Modern approach to URL Intelligence - Expose threats, Empower trust

Copy & Paste Malware Dropper — Technical Analysis
By Sourena MAROOFI · 2025-08-24 15:58:35

This article documents a malware campaign that abuses a fake Cloudflare CAPTCHA page to trick victims into copying and executing a PowerShell command. The attack ultimately delivers NetSupport Manager (a legitimate remote administration tool often abused as a RAT)...

An overview of the world's largest postal services phishing campaign
By Karen Yousefi · 2025-06-27 11:46:52

During the past two weeks, URLAbuse closely monitored the ongoing postal service phishing campaigns targeting more than 50 postal services (including national posts and private companies) worldwide....

Analysis of a malware with multi-stage payload
By Sourena MAROOFI · 2024-09-12 09:26:35

It's been a long time I haven't analyzed a malware. However, yesterday, I saw a sample in URLAbuse which I found it interesting so I told myself why not give it a shot! I guess the sample already labeled as #xworm or #AgentTesla on different websites. When I googled it, I found a lot of analysis of the variants. This one is almost the same as others in terms of functionalities but a little bit different in terms of payload delivery....

ICANN Issued Breach Notice to .TOP Registry After URLAbuse Complaint
By Karen Yousefi · 2024-07-16 16:14:46

URLAbuse has successfully initiated action against the .TOP Registry Operator, leading to the Internet Corporation for Assigned Names and Numbers (ICANN) issuing a Notice of Breach. The breach notice, dated July 16, 2024, highlights multiple compliance failures by the .TOP Registry Operator, which include neglecting abuse reports and non-adherence to required internet safety protocols....

Windows Portable Executable (PE) Files Structure
By Sourena MAROOFI · 2021-10-05 08:21:11

The structure (format) of the Windows Portable Executable (PE) files is not that difficult, but the problem is that I couldn't find a nice, complete tutorial about it. So I decided to write my own version explaining everything completely from scratch. So this will be a very long, long post!...

VBScript for the Impatient: A Crash Course
By Sourena MAROOFI · 2021-01-20 07:20:19

Lately, I was looking for a syntax of one function in Windows Script Host (WSH) and I realized that it's difficult these days to find a nice tutorial about WSH or even VBScript since both of them are kind of dead! (VBS replaced by JavaScript and WSH replaced by Powershell). There are some websites offering some tutorials but you need to watch lots of nasty advertise to be able to get something from the tutorial....