Most Common New Infections
Malware samples identified on the greatest count of newly infected sites.
MD5 |
Signature |
Description |
Example File Names |
CEC9A529B43D84F0A0E3624372CD9C51 |
Backdoor:PHP/WP-VCD.5409 |
Infected core file, triggers execution of another malicious script. |
post.php |
380FA777B8C37FB60811E5972391261B |
Suspicious:PHP/eval_b64.1 |
WebShellOrb PHP webshell. |
.colors-rtl.php, .lapan.php, .wsa.php, and others. |
CBF518A7A6722D9C7A9086E57E062737 |
Backdoor:PHP/WP-VCD.5476 |
Backdoor associated with SEO spam injections. |
wp-vcd.php |
C62180F0D626D92E29E83778605DD8BE |
Suspicious:PHP/eval_exit.92 |
Obfuscated PHP backdoor. |
4O4.php, file.php, i.php, and others. |
3F60851C9F7E37C0D8817101D2212C68 |
Suspicious:PHP/eval_b64.1 |
Obfuscated PHP backdoor. |
-h7h0pfixp7.phpP, 01nbgrzyxu.php, 05hyfj1bf8.php, and others. |
IPs Attacking Most Sites
Rank |
Prev. |
IP Address |
ASN |
Country |
1 |
— |
217.182.94.214 |
16276 (OVH SAS) |
FR |
2 |
— |
139.198.0.135 |
4808 (China Unicom Beijing Province Network) |
CN |
3 |
— |
167.99.57.138 |
14061 (DigitalOcean, LLC) |
US |
4 |
— |
51.89.224.145 |
16276 (OVH SAS) |
GB |
5 |
— |
91.134.154.170 |
16276 (OVH SAS) |
FR |
6 |
— |
15.188.83.79 |
16509 (Amazon.com, Inc.) |
FR |
7 |
— |
35.235.101.70 |
15169 (Google LLC) |
US |
8 |
— |
193.106.30.99 |
50297 (Infium, UAB) |
UA |
9 |
— |
74.208.27.141 |
8560 (1&1 Internet SE) |
US |
10 |
3 |
34.67.197.193 |
15169 (Google LLC) |
US |
New Tracked Domains
Domain Name |
Date Added |
Current Status |
Notes |
wiilberedmodels.com |
09/04/2019 |
Up |
Hosting malicious scripts referenced in malware samples. |
js.wiilberedmodels.com |
09/06/2019 |
Up |
Hosting malicious scripts referenced in malware samples. |
Subscribe To The Wordfence Weekly