Sucuri Research Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Historic malware entries for 2012-11-29Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

      Archived data:   Latest   |   2014-10-18   |   2014-06-18   |   2014-06-02   |   2014-05-23   |   2014-05-08   |   2014-04-29   |   2014-04-20   |   2014-04-09   |   More days

We separate the data in three categories: Iframes, redirectiors and javascript. For each one you can click on the domain for more information, IP addresses and details on the malware.

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infectedTypeMalware / Domains
236iframehttp://bymsgseyc.mynumber.org/weranisz.cgi?8
215iframehttp://fkfhphsw.sellClassics.com/flastringa.cgi?8
197iframehttp://zcztois.sellClassics.com/flastringa.cgi?8
193iframehttp://iaxto.sellClassics.com/weranisz.cgi?8
185iframehttp://qeolxk.sellClassics.com/flastringa.cgi?8
176iframehttp://rpgoigg.mynumber.org/flastringa.cgi?8
170iframehttp://djuwa.mynumber.org/flastringa.cgi?8
164iframehttp://ofnud.sellClassics.com/flastringa.cgi?8
163iframehttp://pieiy.sellClassics.com/weranisz.cgi?8
149iframehttp://fxganmx.mynumber.org/flastringa.cgi?8
138iframehttp://jujfdkbt.sellClassics.com/flastringa.cgi?8
120iframehttp://perevod.me/sts/sTDS/go.php?sid=1
115iframehttp://qeiwuusq.mynumber.org/flastringa.cgi?8
99iframehttp://vklje.sellClassics.com/flastringa.cgi?8
84iframehttp://iwtoyt.mynumber.org/flastringa.cgi?8
82iframehttp://kelztsll.mynumber.org/flastringa.cgi?8
77iframehttp://wpfbsbcqa.mynumber.org/flastringa.cgi?8
70iframehttp://rcnxzszn.mynumber.org/flastringa.cgi?8
66iframehttp://ssuvr.mynumber.org/flastringa.cgi?8
61iframehttp://mznia.mynumber.org/flastringa.cgi?8
57iframehttp://hdssecondfastest.pro/RfDSRv?vWFiA=49
57iframehttp://blampdoqw.sellClassics.com/flastringa.cgi?8
48iframehttp://pkyvpdk.mynumber.org/flastringa.cgi?8
40iframehttp://bofycypr.info/RfDSRv?vWFiA=49
38iframehttp://pzrrrpn.sellClassics.com/flastringa.cgi?8
38iframehttp://fenwaywest.com/media/index.php
32iframehttp://karenbrowntx.com
28iframehttp://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8
26iframehttp://vomcdac.mynumber.org/flastringa.cgi?8
26iframehttp://oodwpe.mynumber.org/flastringa.cgi?8
25iframehttp://zmxgzv.sellClassics.com/weranisz.cgi?8
25iframehttp://ysrmfff.sellClassics.com/flastringa.cgi?8
24iframehttp://dazifbcqw.dnset.com/counter
22iframehttp://perevod.me/sts/sTDS/go.php?sid=2
22iframehttp://htpcapital.com/main.php?page=98d3bf6d08596d13
18iframehttp://xelin.net/in.cgi?2
16iframehttp://www.songsmusic.in/searchbar.html
16iframehttp://verifydvdits.shop-bacon.com/yozoi.cgi?7
15iframehttp://komputer.szczesliwa13.com.pl/tmp/faq.php
13iframehttp://mfyln.mynumber.org/flastringa.cgi?8
Limited view (40 rows)... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infectedTypeMalware / Domains
54redirectionshttp://os.floy.in/?id=964
54redirectionshttp://jquery-framework.com/direct.php
39redirectionshttp://spbfotomontag.ru:8080/forum/showthread.php?page=beb2436a164c6222
17redirectionshttp://crzyluxtds.in/go.php?sid=1
15redirectionshttp://trashycoach.ru/newsroom?8
14redirectionshttp://frontmountedhamburger.ru/Graphs?8
12redirectionshttp://hamperswwwidzapcom.ru/overwritescombining.cgi?8
11redirectionshttp://desktop-dja-1.ru/go/in.php?source=bmwstyle.az
9redirectionshttp://villusoftreit.ru/in.cgi?3
8redirectionshttp://www.a1werty.2waky.com/
7redirectionshttp://frontmountedhamburger.ru/Graphs?8
6redirectionshttp://mobile-content.info/direct.php
6redirectionshttp://hamperswwwidzapcom.ru/overwritescombining.cgi?8
6redirectionshttp://gins-lika.ru/sunreal?9
5redirectionshttp://wayoseswindows.ru/Tech?8
5redirectionshttp://vastchaptersthe.ru/Furniture?8
5redirectionshttp://safarisbills.ru/privacyxscontribute.cgi?8
5redirectionshttp://radminmultiserver.ru/Graphs?8
5redirectionshttp://khzpna.ru/quiterecurrence.cgi?8
5redirectionshttp://invoicingcake.ru/VEREIN?8
5redirectionshttp://comingsubmission.ru/signupdiving.cgi?8
5redirectionshttp://bbinggeocaching.bullguardchannel.ru/rfndsegv.cgi?7
4redirectionshttp://zhalnetruzhy.co.at.nr/main.php?page=71981a2402a78726
4redirectionshttp://tdswind.ru/go.php?sid=13
4redirectionshttp://prioritizeskeeper.bullguardchannel.ru/xgejerm.cgi?7
4redirectionshttp://64.120.137.116/tds/in.cgi?10
3redirectionshttp://villusoftreit.ru/in.cgi?3
3redirectionshttp://udtwej.almostmy.com/prpr
3redirectionshttp://trashycoach.ru/newsroom?8
3redirectionshttp://moiujv.almostmy.com/prpr
3redirectionshttp://luckymasters.com/in.cgi?11
3redirectionshttp://confirmaccredit.ru/qrad/index.php
3redirectionshttp://changedivstyle.ru/vis/index.php
3redirectionshttp://adminsown.ru/VEREIN?8
2redirectionshttp://zegykso.ru/count2.php
