IOC Radar
DomainMediumSignal 79/100

pushcg.com

Location
United StatesUnited States
First Seen
Jan 11, 2025
Last Seen
Jun 6, 2026
Jan 11
First Seen
517d ago
Jun 6
Last Seen
7d ago
9
Reports
source reports
79%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

49 techniques

Feed Intelligence Summary

9 reports79% confidence
9
Source reports
79%
Confidence score
Category tags
account compromiseactive scanactive scanningaddressawsazurebackdoorbl networksbotnetbotnet activitybrute forcec2 ipcgi globalchrome updateclick-based attackcloud infrastructurecommand & controlcommand and controlcommand executioncompromised websitecredential accesscredential harvestingcredential stuffingcredential theftcybercxdata encryptiondata exfiltrationdata store exposuredistributed attacksencryptionexploitation activityextortionfake googlefigurefornex hostingftp brute forcefuturegoogle chromehashesheadless browserheadless browser automationhttp brute forceidentity & access exploitationindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjected linkinjected linksinjection activityinsiktinsikt groupinterlockit infrastructurejavascript injectionlandupdate808limitedmalicious linksmalicious pluginmalicious pluginsmalicious powershell activitymalicious softwaremalvertisingmalwaremalware injectionmanualmatomo instancenetworknetwork scanningnorth americapayload deliveryphishingphishing attackpotential credential theftprivilege escalationprocess injectionprospero oooproton66 ooopublicraasransomwarereconnaissancered bytesremcos trojanremote accessremote servicesresearchedrhysidascams & fraudscripting attackssecurity operationssftp compromisesmartape ousocial engineeringsoftware developmentsolutions llpsql injection attemptsssh attacksupply chain attacksystem disruptiont1021.001t1027t1055t1059t1059.001t1059.003t1059.007t1068t1071t1071.001t1076t1078t1078.001t1078.004t1086t1105t1110t1110.002t1133t1189t1190t1195t1195.001t1195.002t1199t1204t1204.001t1204.002t1486t1490t1496t1499.002t1499.003t1505.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003t1608.001ta582tag-124targeting databasetdsthird-party riskthreat actorthreat intelligencetor nodetraffic redirectionunited statesurlsuser executionwordpress phishing campaignwp engine

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
9
Reports
First seenJan 11, 2025
Last seenJun 6, 2026

VirusTotal

Not checked

WHOIS

description
CyberCX has discovered a sophisticated phishing campaign named DarkEngine, which targets users of WP Engine, a managed WordPress hosting platform, and has been active since at least June 2024. The campaign employs SEO poisoning to lure victims to phishing sites mimicking the WP Engine login interface, enabling attackers to steal credentials and gain unauthorized access to WP Engine accounts and their associated WordPress sites. Once compromised, the attackers inject backdoors via malicious plugins and execute harmful JavaScript, affecting over 2,353 unique sites primarily in Australia and New Zealand, while also utilizing techniques like ClickFix to manipulate visitors into executing harmful commands. The operation employs a headless browser automation tool for exploitation, maintaining persistence through various backdoors and SFTP accounts..
domain rank
-1
raw
Administrative city: Phoenix Administrative country: United States Administrative email: [email protected] Administrative state: AZ Create date: 2024-09-18 00:00:00 Domain name: pushcg.com Domain registrar id: 1479 Domain registrar url: https://www.namesilo.com/ Expiry date: 2025-09-18 00:00:00 Name server 1: ns2.dnsowl.com Name server 2: ns1.dnsowl.com Name server 3: ns3.dnsowl.com Query time: 2024-09-19 11:23:21 Registrant city: 7a96e04d2a2490b3 Registrant company: 566bb814321610e4 Registrant country: United States Registrant email: [email protected] Registrant name: 1f33d7151e7ebf55 Registrant phone: 6ac4fd1bbf9bd8f0 Registrant state: e1c7c1911395a3cf Registrant zip: c692e0cb8851b160 Technical city: Phoenix Technical country: United States Technical email: [email protected] Technical state: AZ Update date: 2024-09-18 00:00:00
references
https://connect.cybercx.com.au/dark-engine, https://storage.pardot.com/1069042/1748905703CCn8f7sn/CyberCX___WP_Engine_Report.pdf, adv11.txt, https://www.recordedfuture.com/research/tag-124-multi-layered-tds-infrastructure-extensive-user-base, https://malasada.tech/new-behavior-for-landupdate808-observed/
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 9 threat reports