1365&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php&tiba=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Akmos&auid=2009009962.1677906147&data=event%3Dgtag.config&rfmt=3&fmt=4
https://static.addtoany.com/menu/svg/icons.31.svg.js
https://www.google.com/pagead/1p-user-list/11020849332/?random=1677906154340&cv=11&fst=1677906000000&bg=ffffff&guid=ON&async=1>m=45je3310&u_w=1365&u_h=1024&frm=0&url=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php&tiba=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Akmos&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3352046358&rmt_tld=0&ipr=y
https://www.googletagmanager.com/gtag/js?id=UA-168601396-1&l=dataLayer&cx=c
https://www.google-analytics.com/analytics.js
https://akmos.com.br/wp-content/uploads/2021/01/cropped-horizontal.png
https://analytics.google.com/g/collect?v=2&tid=G-Q5FTSD9YJ3>m=45je3310&_p=394153486&_gaz=1&cid=1987150333.1677906154&ul=&sr=1365x1024&_s=1&sid=1677906155&sct=1&seg=0&dl=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php&dt=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Akmos&en=page_view&_fv=1&_ss=1
https://akmos.com.br/wp-content/uploads/2021/06/produto.png
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9V1g.woff
https://connect.facebook.net/en_US/fbevents.js
https://www.googletagmanager.com/gtag/js?id=G-2435QCVXTT
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7V1g.woff
https://analytics.google.com/g/collect?v=2&tid=G-Q5FTSD9YJ3>m=45je3310&_p=394153486&cid=1987150333.1677906154&ul=&sr=1365x1024&_s=2&sid=1677906155&sct=1&seg=0&dl=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php&dt=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Akmos&en=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php
https://akmos.com.br/wp-content/uploads/2021/06/aureadele.png
https://www.googletagmanager.com/gtag/js?id=UA-248946300-1
https://akmos.com.br/wp-content/uploads/2021/01/flickr.svg
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-Q5FTSD9YJ3&cid=1987150333.1677906154>m=45je3310&aip=1
https://analytics.google.com/g/collect?v=2&tid=G-2435QCVXTT>m=45je3310&_p=394153486&cid=1987150333.1677906154&ul=&sr=1365x1024&_s=2&sid=1677906154&sct=1&seg=0&dl=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php&dt=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Akmos&en=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php
https://static.addtoany.com/menu/page.js
https://www.googletagmanager.com/gtm.js?id=GTM-TBHMW43
https://akmos.com.br/wp-content/uploads/2021/01/clinical-img.jpg
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8V1g.woff
https://akmos.com.br/wp-content/uploads/2021/01/health-and-wellness-img.jpg
https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300;400;600&family=Poppins:wght@300;400;500;700;900&display=swap
https://www.google.co.kr/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q5FTSD9YJ3&cid=1987150333.1677906154>m=45je3310&aip=1&z=1292408864
https://akmos.com.br/wp-content/uploads/2021/01/make-up-img.jpg
https://www.googletagmanager.com/gtag/js?id=G-2435QCVXTT&l=dataLayer&cx=c
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLBT5V1g.woff
https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrFJM.woff
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2435QCVXTT&cid=1987150333.1677906154>m=45je3310&aip=1
https://unpkg.com/swiper@6.4.5/swiper-bundle.min.css
https://static.addtoany.com/menu/eso.26680508.js
https://akmos.com.br/wp-content/uploads/2021/01/outlet-img.jpg
https://www.googletagmanager.com/gtag/js?id=G-Q5FTSD9YJ3&l=dataLayer&cx=c
https://akmos.com.br/wp-content/uploads/2021/06/4k.png
https://static.addtoany.com/menu/sm.24.html
https://analytics.google.com/g/collect?v=2&tid=G-2435QCVXTT>m=45je3310&_p=394153486&_gaz=1&cid=1987150333.1677906154&ul=&sr=1365x1024&_s=1&sid=1677906154&sct=1&seg=0&dl=http%3A%2F%2Fakmos.com.br%2Fwp-admin%2Fsend.php&dt=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Akmos&en=page_view&_fv=1&_ss=1
https://www.google.co.kr/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2435QCVXTT&cid=1987150333.1677906154>m=45je3310&aip=1&z=806198580
|
30
www.googletagmanager.com(142.250.207.104)
wchat.freshchat.com(76.223.64.65)
www.google.com(142.250.206.228)
akmos.com.br(172.67.70.77)
static.addtoany.com(172.67.39.148)
fonts.googleapis.com(142.250.207.106)
unpkg.com(104.16.123.175)
maps.googleapis.com(142.250.207.106)
stats.g.doubleclick.net(142.250.157.156)
www.google-analytics.com(142.250.76.142)
connect.facebook.net(157.240.215.14)
fonts.gstatic.com(142.250.207.99)
googleads.g.doubleclick.net(142.250.206.226)
www.google.co.kr(142.250.76.131)
analytics.google.com(172.217.25.174)
142.251.170.155
172.67.39.148
172.217.25.4 - suspicious
104.16.122.175
142.250.66.131
31.13.82.7
142.250.66.35
142.250.204.136
104.26.9.27
76.223.64.65
216.239.34.181
172.217.24.238
172.217.24.234
172.217.25.2
142.251.220.106
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15593 |
2023-03-04 23:57
|
http://esdemaayekkabi.xyz/e/pa...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15594 |
2023-03-04 23:56
|
http://favfav.xyz/fav/panel/ad...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
1
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15595 |
2023-03-04 23:55
|
http://fombis.com/alexus.php 5e22ee9c278ffdbf727442dab8ce6e33
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://fombis.com/alexus.php
|
4
www.hugedomains.com(172.67.70.191)
fombis.com(3.130.253.23)
104.26.7.37
3.140.13.188 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15596 |
2023-03-04 23:54
|
http://octvt.xyz/V3/five/PvqDq...
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15597 |
2023-03-04 23:52
|
http://electsave.me/Panel/inst...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15598 |
2023-03-04 23:52
|
http://www.vccivadodara.org/do...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://www.vccivadodara.org/documents/cconfig.php
|
2
www.vccivadodara.org(172.104.160.47)
172.104.160.47
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15599 |
2023-03-04 23:51
|
http://www.mailorderupgrade.xy...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
www.mailorderupgrade.xyz()
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15600 |
2023-03-04 23:50
|
http://www.firepulsesports.com...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://www.firepulsesports.com/wp-content/uploads/2019/10/Source.php
|
2
www.firepulsesports.com(107.180.46.212) - malware
107.180.46.212 - malware
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|