Sucuri Research Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Latest Malware Entries (24 hrs)Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

      Archived data:   Latest   |   2014-04-09   |   2014-03-26   |   2014-03-18   |   2014-03-14   |   2014-03-05   |   2014-02-24   |   2014-02-06   |   2014-01-30   |   More days

We separate the data in three categories: Iframes, redirectiors and javascript. For each one you can click on the domain for more information, IP addresses and details on the malware.

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infectedTypeMalware / Domains
18iframehttp://www.madsciencesacto.com/P9DgL2Jb.php
9iframehttp://www.kamatica.com/plugin/kursna_lista_manja.php
9iframehttp://methuenedge.com/stats.php
9iframehttp://bokroet.com/getThumbs?uid=1907280331
7iframehttp://sellads.eu/p_n/m_b/b_s_f.php?pid
5iframehttp://qyzthbyfl.dns-stuff.com/0fca470cf550dfe341548a8917e.w5ukc?13
5iframehttp://jkyui98gfj-hyuyh.ns1.name
3iframehttp://stjohnsdryden.org/img/common/download.php
2iframehttp://www.scs.tv/wp-content/themes/twentyeleven/colors/update.php
2iframehttp://krutik.info/index.php
1iframehttp://www.cheenifortots.com/blog/wp-includes/CFT/contact-us.php
1iframehttp://www0apps-myups.com/main.php?page=bbf13438dcde29a9
1iframehttp://mqxpdlf.dns-stuff.com/1191c809f6407111c4c07.PuWWYrX?14
1iframehttp://chia-anime.com/content/udm720.html
1iframehttp://austriazeni.info/invest/in2.php
Limited view (40 rows)... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infectedTypeMalware / Domains
10redirectionshttp://pasla-setatg.ru/qrfoa?8
9redirectionshttp://www.uiopqw.jkub.com/
8redirectionshttp://isupport.x24hr.com/tds/go.php?sid=1
6redirectionshttp://zagga.in/e/11433?
6redirectionshttp://onotiw.dnset.com/
5redirectionshttp://vesuqpu.ru/count7.php
4redirectionshttp://nopillnosteel.com/
3redirectionshttp://zagga.in/e/6498
3redirectionshttp://lpistw.4pu.com/
3redirectionshttp://irxnrjaw.ddns.me.uk/
3redirectionshttp://alfsystem.com.my/includes/domit/1.php
2redirectionshttp://ykjfdwghjmg.epac.to/
2redirectionshttp://www.freeshoppinghandbags.com
2redirectionshttp://pickupclub.ru/forum/index.php
2redirectionshttp://pasla-setatg.ru/qrfoa?8
2redirectionshttp://oplsuo.rebatesrule.net/
2redirectionshttp://ivsenaidu.ru/
2redirectionshttp://isupport.x24hr.com/tds/go.php?sid=1
2redirectionshttp://gdz-reshebnik-po-klass-lvova.ru/download/ebe8939c-aa58/World_of_tanks_Cheats.exe
2redirectionshttp://freeview.in
2redirectionshttp://beertraffic.biz/sutra/in.cgi?13
2redirectionshttp://3dporn.in/ktds/?06
2redirectionshttp://37.1.203.109/go.php?sid=1
1redirectionshttp://whitepornlinks.com/in.cgi?6
1redirectionshttp://ulfreqb.ddns.me.uk/
1redirectionshttp://traf00.net/in.cgi?28
1redirectionshttp://tds.trafflow.com/in.cgi?6
1redirectionshttp://q-e.bplaced.net/cacf.html?h=1409741
1redirectionshttp://pharmonlineshop.com/medicine-products-bestsellers-en.html?a=9560
1redirectionshttp://candice-accola.org/mocf.html?h=1320286
1redirectionshttp://4pdaru.ru/getfile.php?dtype=dle
Limited view (40 rows)... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infectedTypeMalware / Domains
1javascripthttp://script2ni.ir": var enkripsi="'1Aqapkrv'02v{rg'1F'00vgzv-hctcqapkrv'00'1G'2C'06'0:fmawogl...
39javascript<script src="http://74.207.251.31/br/flashplayer/"></script>
31javascript<script type="text/javascript" src="http://sgirsa.com/js/clicker.php?id=3331269"></script>
19javascript<script src="http://testfortest.changeip.name/googlestat.php"></script>
17javascript<script src="http://tionikalaer.trickip.net/node.php" type="text/javascript"></script>
17javascript<script src="http://ionall70ycommon.rr.nu/nl.php?p=d"></script>
