SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. mw-iframe-suspiciousport

mw-iframe-suspiciousport

Description: A suspicious iframe (malframe) was identified on the site. It is using a non-standard port and generally coming from another compromised server.

Very common injection during 2013 Sep/Oct. Some domains being used in the injection:


http://yrbynus.sytes.net:12601/classes/gentoo.php
http://findersslicing.biz:7761/customer_login/
.. and many more..

Those are often used to redirect the browser to SEO spam sites via a TDS. .

Affecting: Any web site (no specific target).

Clean up: Nothing specific.

Last update: 2013/Oct

Malware dump: