Iframe Bigdeal777(dot)com Mass Infection

Internal honeypots have reported a lot of websites infected with a hidden and malicious iframe code that is added at the end of the HTML tag or before the BODY tag of the page, the malicious iframe looks like this:


Download the iframe code (pass is novirusthanks.org):

iframe.zip / 1 KB

Here is a small list of websites infected with this malicious code:

angelofdeath .pl
megavid .pl
invertus .lt
gelincikgiyim .de
ganacarne .com
strekowagora .cba .pl
nurevi .net
bijoux-fantaisie-online .com
f4c-test .1gb .ru
die-baurs .info
trenuje24 .pl
satalbak .com

Details about the malicious domain:

Website: bigdeal777 .com
Domain Hash: c87366528f961835580ae7c78f4a8903
IP Address:
IP Hostname: static.
IP Country: -- (--)
AS Number: 24940
AS Name: HETZNER-AS Hetzner Online AG RZ
Organization: serveradmin.pl S.C.

URLVoid report:


Random Posts

Previous Posts