Most Common New Infections
Malware samples identified on the greatest count of newly infected sites.
MD5 |
Signature |
Description |
Example File Names |
CEC9A529B43D84F0A0E3624372CD9C51 |
Backdoor:PHP/WP-VCD.5409 |
Infected core file, triggers execution of another malicious script. |
post.php |
75234791B9CA71A16FC8432BE4F6A5D0 |
Backdoor:PHP/wp-vcd.5476 |
Backdoor associated with SEO spam injections. |
wp-vcd.php |
CBF518A7A6722D9C7A9086E57E062737 |
Backdoor:PHP/wp-vcd.5476 |
Backdoor associated with SEO spam injections. |
wp-vcd.php |
380FA777B8C37FB60811E5972391261B |
Suspicious:PHP/evalB64.4068 |
WebShellOrb PHP webshell. |
wp-update.php, ob.php, aw.php, and others. |
3F60851C9F7E37C0D8817101D2212C68 |
Suspicious:PHP/evalB64.4068 |
Obfuscated PHP backdoor. |
number.php, hour.php, country.php, and others. |
IPs Attacking Most Sites
Rank |
Prev. |
IP Address |
ASN |
Country |
1 |
3 |
84.246.231.100 |
35393 (CTS Computers and Telecommunications Systems SAS) |
ES |
2 |
8 |
217.182.95.250 |
16276 (OVH SAS) |
FR |
3 |
— |
34.67.197.193 |
15169 (Google LLC) |
US |
4 |
— |
34.219.38.243 |
16509 (Amazon.com, Inc.) |
US |
5 |
— |
178.128.193.158 |
14061 (DigitalOcean, LLC) |
DE |
6 |
6 |
192.99.38.186 |
16276 (OVH SAS) |
CA |
7 |
— |
132.148.19.69 |
26496 (GoDaddy.com, LLC) |
US |
8 |
— |
37.122.209.28 |
20738 (Host Europe GmbH) |
GB |
9 |
— |
195.114.211.98 |
57286 (Gigas Hosting S.A.) |
ES |
10 |
— |
153.126.194.159 |
7684 (SAKURA Internet Inc.) |
JP |
New Tracked Domains
Domain Name |
Date Added |
Current Status |
Notes |
quahotluon.com |
08/31/2019 |
Up |
Hosting malicious scripts referenced in malware samples. |
phimmoinhat.online |
08/31/2019 |
Up |
Hosting malicious scripts referenced in malware samples. |
Subscribe To The Wordfence Weekly