Sucuri Research Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Welcome to Sucuri's Research site Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

Sucuri Lab's is the home of our research and CIRT team, where we share some of the security issues and web-based malware that we are seeing in the "wild". Our goal to help educate our users and share information with the security community. For you have any questions, please email labs@sucuri.net.

We are also on Twitter at @sucurilabs.

If you are new here, you can check some of our resources:

Research Notes Malware data About

Latest note: Yahoo Leak You can check if your email is part of the yahoo leak here: http://labs.sucuri.net/?yahooleak. Thanks!     (by   Daniel B. Cid   | more notes )

Latest malware entries

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infectedTypeMalware / Domains
83iframehttp://exclusive.ramirod.ro/serverxmpp17.html?c
60iframehttp://exclusive.lucasmelo.com.br/serverxmpp17.html?c
52iframehttp://exclusive.medicalhealthsolutions.net/serverxmpp17.html?c
51iframehttp://exclusive.masterfamily.us/serverxmpp17.html?c
48iframehttp://exclusive.muoti.ro/serverxmpp17.html?c
39iframehttp://exclusive.tryscheme.com/serverxmpp17.html?c
35iframehttp://promotion.kontjokenthel.com/payuamazon17.html?n
32iframehttp://exclusive.robertofreire.ca/serverxmpp17.html?c
31iframehttp://firefoxer.yinyue8.com.ar/robertclittle17.html?c
31iframehttp://exclusive.mixpel.com.br/serverxmpp17.html?c
30iframehttp://firefoxer.vertelag.com/robertclittle17.html?c
24iframehttp://firefoxer.walkerfamilygathering.com/robertclittle17.html?c
24iframehttp://firefoxer.vilceana.ro/robertclittle17.html?c
23iframehttp://exclusive.vfon.com.ar/serverxmpp17.html?c
21iframehttp://exclusive.pgmac.com/serverxmpp17.html?c
16iframehttp://exclusive.sd-xbmc.org/serverxmpp17.html?c
16iframehttp://exclusive.linards.net/serverxmpp17.html?c
15iframehttp://exclusive.tuxedocloud.com/serverxmpp17.html?c
15iframehttp://exclusive.netluxo.com.br/serverxmpp17.html?c
12iframehttp://shablon-master.ru/t/go.php?sid=90
Limited view... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infectedTypeMalware / Domains
11redirectionshttp://silo-se.ru/
9redirectionshttp://alfsystem.com.my/includes/domit/1.php
6redirectionshttp://newextra.com/in.cgi?6
6redirectionshttp://luxurytds.com/go.php?sid=1
6redirectionshttp://congatarcxisi.ru/mays/index.php
5redirectionshttp://mampoks.ru/track.php
5redirectionshttp://gerania.ru
5redirectionshttp://dinatds.com/in.cgi?11
5redirectionshttp://colce-adem.ru/infinity?8
4redirectionshttp://newporn.in/
3redirectionshttp://sbads.ru/302m
3redirectionshttp://qertea.instanthq.com/
3redirectionshttp://pool-massage.ru/mysave/index.php
3redirectionshttp://lincau.osa.pl/se/
3redirectionshttp://ibontu.25u.com/
3redirectionshttp://dubstep.dumb1.com/
3redirectionshttp://bomat.ru/
3redirectionshttp://1i.epac.to
2redirectionshttp://www.lsd4x4.ru
2redirectionshttp://voblya.com/tds/in.cgi?8
Limited view... Only the top entries being displayed.

Spammers

Latest spammers we have detected sending comment, forum or SEO spam.