2redirectionshttp://successcontinued.net/sword/in.cgi?3
2redirectionshttp://starborneproductions.org/images-banners/counters.php
2redirectionshttp://spamfoilingkiss.ru/epsdangers.cgi?8
2redirectionshttp://qrue.qpoe.com/
2redirectionshttp://operaminiupdates.info/tds/go.php?sid=1
Limited view (40 rows)... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infectedTypeMalware / Domains
9javascripthttp://nbeforhk.ddns.info/stds/go.php?sid=1: i=0;try{prototype;}catch(z){h="h"+"arCode";f=['-32...
7javascripthttp://htrxcytvfmhg.lowestprices.at/?go=2: i=0;try{avasv=prototype;}catch(z){h="harCode";f=['-3...
5javascripthttp://wonfhujmel.byinter.net/?go=2: i=0;if(window["document"])try{grbregd=prototype;}catch(z){...
3javascripthttp://javlprni.ddns.name/stds/go.php?sid=1: i=0;try{prototype;}catch(z){h="harCode";f=['-33c-3...
2javascripthttp://nthlpk.ocry.com/stat/ga.php: try{wegewg++;}catch(hsens){try{sernbhsdfx|15232}catch(eryre...
2javascripthttp://71speed.info/t/?: eval(unescape('function%20Car%28_a_%29%7BADcSCa%3Dnew%20String%28argum...
1javascripthttp://porhhs.sexidude.com/?go=1: if(window.document)a=("v532b5".split+Date).substr(0,6);aa=([]...
1javascripthttp://larr8863.myftp.org/?go=2: d=Date;d=new d();if(d.getFullYear()==2012)h=-parseInt('012')/5...
173javascript<script type="text/javascript" src="http://amnd.org/cb.php"></script>
77javascript<script type="text/javascript" language="javascript" > (function () { var tn = document.createE...
73javascript<script type="text/javascript" language="javascript" > (function () { var owdp = document.creat...
69javascript<script type="text/javascript" language="javascript" > (function () { var ep = document.createE...
64javascript<script type="text/javascript" language="javascript" > (function () { var kdv = document.create...
43javascript<script type="text/javascript" language="javascript" > (function () { var klhj = document.creat...
42javascript<script type="text/javascript" language="javascript" > (function(){ var a = document.createElem...
36javascript<script> function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='...
33javascript<script type="text/javascript" language="javascript" > (function () { var qi = document.createE...
28javascript<script type="text/javascript" language="javascript" > (function () { var lwmr = document.creat...
23javascript<script type="text/javascript" language="javascript" > (function () { var vlce = document.creat...
22javascript<script type="text/javascript" language="javascript" > (function () { var p = document.createEl...
18javascript<script type="text/javascript" language="javascript" > (function () { var jno = document.create...
16javascript<script type="text/javascript" language="javascript" > (function () { var s = document.createEl...
15javascript<script type="text/javascript" language="javascript" > (function () { var zlay = document.creat...
15javascript<script type="text/javascript" language="javascript" > (function () { var a = document.createEl...
14javascript<script type="text/javascript" language="javascript" > (function () { var bscvc = document.crea...
12javascript<script type="text/javascript" language="javascript" > (function () { var gippr = document.crea...
11javascript<script type="text/javascript" src="http://argoauto.net/tmp/index-bkp.php"></script>
11javascript<script type="text/javascript" language="javascript" > (function () { var z = document.createEl...
11javascript<script type="text/javascript" language="javascript" > (function () { var k = document.createEl...
10javascript<script type="text/javascript" src="http://abrahamspath.org.uk/cb.php"></script>
10javascript<script src="http://script.pravoslavie.ru/icon.php"></script>
9javascript<script type="text/javascript" language="javascript" > (function () { var pzmo = document.creat...
9javascript<script type="text/javascript" language="javascript" > (function () { var iulo = document.creat...
9javascript<script src=http://fshanghai.net/zb/main.php ></script>
8javascript<script type="text/javascript" language="javascript" > (function () { var bht = document.create...
8javascript<script type="text/javascript" language="javascript" > (function(){ var a = document.createElem...
8javascript<script src="http://rstand13ardsoff.rr.nu/pmg.php?d=x"></script>
7javascript<script type="text/javascript" language="javascript" > (function () { var ncxta = document.crea...
7javascript<script type="text/javascript" language="javascript" > (function () { var izz = document.create...
7javascript<script type="text/javascript" language="javascript" > (function () { var b = document.createEl...
Limited view (40 rows)... Only the top entries being displayed.