Ransomfeed

CARD INFO

Dominio: flysaa.com
Registrar: Network Solutions, LLC
Motori AV recap
- Malevolo: 0
- Sospetto: 0
- Non rilevato: 29
- Innocuo: 65
Analisi Antivirus:

- Acronis: [harmless] clean
- 0xSI_f33d: [undetected] unrated
- Abusix: [harmless] clean
- ADMINUSLabs: [harmless] clean
- Axur: [undetected] unrated
- Criminal IP: [harmless] clean
- AILabs (MONITORAPP): [harmless] clean
- AlienVault: [harmless] clean
- alphaMountain.ai: [harmless] clean
- AlphaSOC: [undetected] unrated
- Antiy-AVL: [harmless] clean
- ArcSight Threat Intelligence: [undetected] unrated
- AutoShun: [undetected] unrated
- benkow.cc: [harmless] clean
- Bfore.Ai PreCrime: [undetected] unrated
- BitDefender: [harmless] clean
- Bkav: [undetected] unrated
- Blueliv: [harmless] clean
- Certego: [harmless] clean
- Chong Lua Dao: [harmless] clean
- CINS Army: [harmless] clean
- Cluster25: [undetected] unrated
- CRDF: [harmless] clean
- CSIS Security Group: [undetected] unrated
- Snort IP sample list: [harmless] clean
- CMC Threat Intelligence: [harmless] clean
- Cyan: [undetected] unrated
- Cyble: [harmless] clean
- CyRadar: [harmless] clean
- DNS8: [harmless] clean
- Dr.Web: [harmless] clean
- Ermes: [undetected] unrated
- ESET: [harmless] clean
- ESTsecurity: [harmless] clean
- EmergingThreats: [harmless] clean
- Emsisoft: [harmless] clean
- Forcepoint ThreatSeeker: [harmless] clean
- Fortinet: [harmless] clean
- G-Data: [harmless] clean
- GCP Abuse Intelligence: [undetected] unrated
- Google Safebrowsing: [harmless] clean
- GreenSnow: [harmless] clean
- Gridinsoft: [undetected] unrated
- Heimdal Security: [harmless] clean
- Hunt.io Intelligence: [undetected] unrated
- IPsum: [harmless] clean
- Juniper Networks: [harmless] clean
- Kaspersky: [harmless] clean
- Lionic: [harmless] clean
- Lumu: [undetected] unrated
- MalwarePatrol: [harmless] clean
- MalwareURL: [undetected] unrated
- Malwared: [harmless] clean
- Mimecast: [undetected] unrated
- Netcraft: [harmless] clean
- OpenPhish: [harmless] clean
- Phishing Database: [harmless] clean
- PhishFort: [undetected] unrated
- PhishLabs: [undetected] unrated
- Phishtank: [harmless] clean
- PREBYTES: [harmless] clean
- PrecisionSec: [undetected] unrated
- Quick Heal: [harmless] clean
- Quttera: [harmless] clean
- SafeToOpen: [undetected] unrated
- Sansec eComscan: [undetected] unrated
- Scantitan: [harmless] clean
- SCUMWARE.org: [harmless] clean
- Seclookup: [harmless] clean
- SecureBrain: [undetected] unrated
- SOCRadar: [harmless] clean
- Sophos: [harmless] clean
- Spam404: [harmless] clean
- StopForumSpam: [harmless] clean
- Sucuri SiteCheck: [harmless] clean
- ThreatHive: [harmless] clean
- Threatsourcing: [harmless] clean
- Trustwave: [undetected] unrated
- Underworld: [undetected] unrated
- URLhaus: [harmless] clean
- URLQuery: [undetected] unrated
- Viettel Threat Intelligence: [harmless] clean
- VIPRE: [undetected] unrated
- VX Vault: [harmless] clean
- ViriBack: [harmless] clean
- Webroot: [harmless] clean
- Yandex Safebrowsing: [harmless] clean
- ZeroCERT: [harmless] clean
- desenmascara.me: [harmless] clean
- malwares.com URL checker: [harmless] clean
- securolytics: [harmless] clean
- Xcitium Verdict Cloud: [harmless] clean
- zvelo: [undetected] unrated
- ZeroFox: [undetected] unrated

Motori che NON classificano il dominio come harmless:

