Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Sucuri Research Labs

The home of our Security Operations Group, including our Malware Research and Incident Response teams.

It's quite common that hosting providers have templates set for pages like 40x and 50x error pages but it's uncommon for those templates to have ads in them, or even worse, having malvertising that will blacklist your site.

Read More ...

Dealing with Black Hat SEO injections on our daily operation is always fun and challenging at the same time. One day, we may work with heavily obfuscated codes but on another, it can be just spam in plain-text waiting to be removed.

Read More ...

We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation methods to keep it hidden from prying eyes:

Read More ...

We’ve come across an interesting approach to injecting credit card swipers into Magento web pages.

Instead of injecting a real script, attackers insert a seemingly benign, invisible image from the same site. The catch is, the <img> tag has an "onload" event handler that loads the malicious script.

The injected HTML code looks like this:

Read More ...

We discovered a xmlrpc.php brute-force tool in a malicious PHP script that appears to have been uploaded months ago after a vulnerable GDPR plugin exploit:

Read More ...

Latest malware entries

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infectedTypeMalware / Domains
55iframehttp://poseyhumane.org/stats.php
6iframehttp://zumobtr.ru/gate.php?f=1041671
6iframehttp://ads.rzb.ir/image.php?size_id=7
4iframehttp://www.cascadecowcutters.org/wp-content/upgrade/update.php
4iframehttp://couriertracking247.in/
2iframehttp://stjohnsdryden.org/img/common/download.php
2iframehttp://bucknine.cf/visionovni17.html
1iframehttp://www.trypie.info/update.php
1iframehttp://vefire.ru/apps/11/
1iframehttp://criosfera.cf/marahmerah17.html
Limited view... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infectedTypeMalware / Domains
9redirectionshttp://goodhotwebmart.in/
6redirectionshttp://www.mpzbearing.in/
5redirectionshttp://portal-d.pw/XcTyTp
4redirectionshttp://default7.com
4redirectionshttp://alfsystem.com.my/includes/domit/1.php
2redirectionshttp://wwwjazztel.com/?folio=9PO6Z3MVF
2redirectionshttp://ww1.zibahairsalon.com/?folio=9POGF6H4I
2redirectionshttp://ww1.mtclassificados.net/?folio=9POGF6H4I
2redirectionshttp://top-24h-can-store.com/redirect.php?z=viagra
2redirectionshttp://summerphotography.net/?folio=9PO6Z3MVF
2redirectionshttp://slonova-gora.com/?folio=9POGF6H4I
2redirectionshttp://nubiangraphics.com/?folio=9PO6Z3MVF
2redirectionshttp://myflippincoach.biz/Deals/MyFlippinCoach/
2redirectionshttp://mathaids.com/?folio=9PO6Z3MVF
2redirectionshttp://luxurytds.com/go.php?sid=
2redirectionshttp://luckyherbssupply.in/
2redirectionshttp://laatminute.com/?folio=9PO6Z3MVF
2redirectionshttp://huaweidevices.es/?folio=9POGF6H4I
2redirectionshttp://hotmp3s.com/?folio=9PO6Z3MVF
2redirectionshttp://goldpole.com/?folio=9PO6Z3MVF
Limited view... Only the top entries being displayed.

Spammers

Latest spammers we have detected sending comment, forum or SEO spam.

# of sites infectedTypeMalware / Domains
20spammerhttp://123livesex.com/,forumspam,2014-01
20spammerhttp://20min.ch,forumspam,2014-01
20spammerhttp://90210daily.com/,forumspam,2014-01
20spammerhttp://EzAdBlaster.com,forumspam,2014-01
20spammerhttp://absolutefringe.com,forumspam,2014-01
20spammerhttp://adaptfunrun.org/,forumspam,2014-01
20spammerhttp://andresmarcossanchez.com/MichaelKors/ ,forumspam,2014-01
20spammerhttp://appliancelandinc.com/,forumspam,2014-01
20spammerhttp://audiobookkeeper.ru/,forumspam,2014-01
20spammerhttp://australiainternetsearch.com/,forumspam,2014-01
20spammerhttp://autism.sedl.org/index.php/about-us,forumspam,2014-01
20spammerhttp://axanaxplease.com/,forumspam,2014-01
20spammerhttp://ayurvedatradicional.com/wordpress/ ,forumspam,2014-01
20spammerhttp://azezhomeloans.com/body.html,forumspam,2014-01
20spammerhttp://baltimorecomiccon.com/sponsors/,forumspam,2014-01
20spammerhttp://bashkiaprrenjas.com/,forumspam,2014-01
20spammerhttp://bellezzaamica.it/Moncler-Sale-With-Free-Shipping.html,forumspam,2014-01
20spammerhttp://birdsofstkittsnevis.com/files/,forumspam,2014-01
20spammerhttp://bmaphoenix.org/young-professionals/,forumspam,2014-01
20spammerhttp://bradblaze.com.au/,forumspam,2014-01
Limited view... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infectedTypeMalware / Domains
12javascripthttp://div-class-container.ru/m/": var a910ab1=[855,915,955,960,973,887,970,971,976,963,956,916...
22javascript<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c...
20javascript<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c...
17javascript<script src="http://pops.virgilio.us/pop.php?id=1"></script>
10javascript<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c...
9javascript<script type="text/javascript">var pid='52877';var pixel='468x60';var c_pid='YWQ2LmV1';var pare...
9javascript<script type="text/javascript" src="http://psicholog-msk.ru/scripts/kd7tvnbv.php?id=3023929"></...
3javascript<script>izs=19099;tm="168242";</script><script language="JavaScript" type="text/JavaScript" cha...
2javascript<script type="text/javascript" src="http://ledomaine-miltat.fr/crbst_pa_0_p_22dshk39np8ay/wqqry...
1javascript<script type="text/javascript" src="http://ledomaine-miltat.fr/crbst_pa_0_p_22dshk39np8ay/wqqry...
Limited view... Only the top entries being displayed.