Sucuri Research Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Latest Malware Entries (24 hrs)Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

      Archived data:   Latest   |   2015-08-12   |   2015-08-11   |   2015-01-14   |   2014-12-04   |   2014-10-18   |   2014-06-18   |   2014-06-02   |   2014-05-23   |   More days

We separate the data in three categories: Iframes, redirectiors and javascript. For each one you can click on the domain for more information, IP addresses and details on the malware.

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infectedTypeMalware / Domains
11iframehttp://utkarshavidyalaya.org/css/css_old/bindex.php
10iframehttp://vch2101.in/?id=exp
8iframehttp://rthlsinks.cz.cc/xp/index.php?tp=bdd9e836c0f58a18
8iframehttp://imobl.ru/counter.php
7iframehttp://xninja.ru/service/review-btn.html?hid=542
6iframehttp://yehphse.ddns.name/b922bd7404d9e89f94830.fuxycz64?13
6iframehttp://mbcobretti.com/hydra.php
6iframehttp://bagsindubai.com/html/wp-content/plugins/rotr
Limited view (40 rows)... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infectedTypeMalware / Domains
26redirectionshttp://mob-update.ru/other/
26redirectionshttp://m.mobi-avto.ru
15redirectionshttp://173.245.86.201/
12redirectionshttp://modrewrite.ru
9redirectionshttp://web-redirect.ru/?web
6redirectionshttp://web-redirect.ru/?web
6redirectionshttp://search-box.in/in.cgi?4
6redirectionshttp://mob-version.ru/other/
6redirectionshttp://m.mobi-avto.ru
5redirectionshttp://industry.bee.pl/
5redirectionshttp://g.uu.cc/birzzle
4redirectionshttp://speardiver.com/ocef.html?h=1448344
1redirectionshttp://341-health.975-diet.com-ucyg.net/drsmartmwh/usrmwh/
Limited view (40 rows)... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infectedTypeMalware / Domains
646javascripthttp://sexualne.info/main.php": document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%7...
8javascripthttp://hu587tiugi.vv.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAgAGBQUBDA==": function decrypt_p(x){var l=x.le...
2javascripthttp://storylootybuz.com/main.php?page=6eb5b7677d651df4: if(window.document)aa=new RegExp('test...
1javascripthttp://zpisdralsbu.byinter.net/?go=2: try{1-prototype;}catch(asd){x=2;} if(x){fr="fromChar";f=[...
283javascript<script type="text/javascript">var script = document.createElement("script");script.src="/stat/...
81javascript<script type="text/javascript" src="http://122.155.168.105/ads/inpage/pub/collect.js"></script>...
57javascript<script type="text/javascript" src="http://122.155.168.105/ads/inpage/pub/collect.js"></script>
26javascript<script src="http://cloudfrond.com/d2bgg7rjywcwsy.phtml"></script>
22javascript<script type="text/javascript" src="http://31.210.87.2/js/combinedv12.js"></script>
22javascript<script type="text/javascript" language="JavaScript" src="http://prosite24.ru/334c"></script>
13javascript<script type="text/javascript" src="http://sovetoff.freeiz.com/wp-content/themes/Libera/kqjbrdn...
13javascript<script type="text/javascript" src="http://master-style.ru/js/tiny_mce/plugins/emotions/img/1/4...
11javascript<script type="text/javascript"> document.write('<iframe src="http://utkarshavidyalaya.org/css/c...
11javascript<script src="http://justsyrian.com/images/taiyYbKM.php" ></script><script src="http://justsyria...
3javascript<script type="text/javascript" src="http://zebrex.ca/dzhdpgl7.php?id=5756200"></script>
3javascript<script type="text/javascript" src="http://www.mrappolt.de/pyhjbjkh.php?id=2886785"></script>
3javascript<script type="text/javascript" src="http://www.directram.ru/nywpq4gD.php?id=267753"></script>
3javascript<script type="text/javascript" src="http://www.alex-andrei.ro/7rpyf4dw.php?id=26907813"></script>
3javascript<script type="text/javascript" src="http://trancelaciya.com/themes/bartik/9txnc87k.php?id=43688...
3javascript<script type="text/javascript" src="http://tedgenet.com//moving.page/n9xc3wvz.php?id=3238727"><...
3javascript<script type="text/javascript" src="http://sklogistiek.nl/dy3k4rmp.php?id=13697589"></script>
3javascript<script type="text/javascript" src="http://sfhelp.baidu.com/msg/js/214/919214.js" charset="gb23...
3javascript<script type="text/javascript" src="http://saisyutou2.han.kr/vqzwmv6g.php?id=6951738"></script>
3javascript<script type="text/javascript" src="http://premier-one.net/OLD/humidifiers/wdccy8jx.php?id=5382...
3javascript<script type="text/javascript" src="http://nextlevel-communications.com/wp-content/themes/twent...
3javascript<script type="text/javascript" src="http://get1host.com/wqgy6lkp.php?id=14587088"></script>
3javascript<script type="text/javascript" src="http://amazingunigrace.com/counter.php?id=5792785"></script>
3javascript<script type="text/javascript" src="http://9071020.ru/tvcq49cz.php?id=69049763"></script>
3javascript<script type="text/javascript" src="http://208.38.190.53/support/kRgQJmvB.php?id=10429838"></sc...
3javascript<script src=http://infobyte.com.tr/yyy/steffrect.php ></script>
Limited view (40 rows)... Only the top entries being displayed.