Most Common New Infections
Malware samples identified on the greatest count of newly infected sites.
MD5 |
Signature |
Description |
Example File Names |
CEC9A529B43D84F0A0E3624372CD9C51 |
Backdoor:PHP/WP-VCD.5409 |
Infected core file, triggers execution of another malicious script. |
post.php |
7D9A88B33CD777B0949A3033512C1D08 |
Backdoor:PHP/wp-vcd.5476 |
Backdoor associated with SEO spam injections. |
wp-vcd.php |
3F60851C9F7E37C0D8817101D2212C68 |
Suspicious:PHP/eval_b64.1 |
Obfuscated PHP backdoor. |
-h7h0pfixp7.phpP, 01nbgrzyxu.php, 05hyfj1bf8.php, and others. |
701CB9E0ACF43569D3C539B073DAAF2F |
Spam:PHP/oclasinsert.5483 |
SEO spam code injector. |
wp-tmp.php |
380FA777B8C37FB60811E5972391261B |
Suspicious:PHP/evalB64.4068 |
WebShellOrb PHP webshell. |
wp-update.php, ob.php, aw.php, and others. |
IPs Attacking Most Sites
Rank |
Prev. |
IP Address |
ASN |
Country |
1 |
8 |
178.128.193.158 |
14061 (DigitalOcean, LLC) |
DE |
2 |
4 |
165.227.48.147 |
14061 (DigitalOcean, LLC) |
US |
3 |
— |
149.202.215.42 |
16276 (OVH SAS) |
FR |
4 |
5 |
192.99.38.186 |
16276 (OVH SAS) |
CA |
5 |
— |
213.128.89.176 |
42926 (Radore Veri Merkezi Hizmetleri A.S.) |
TR |
6 |
10 |
217.182.95.250 |
16276 (OVH SAS) |
FR |
7 |
— |
153.126.194.159 |
7684 (SAKURA Internet Inc.) |
JP |
8 |
— |
139.59.116.30 |
14061 (DigitalOcean, LLC) |
SG |
9 |
— |
198.27.69.176 |
16276 (OVH SAS) |
CA |
10 |
9 |
159.203.86.82 |
14061 (DigitalOcean, LLC) |
US |
New Tracked Domains
Domain Name |
Date Added |
Current Status |
Notes |
6tws.us |
09/26/2019 |
Up |
Several subdomains referenced in malware samples. |
belaterbewasthere.com |
09/27/2019 |
Up |
Associated with malvertising campaign. |
createrelativechanging.com |
09/28/2019 |
Up |
Associated with malvertising campaign. |
Subscribe To The Wordfence Weekly