# of sites infectedTypeMalware / Domains
20+spammerhttp://123livesex.com/,forumspam,2014-01
20+spammerhttp://20min.ch,forumspam,2014-01
20+spammerhttp://90210daily.com/,forumspam,2014-01
20+spammerhttp://EzAdBlaster.com,forumspam,2014-01
20+spammerhttp://absolutefringe.com,forumspam,2014-01
20+spammerhttp://adaptfunrun.org/,forumspam,2014-01
20+spammerhttp://andresmarcossanchez.com/MichaelKors/ ,forumspam,2014-01
20+spammerhttp://appliancelandinc.com/,forumspam,2014-01
20+spammerhttp://audiobookkeeper.ru/,forumspam,2014-01
20+spammerhttp://australiainternetsearch.com/,forumspam,2014-01
20+spammerhttp://autism.sedl.org/index.php/about-us,forumspam,2014-01
20+spammerhttp://axanaxplease.com/,forumspam,2014-01
20+spammerhttp://ayurvedatradicional.com/wordpress/ ,forumspam,2014-01
20+spammerhttp://azezhomeloans.com/body.html,forumspam,2014-01
20+spammerhttp://baltimorecomiccon.com/sponsors/,forumspam,2014-01
20+spammerhttp://bashkiaprrenjas.com/,forumspam,2014-01
20+spammerhttp://bellezzaamica.it/Moncler-Sale-With-Free-Shipping.html,forumspam,2014-01
20+spammerhttp://birdsofstkittsnevis.com/files/,forumspam,2014-01
20+spammerhttp://bmaphoenix.org/young-professionals/,forumspam,2014-01
20+spammerhttp://bradblaze.com.au/,forumspam,2014-01
Limited view... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infectedTypeMalware / Domains
13javascripthttp://easyfunguide.at:8080/google.com/zylom.com/hc360: var HG;if(HG!='' && HG!='lp'){HG=''};va...
12javascripthttp://grywamtu.pl/public/ads/slider/ts3slider.js": document.write(unescape('%3C%73%63%72%69%70...
10javascripthttp://javlprni.ddns.name/stds/go.php?sid=1: i=0;try{prototype;}catch(z){h="harCode";f=['-33c-3...
5javascripthttp://tevythi.ru/count17.php: i=0;try{prototype;}catch(egewgsd){f=['-32w-32w64w61w-9w-1w59w70w...
4javascripthttp://private3.zapto.org/blog/vlqsryyacr.php?vaowv=NHcCqUFS&hrytewsfd=9889439&yjresfd=...
3javascripthttp://cheatsin.ru:8080: var n;if(n!=''){n='CD'};var Y="";var z;if(z!='HY' && z!='KW'){z=''};va...
2javascripthttp://youhelpnow.ru:8080: var L='';function P(){this.e='';var vT;if(vT!='' && vT!='cO'){vT=nul...
2javascripthttp://ugjypnu.eu/count25.php: if(window.document)aa=/s/g.exec("s").index+[];aaa='0';if(aa.inde...
1javascripthttp://www.thehitsusa.com/ad1.js": var enkripsi="'1Aqapkrv'02nclewceg'1F'00hctcqapkrv'00'02qpa'...
1javascripthttp://six.myads.name/system/caption.js": this.b=this.M="";this.A="";this.w=false;this.N=""; (f...
1javascripthttp://dex.myads.name/system/caption.js": this.b=this.M="";this.A="";this.w=false;this.N=""; (f...
1javascripthttp://dasretokfin.com/index.php": eval(unescape("document.write%28String.fromCharCode%2860%2C1...
22javascript<script src="http://ungogo.leftgod.com/c/ungogo.js" type="text/javascript"></script>
18javascript<script type="text/javascript" src="http://gamjamfest.com/4pbnb3zl.php?id=11413520"></script>
12javascript<script type="text/javascript" src="http://www.milbrandt.de/jslib.php"></script>
12javascript<script type="text/javascript" src="http://casinoreporting.com/wp-content/uploads/2013/06/temp/...
12javascript<script type="text/javascript" language="javascript" > function zzzfff() { var oe = document.cr...
11javascript<script type="text/javascript" src="http://www.itsallabouttheleaf.com/LRfpYQBG.php?id="></script>
11javascript<script type="text/javascript" src="http://visiondesigns.ca/backup-visions/colorbox/vncq3jfk.ph...
11javascript<script type="text/javascript" src="http://samara-beauty.zz.mu/dzm8T3qr.php?id=173016"></script>
Limited view... Only the top entries being displayed.