Sucuri Malware Labs

Latest Malware Entries (24 hrs)Home | Notes | Malware data | Signatures | Tools | About

Archived data: Latest | 2013-05-22 | 2013-05-19 | 2013-05-15 | 2013-05-14 | 2013-05-13 | 2013-05-12 | 2013-05-07 | 2013-05-02 | More days

We separate the data in three categories: Iframes, redirectiors and javascript. For each one you can click on the domain for more information, IP addresses and details on the malware.

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infected	Type	Malware / Domains
41	iframe	http://www.scs.tv/wp-content/themes/twentyeleven/colors/update.php
40	iframe	http://www.2nf.com.vn/templates/beez/images/jpg.php
18	iframe	http://rozblog.com/ads/image.php?size_id=7
14	iframe	http://swvgvgldodz.myfw.us/jquery/get.php?ver=jquery.latest.js
14	iframe	http://karatepacan.co.cc/up/go.php?sid=2
10	iframe	http://seusalum.ru/selection.html?2
10	iframe	http://adsalemedia.ru/in.cgi?12
8	iframe	http://reoenqybu.myfw.us/jquery/get.php?ver=jquery.latest.js
8	iframe	http://ontspanningspraktijk-iguazu.nl/bhndpyc.php
8	iframe	http://delectric.com.mx/aohkfdq.php
8	iframe	http://am10.ru/m/mp3poisk.php
8	iframe	http://178.77.77.80/psyohty.php
7	iframe	http://www.constanta.ws/chat.html
7	iframe	http://kontura.hr/pajelqy.php
7	iframe	http://formularze.otwartaszkola.pl/emljfby.php
6	iframe	http://rivamarsa.com/qnajwvw.php
6	iframe	http://pakkhatpit.net/bwkyyur.php
6	iframe	http://kerima-tools.de/rjpegeq.php
6	iframe	http://expohleb.newhost.ru/snnubho.php
6	iframe	http://danovabud.net/ylxdvll.php
6	iframe	http://bairesline.com.ar/gsltuvs.php
5	iframe	http://wintented.ru/backpackers.html?2
5	iframe	http://prime-aerosols.com/eedutng.php
5	iframe	http://herbmarket.co.uk/grbqnmk.php
5	iframe	http://fmrepresentaciones.com/jxyibed.php
5	iframe	http://connectconsulting.co/htiqqjk.php
5	iframe	http://addon.alfapointer.us/?6
4	iframe	http://www.grupporagni.it/dam/counter.php
4	iframe	http://repairmyhome.ca/jfvhsmk.php
4	iframe	http://puczynski.pl/tpdddwv.php
4	iframe	http://przychodniarodzina.pl/myrvikp.php
4	iframe	http://protocolmindm.com/img2/count.htm
4	iframe	http://municipalite.denholm.qc.ca/poinaiw.php
4	iframe	http://minsociety.org/usjacyi.php
4	iframe	http://itfv.net/mxreerw.php
4	iframe	http://familystori.com/ehmhmfb.php
4	iframe	http://continent-mebel.ru/aadkqge.php
4	iframe	http://btagent.ru/qlqifgt.php
4	iframe	http://bamerica.us/cyeuxnn.php
4	iframe	http://absenergia.pl/iyghpup.php
		Limited view (40 rows)... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infected	Type	Malware / Domains
36	redirections	http://solfedgio5.ru/moneysyst/get_link.php?platnik=minecraft
28	redirections	http://nerto-skiper.ru/palerm?12
27	redirections	http://flintstudio.com
20	redirections	http://mampoks.ru/track.php
17	redirections	http://solfedgio5.ru/simple/go.php?sid=38
12	redirections	http://medicsec.ru/
12	redirections	http://ajnyjcen.ru/count21.php
10	redirections	http://crzyluxtds.in/go.php?sid=1
9	redirections	http://qovizki.ru/count12.php
9	redirections	http://kifedqih.ru/count21.php
8	redirections	http://haqkimve.us/count21.php
6	redirections	http://startpool.ru/exclusive/index.php
6	redirections	http://poasm.qpoe.com/
6	redirections	http://doormoney.biz/
6	redirections	http://cefoai.com/aula/traf.php
5	redirections	http://xudyhbes.ru/count6.php
5	redirections	http://uvpk-audit.ru/cat/count.php
5	redirections	http://sixcharactersuccessfully.ru/extended?7
5	redirections	http://mampoks.ru/track.php
5	redirections	http://fitnes-global.ru/sorento?5
5	redirections	http://ceesolierook.nl/esd.php
4	redirections	http://snmsc.org/ohcd.html?h=1254562
4	redirections	http://selxaqop.us/count21.php
4	redirections	http://qovizki.ru/count12.php
4	redirections	http://kpero.ddns.me.uk/
3	redirections	http://tcpostwald.fr/media/esd.php
3	redirections	http://sommetslutfy.com/zbun.html?h=2811228
3	redirections	http://ldnescort.biz/qb8zT7pw.php
3	redirections	http://interstation.ca/wp-content/rel.php
3	redirections	http://carbondreams.com/clk.php
3	redirections	http://ajnyjcen.ru/count21.php
2	redirections	http://webllink.com/go.php?sid=14
2	redirections	http://uploads-xxx.ru/?8
2	redirections	http://startpool.ru/exclusive/index.php
2	redirections	http://redboneskingston.com/hlfy.html?h=2594463
2	redirections	http://realtrafffistock.ru/rpop.php?fl=4do3e8
2	redirections	http://progressionhospital.ru/massmedia?8
2	redirections	http://pillsm.com/v2/
2	redirections	http://pagesinxt.com/?dn=batraherbals.com
2	redirections	http://necktiesscaling.ru/VEREIN?8
		Limited view (40 rows)... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infected	Type	Malware / Domains
16	javascript	http://pics.bubbled.cn/gallery/hardcore/?23c4f60c1b9f604d6ffb21cba59930: var syZzIc="P2zLa%";va...
9	javascript	http://www.prometei.in.ua/": document.write(unescape('%3c%73%74%79%6c%65%20%74%79%70%65%3d%22%7...
2	javascript	http://frazzo.com/test3.php\": jolc=new Array(39,44,32,54,46,38,45,55,109,52,49,42,55,38,107,97...
1	javascript	http://ywzjvqssv.myfw.us/t/vc.php?go=2: try{abre++}catch(a6ba34y){try{dsgsdh&2}catch(asab){e=wi...
33	javascript	<script src="http://pakesrry.info/rsize.js"></script>
21	javascript	<script src="http://popspace.virgilio.us/pop.php?id=1"></script>
13	javascript	<script src="http://newdomme.changeip.name/rsize.js"></script>
12	javascript	<script src="http://odnaknopka.ru/ok3.js" type="text/javascript"></script>
11	javascript	<script type="text/javascript" src="http://abrahamspath.org.uk/cb.php">"POC"</script>
9	javascript	<script type="text/javascript" language="javascript" > (function () { var id = '8'; var aihsq09...
2	javascript	<script src=http://salesio.net/images/ferris_wheel_spinning_md_wht.php ></script>
2	javascript	<script src="http://revise92dinjur.rr.nu/mm.php?d=x1"></script>
2	javascript	<script>document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 20...
1	javascript	<script type="text/javascript" src="http://argoauto.net/tmp/index-bkp.php"></script>
		Limited view (40 rows)... Only the top entries being displayed.