Most Common New Infections
Malware samples identified on the greatest count of newly infected sites.
MD5 |
Signature |
Description |
Example File Names |
C62180F0D626D92E29E83778605DD8BE |
Suspicious:PHP/eval_exit.92 |
Obfuscated PHP backdoor. |
4O4.php, file.php, i.php, and others. |
048648D9755220E727E7E0178837F7BF |
Backdoor:PHP/561C.110 |
PHP script which generates and executes a malicious binary. |
amp3.php, sib.php, wpfunck.php, and others. |
BF3A65A77DA363AC779A2C45FD2DA2FF |
Suspicious:PHP/eval_exit.92 |
Obfuscated PHP backdoor. |
common_config.php |
C2CC3D90B67A9D6C7DF738A8CD8661C7 |
Suspicious:PHP/eval_exit.92 |
Obfuscated PHP backdoor. |
101.gone.php, 412.client.php, 423.508.php, and others. |
B668082D43031F87B43A3B3ED173B518 |
Backdoor:PHP/561C.110 |
Obfuscated WSO webshell. |
post_controller.php |
IPs Attacking Most Sites
Rank |
Prev. |
IP Address |
ASN |
Country |
1 |
9 |
5.8.47.2 |
50896 (Trusov Ilya Igorevych) |
PL |
2 |
7 |
96.44.140.110 |
8100 (QuadraNet Enterprises LLC) |
US |
3 |
5 |
72.11.140.134 |
8100 (QuadraNet Enterprises LLC) |
US |
4 |
2 |
96.44.141.102 |
8100 (QuadraNet Enterprises LLC) |
US |
5 |
3 |
66.212.31.198 |
8100 (QuadraNet Enterprises LLC) |
US |
6 |
4 |
72.11.140.155 |
8100 (QuadraNet Enterprises LLC) |
US |
7 |
|
167.71.220.178 |
14061 (DigitalOcean, LLC) |
SG |
8 |
6 |
72.11.141.126 |
8100 (QuadraNet Enterprises LLC) |
US |
9 |
8 |
72.11.141.54 |
8100 (QuadraNet Enterprises LLC) |
US |
10 |
10 |
35.226.130.240 |
15169 (Google LLC) |
US |
New Tracked Domains
Domain Name |
Date Added |
Current Status |
Notes |
hajoopteg.com |
08/13/2019 |
Up |
Associated with malvertising campaign. |
donaldbluepage.icu |
08/13/2019 |
Up |
Associated with malvertising campaign. |
nebulas.biz |
08/13/2019 |
Up |
Associated with malvertising campaign. |
download1.club |
08/13/2019 |
Up |
Associated with malvertising campaign. |
Subscribe To The Wordfence Weekly