13javascript<script src="http://mmu22nit.rr.nu/nl.php?p=d"></script>
11javascript<script type="text/javascript" src="http://spa-sibo.org/wp-content/plugins/zadat_vopros/google-...
10javascript<script type="text/javascript" src="http://www.5wari1bu.jp/qPdYbw6H.php?id="></script>
10javascript<script src="http://happydaniel.cwsurf.de/gBObGD6h.php?id=49466821" type="text/javascript"></sc...
9javascript<script type="text/javascript" src="http://gimlibiblecamp.com/phocamapskml/FfNntz9y.php?id=8296...
9javascript<script src="http://www.autuorimodellismo.com/components/FH6mmTki.php?id=29769766" type="text/j...
9javascript<script language='JavaScript' src='http://proverip.ru/temps.php?i=16574'></script>
8javascript<script type="text/javascript" language="javascript" > (function(){ var a = document.createElem...
5javascript<script src="http://87.106.35.192/br/flashplayer/download/"></script>
3javascript<script type="text/javascript" src="http://www.geoseo.it/zMCBJKW6.php?id=68541925"></script>
3javascript<script type="text/javascript" src="http://nata.pozitiva.ru/8UlIAP9v.php?id=$frameid"></script>
3javascript<script type="text/javascript" src="http://encorenergy.net/wp-includes/tLKcMmZH.php?id=68541925...
3javascript<script type="text/javascript" src="http://dev1.banat-net.ro/jWLkqMcd.php?id=68541925"></script>
3javascript<script type="text/javascript" src="http://21stcenturyantiques.com/zkjhWQyH.php?id=68541925"></...
3javascript<script src=http://ccjewellery.ro/_vti_bin/cumpar-bijuterii-bratari-cercei-lantisoare-online.ph...
2javascript<script type="text/javascript" src="http://www.euro-glas.co.uk/24Td8yJw.php?id=68541925"></script>
2javascript<script type="text/javascript" src="http://videointerattivi.net/4KRCLtXG.php?id=68541925"></scr...
2javascript<script type="text/javascript" src="http://tattexservis-ru.1gb.ru/z8tN2sNc.php?id="></script>
2javascript<script type="text/javascript" src="http://pitanie-conf.ru/Vr4ThmwK.php?id=56227908"></script>
2javascript<script type="text/javascript" src="http://joomla.c-k-media.de/orthodocs/tFGKhPNn.php?id=685419...
2javascript<script type="text/javascript" src="http://ftp.meter.sk/FZrgqWY4.php?id=68541925"></script>
2javascript<script type="text/javascript" src="http://encorenergy.net/wp-includes/tLKcMmZH.php?id=69678427...
2javascript<script type="text/javascript" src="http://ckc-family.com/kMcPKJCZ.php?id=68541925"></script>
2javascript<script type="text/javascript" src="http://baguetel.be/FzZ4j6zX.php?id="></script>
1javascript<script type="text/javascript" src="http://zendique.com/tfVYdwxr.php?id=68541925"></script>
1javascript<script type="text/javascript" src="http://zalibeni-exus.demodomain.cz/2xXyZ3Wh.php?id=68541925...
1javascript<script type="text/javascript" src="http://www.vfr-eintracht-nord-wolfsburg.de/WFzb7Gyt.php?id=...
1javascript<script type="text/javascript" src="http://www.feuerwehr-ruebke.de/kGfL9jDN.php?id=68541925"></...
1javascript<script type="text/javascript" src="http://www.empressur.com/9KWXh8ZC.php?id=68541925"></script>
1javascript<script type="text/javascript" src="http://virutaparacaballos.com/jMJRhVkK.php?id=68541925"></s...
1javascript<script type="text/javascript" src="http://tropiccinema.com/films2011/2xYLjTbM.php?id=68541925"...
1javascript<script type="text/javascript" src="http://sensetech.net/XVzLfTbH.php?id=69678427"></script>
1javascript<script type="text/javascript" src="http://pc2print.co.uk/clk.php?id=5562020"></script>
1javascript<script type="text/javascript" src="http://pc2print.co.uk/clk.php?id=5562019"></script>
Limited view (40 rows)... Only the top entries being displayed.