- 0xSI_f33d: undetected (unrated)
- Axur: undetected (unrated)
- AlphaSOC: undetected (unrated)
- ArcSight Threat Intelligence: undetected (unrated)
- AutoShun: undetected (unrated)
- Bfore.Ai PreCrime: undetected (unrated)
- Bkav: undetected (unrated)
- Cluster25: undetected (unrated)
- CSIS Security Group: undetected (unrated)
- Cyan: undetected (unrated)
- Ermes: undetected (unrated)
- GCP Abuse Intelligence: undetected (unrated)
- Gridinsoft: undetected (unrated)
- Hunt.io Intelligence: undetected (unrated)
- Lumu: undetected (unrated)
- MalwareURL: undetected (unrated)
- Mimecast: undetected (unrated)
- PhishFort: undetected (unrated)
- PhishLabs: undetected (unrated)
- PrecisionSec: undetected (unrated)
- SafeToOpen: undetected (unrated)
- Sansec eComscan: undetected (unrated)
- SecureBrain: undetected (unrated)
- Trustwave: undetected (unrated)
- Underworld: undetected (unrated)
- URLQuery: undetected (unrated)
- VIPRE: undetected (unrated)
- zvelo: undetected (unrated)
- ZeroFox: undetected (unrated)

Analisi DNS

- Tipo: MX, Valore: za-smtp-inbound-1.mimecast.co.za
- Tipo: TXT, Valore: apple-domain-verification=bJjclwopgRlRvS3j8dWB86cNraVfcqkdmCvIPZRXnEQ
- Tipo: NS, Valore: nsacc0z01.ipnetwork.co.za
- Tipo: NS, Valore: nsjia0z01.ipnetwork.co.za
- Tipo: MX, Valore: za-smtp-inbound-2.mimecast.co.za
- Tipo: TXT, Valore: v=spf1 include:za._netblocks.mimecast.com include:_spf.enem.nl a:mail.travelnet.co.za include:spf.mandrillapp.com ip4:82.150.225.79 ip4:167.89.94.132 ip4:171.17.133.140 include:SA-spf.email15.net include:spf.mailjet.com include:_relay.amadeus.com -all
- Tipo: NS, Valore: nsjia0z02.ipnetwork.co.za
- Tipo: TXT, Valore: google-site-verification=lGbxQK7pOO2uegZEkIGIzx3__s9WPnf4w5PeqjN-lCk
- Tipo: SOA, Valore: fwljia0z01.ipnetwork.co.za.flysaa.com
- Tipo: NS, Valore: nsfcc0z01.ipnetwork.co.za
- Tipo: TXT, Valore: MS=ms63743316
- Tipo: TXT, Valore: ZLzVlo5mBIxnBCIYL9uaP9mSgCUCi8YxZJuKQ+l+0HwbVYJUwOT3L5dcSc/h35KVvgomgdYFL4NEclJsTnPflw==

Certificato HTTPS

- Emesso da: Entrust OV TLS Issuing RSA CA 2
- Intestato a: www.flysaa.com
- Valido dal: 2025-02-26 00:00:00
- Valido fino al: 2026-02-26 23:59:59
- Algoritmo firma: RSA
- Versione: V3
- Serial number: 9c6f7cdfc6e9a3e5d86f1ff6e8fd667f

LEAKS NOTI e MALWARE Raw data by HudsonRock
Summary
🧠 Dispositivi infetti: 861
🌐 Utenti compromessi: 834
🧑‍💼 Utenti aziendali compromessi: 27
🔑 Password aziendali esposte: 87
🔑 Password users esposte: 1382
🧬 Stealer family e conteggio

RedLine: 604
Generic Stealer: 170
Lumma: 272
Raccoon: 178
StealC: 132
Vidar: 66
Azorult: 62
UNKNOWN: 8
CRYPTBOT: 6
Mystic: 4
Taurus: 2
KPOT: 2
Ficker: 2

🏢 Utenze aziendali compromesse (link/conteggio)

https://adfs.flysaa.com/adfs/ls: 26
https://mymail.flysaa.com/owa/auth/logon.aspx: 17
https://adfs.flysaa.com/adfs/ls/: 13
https://saaappsonline.flysaa.com/vpn/index.html: 11
https://mysaaintranet.flysaa.com: 4
https://••••.flysaa.com: 3
https://••••.flysaa.com/: 3
http://••••••••.flysaa.com/: 2
https://••••••.flysaa.com/•••/••••/•••••.••••: 2
http://•••••••••••••.flysaa.com: 1
http://••••••••.flysaa.com: 1
https://•••••.flysaa.com/•••••/•••••••••••••••••••-••%••%••*/!••••••••: 1
https://••••••.flysaa.com/•••/••••.•••: 1
http://••••••••.flysaa.com: 0

🔐 Utenze users compromesse

🛡️ Antivirus rilevati

Not Found: 7
Disabled: 1
McAfee VirusScan: 1
Windows Defender: 8
McAfee Firewall: 1