Sucuri Research Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Latest Malware Entries (24 hrs)Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

      Archived data:   Latest   |   2014-10-18   |   2014-06-18   |   2014-06-02   |   2014-05-23   |   2014-05-08   |   2014-04-29   |   2014-04-20   |   2014-04-09   |   More days

We separate the data in three categories: Iframes, redirectiors and javascript. For each one you can click on the domain for more information, IP addresses and details on the malware.

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infectedTypeMalware / Domains
83iframehttp://exclusive.ramirod.ro/serverxmpp17.html?c
60iframehttp://exclusive.lucasmelo.com.br/serverxmpp17.html?c
52iframehttp://exclusive.medicalhealthsolutions.net/serverxmpp17.html?c
51iframehttp://exclusive.masterfamily.us/serverxmpp17.html?c
48iframehttp://exclusive.muoti.ro/serverxmpp17.html?c
39iframehttp://exclusive.tryscheme.com/serverxmpp17.html?c
35iframehttp://promotion.kontjokenthel.com/payuamazon17.html?n
32iframehttp://exclusive.robertofreire.ca/serverxmpp17.html?c
31iframehttp://firefoxer.yinyue8.com.ar/robertclittle17.html?c
31iframehttp://exclusive.mixpel.com.br/serverxmpp17.html?c
30iframehttp://firefoxer.vertelag.com/robertclittle17.html?c
24iframehttp://firefoxer.walkerfamilygathering.com/robertclittle17.html?c
24iframehttp://firefoxer.vilceana.ro/robertclittle17.html?c
23iframehttp://exclusive.vfon.com.ar/serverxmpp17.html?c
21iframehttp://exclusive.pgmac.com/serverxmpp17.html?c
16iframehttp://exclusive.sd-xbmc.org/serverxmpp17.html?c
16iframehttp://exclusive.linards.net/serverxmpp17.html?c
15iframehttp://exclusive.tuxedocloud.com/serverxmpp17.html?c
15iframehttp://exclusive.netluxo.com.br/serverxmpp17.html?c
12iframehttp://shablon-master.ru/t/go.php?sid=90
12iframehttp://poplluris.aliencybercafe.ro/iflasoris16.khml
12iframehttp://firefoxer.robertclittle.com/robertclittle17.html?c
12iframehttp://exclusive.prayerbook.com.au/serverxmpp17.html?c
11iframehttp://firefoxer.worldofsienna.com/robertclittle17.html?c
11iframehttp://devatron.dojo-box.com/acerbus17.html?b
10iframehttp://www.hausauto.de/index.php
10iframehttp://exclusive.ussdefiant.co.uk/serverxmpp17.html?c
8iframehttp://www.omeopatiaescienza.it/wp-content/uploads/update.php
8iframehttp://exclusive.serverxmpp.com.ar/serverxmpp17.html?c
7iframehttp://daduridel.envytations.net/filmanustic16.html
6iframehttp://bgb.corsalogistics.net/hwd6rR7v.php
6iframehttp://agelmonis.eiq.ch/tirisutpla16.khml
5iframehttp://exclusive.phpcode.biz/serverxmpp17.html?c
5iframehttp://exclusive.muyhelados.com.ar/serverxmpp17.html?c
4iframehttp://posestoolbars.org/news.php?id=e6f6402caf60df3a
3iframehttp://sundiego.blackandwhitedarkroom.com/lasemaine17.html?b
2iframehttp://exclusive.rodrigoillarraga.com.ar/serverxmpp17.html?c
2iframehttp://acturesmit.bluetexinternational.com/gausmitikor16.html
1iframehttp://sundiego.lasemaine.ca/lasemaine17.html?b
1iframehttp://sundiego.avcom.ro/lasemaine17.html?b
Limited view (40 rows)... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infectedTypeMalware / Domains
11redirectionshttp://silo-se.ru/
9redirectionshttp://alfsystem.com.my/includes/domit/1.php
6redirectionshttp://newextra.com/in.cgi?6
6redirectionshttp://luxurytds.com/go.php?sid=1
6redirectionshttp://congatarcxisi.ru/mays/index.php
5redirectionshttp://mampoks.ru/track.php
5redirectionshttp://gerania.ru
5redirectionshttp://dinatds.com/in.cgi?11
5redirectionshttp://colce-adem.ru/infinity?8
4redirectionshttp://newporn.in/
3redirectionshttp://sbads.ru/302m
3redirectionshttp://qertea.instanthq.com/
3redirectionshttp://pool-massage.ru/mysave/index.php
3redirectionshttp://lincau.osa.pl/se/
3redirectionshttp://ibontu.25u.com/
3redirectionshttp://dubstep.dumb1.com/
3redirectionshttp://bomat.ru/
3redirectionshttp://1i.epac.to
2redirectionshttp://www.lsd4x4.ru
2redirectionshttp://voblya.com/tds/in.cgi?8
2redirectionshttp://rarona.ru
2redirectionshttp://pool-massage.ru/mysave/index.php?level=album
2redirectionshttp://kaztorka.in/404.php
2redirectionshttp://internetalwayswillbefree.com/
1redirectionshttp://sextgpgalleriesfree.biz/s/in.cgi?2
1redirectionshttp://jesmondlets.co.uk/images/H9kmLCdB.php
Limited view (40 rows)... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infectedTypeMalware / Domains
