Report Overview
Visitedpublic
2023-12-04 13:43:18
Tags
Submit Tags
URL
yourthailand.net/new-hrserv-dll-web-shell-detected-in-apt-attack-targeting-afghan-government/?utm_source=rss&utm_medium=rss&utm_campaign=new-hrserv-dll-web-shell-detected-in-apt-attack-targeting-afghan-government
Finishing URL
yourthailand.net/new-hrserv-dll-web-shell-detected-in-apt-attack-targeting-afghan-government/?utm_source=rss&utm_medium=rss&utm_campaign=new-hrserv-dll-web-shell-detected-in-apt-attack-targeting-afghan-government
IP / ASN
172.67.212.85
Title
New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government - YourThailand.Net
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
secure.gravatar.com | 1671 | 2004-07-15 | 2012-05-22 07:36:38 | 2023-12-04 05:24:12 | 450 B | 4.2 kB | 192.0.73.2 | |
www.gstatic.com | unknown | 2008-02-11 | 2016-07-26 11:37:06 | 2023-12-04 06:22:54 | 3.4 kB | 986 kB | 142.250.74.35 | |
www.paypalobjects.com | 1467 | 2005-05-12 | 2012-05-30 08:40:21 | 2023-12-03 22:54:44 | 1.4 kB | 3.4 kB | 192.229.221.25 | |
cdnjs.buymeacoffee.com | 85897 | 2015-02-06 | 2019-11-18 18:33:49 | 2023-12-02 20:56:36 | 436 B | 8.8 kB | 172.67.75.15 | |
cdn0.agoda.net | 73955 | 2002-01-25 | 2013-04-10 18:10:16 | 2023-11-27 13:01:56 | 1.5 kB | 261 kB |  23.38.200.240 | |
www.google.com | 7 | 1997-09-15 | 2015-05-10 13:11:19 | 2023-11-19 18:48:38 | 2.9 kB | 72 kB | 142.250.74.132 | |
cdn.buymeacoffee.com | 80728 | 2015-02-06 | 2019-09-13 10:08:00 | 2023-12-03 00:23:02 | 1.5 kB | 30 kB | 104.26.2.199 | |
www.paypal.com | 2583 | 1999-07-15 | 2012-05-21 15:22:43 | 2023-12-03 19:32:35 | 458 B | 1.4 kB | 151.101.129.21 | |
cdn.sedo.com | 127126 | 1998-09-11 | 2015-07-22 13:15:22 | 2023-12-03 02:32:26 | 989 B | 101 kB |  104.16.140.114 | |
static.addtoany.com | 4091 | 2006-03-10 | 2012-05-21 14:58:18 | 2023-12-04 10:31:10 | 2.8 kB | 153 kB | 172.67.39.148 | |
yourthailand.net | unknown | unknown | No data | No data | 41 kB | 2.0 MB | 172.67.212.85 | |
sherpa.agoda.com | 285237 | 2004-03-16 | 2017-04-18 21:42:20 | 2023-11-28 03:29:33 | 4.0 kB | 324 kB |  103.200.108.61 | |
fonts.gstatic.com | unknown | 2008-02-11 | 2014-09-09 02:40:21 | 2023-12-04 06:26:24 | 523 B | 16 kB | 216.58.207.227 | |
hkg-gc-staging.agoda.local 4 alert(s) on this Host | 304956 | unknown | No data | No data | 2.2 kB | 0 B | 0.0.0.0 | |
fonts.googleapis.com | 8877 | 2005-01-25 | 2013-06-10 22:14:26 | 2023-12-04 06:42:16 | 657 B | 28 kB | 142.250.74.170 | |
www.googletagmanager.com | 75 | 2011-11-11 | 2013-05-22 04:07:37 | 2023-12-04 07:58:24 | 3.1 kB | 756 kB | 142.250.74.168 | |
cdn6.agoda.net | 61838 | 2002-01-25 | 2017-01-30 08:10:05 | 2023-11-19 23:10:13 | 531 B | 53 kB | 23.38.200.240 | |
static.cloudflareinsights.com | 1294 | 2019-08-30 | 2019-09-24 16:34:56 | 2023-12-04 06:35:54 | 508 B | 7.7 kB | 104.16.57.101 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
No alerts detected
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2023-12-04 | medium | hkg-gc-staging.agoda.local | Sinkholed |
| 2023-12-04 | medium | hkg-gc-staging.agoda.local | Sinkholed |
| 2023-12-04 | medium | hkg-gc-staging.agoda.local | Sinkholed |
| 2023-12-04 | medium | hkg-gc-staging.agoda.local | Sinkholed |
ThreatFox
No alerts detected
JavaScript (87)
No JavaScripts
HTTP Transactions (109)
| URL | IP | Response | Size |
|---|