Bad Opsec: xcazanova -> thetoxichydra -> utoxic

Bad Opsec: xcazanova - thetoxichydra - utoxic
Utoxic is very likely xcazanova, or at minimum very close to him based on the evidence I will show. A leopard don’t change its spots.
Read more →

Spoofed 404s

Spoofed 404s
Should you trust the HTTP response code when analyzing access logs for suspicious traffic?
Read more →

MAGECART GROUP 12: toolser.pw skimmer

MAGECART GROUP 12: toolser.pw skimmer
This PHP code injection is used to selectively inject the JavaScript skimmer that is loaded from toolser.pw (recently had been using pathc.space).
Read more →

wss://hotjar[.]info skimmer

wss://hotjar[.]info skimmer
A twist on the old ‘analytics code’ camouflage used by some skimmers to evade detection.
Read more →

WordPress Injection Exfiltrates Admin Login

WordPress Injection Exfiltrates Admin Login
wp-login.php injection silently exfiltrates a victim’s username and password back to the attacker’s server.
Read more →
Disclaimer: The research posted on this website is for information purposes only. Do not use it for illegal purposes.