13javascripthttp://easyfunguide.at:8080/google.com/zylom.com/hc360: var HG;if(HG!='' && HG!='lp'){HG=''};va...
12javascripthttp://grywamtu.pl/public/ads/slider/ts3slider.js": document.write(unescape('%3C%73%63%72%69%70...
10javascripthttp://javlprni.ddns.name/stds/go.php?sid=1: i=0;try{prototype;}catch(z){h="harCode";f=['-33c-3...
5javascripthttp://tevythi.ru/count17.php: i=0;try{prototype;}catch(egewgsd){f=['-32w-32w64w61w-9w-1w59w70w...
4javascripthttp://private3.zapto.org/blog/vlqsryyacr.php?vaowv=NHcCqUFS&hrytewsfd=9889439&yjresfd=...
3javascripthttp://cheatsin.ru:8080: var n;if(n!=''){n='CD'};var Y="";var z;if(z!='HY' && z!='KW'){z=''};va...
2javascripthttp://youhelpnow.ru:8080: var L='';function P(){this.e='';var vT;if(vT!='' && vT!='cO'){vT=nul...
2javascripthttp://ugjypnu.eu/count25.php: if(window.document)aa=/s/g.exec("s").index+[];aaa='0';if(aa.inde...
1javascripthttp://www.thehitsusa.com/ad1.js": var enkripsi="'1Aqapkrv'02nclewceg'1F'00hctcqapkrv'00'02qpa'...
1javascripthttp://six.myads.name/system/caption.js": this.b=this.M="";this.A="";this.w=false;this.N=""; (f...
1javascripthttp://dex.myads.name/system/caption.js": this.b=this.M="";this.A="";this.w=false;this.N=""; (f...
1javascripthttp://dasretokfin.com/index.php": eval(unescape("document.write%28String.fromCharCode%2860%2C1...
22javascript<script src="http://ungogo.leftgod.com/c/ungogo.js" type="text/javascript"></script>
18javascript<script type="text/javascript" src="http://gamjamfest.com/4pbnb3zl.php?id=11413520"></script>
12javascript<script type="text/javascript" src="http://www.milbrandt.de/jslib.php"></script>
12javascript<script type="text/javascript" src="http://casinoreporting.com/wp-content/uploads/2013/06/temp/...
12javascript<script type="text/javascript" language="javascript" > function zzzfff() { var oe = document.cr...
11javascript<script type="text/javascript" src="http://www.itsallabouttheleaf.com/LRfpYQBG.php?id="></script>
11javascript<script type="text/javascript" src="http://visiondesigns.ca/backup-visions/colorbox/vncq3jfk.ph...
11javascript<script type="text/javascript" src="http://samara-beauty.zz.mu/dzm8T3qr.php?id=173016"></script>
11javascript<script type="text/javascript" src="http://gaertnerei-stoltenberg.de/geschenkideen/v2lpxvxq.php...
11javascript<script type="text/javascript" src="http://besemos.com/wp-content/themes/duena/dqrhwnm8.php?id=...
11javascript<script src="http://5.9.179.87/br/flashplayer/"></script>
10javascript<script type="text/javascript" src="http://provisions-profi.de/Scripts/8y9qjndb.php?id=9967340"...
10javascript<script type="text/javascript" src="http://cedarclosetmedia.com/ncemark.com/plays/ntn3td4j.php?...
9javascript<script type="text/javascript" src="http://wl29www761.webland.ch/rjrc7jbx.php?id=9168778"></scr...
9javascript<script type="text/javascript" src="http://gamjamfest.com/4pbnb3zl.php?id=11401055"></script>
9javascript<script type="text/javascript" src="http://asjltrading.nl/wp-content/themes/mantra/mgdv8xby.php...
9javascript<script type="text/javascript" language="javascript" > (function () { var jf = document.createE...
9javascript<script src="http://welcometotheglobalisnet.com/mm.php"></script>
8javascript<script type="text/javascript" src="http://lunar.host22.com/3JNR0OdB.php?id=4401299"></script>
8javascript<script type="text/javascript" src="http://disco-genie.co.uk/profiles/Howard27/jm97kpc8.php?id=...
8javascript<script type="text/javascript" src="http://carlospisanu.com/content.php"></script>
7javascript<script type="text/javascript" src="http://energocell.hu/wp-admin/HbeWT0VV.php?id="></script>
5javascript<script type="text/javascript" src="http://pulsarjewelry.com/Scripts/2013.1.219/zydxwmjr.php?id...
4javascript<script type="text/javascript" src="http://saluteepsiche.it/wp-content/themes/Memoir/cvrmg6np.p...
4javascript<script type="text/javascript" src="http://peluqueriapeludos.hostei.com/wtg6nbdk.php?id="></scr...
4javascript<script type="text/javascript" src="http://italianluxurytravel.net/gtp6lrmj.php?id=11185293"></...
4javascript<script type="text/javascript" src="http://formacion.actividadesmedicas.com/login/bVKHnd3r.php?...
4javascript<script type="text/javascript" src="http://faist.cd-guide.info/H7ekj8ad.php?id=25872278"></script>
Limited view (40 rows)... Only the top entries being displayed.