Iniframe Redirectors

Appears to be redirecting to Sakura Exploit Kit

HTTP Request Method = GET
HTTP URI = */iniframe/*

Regex the referer field

\/iniframe\/[a-f0-9]{32}\/[0-9]+?\/[a-f0-9]{32}\/[a-f0-9]{32}$

Examples:

hxxp://799294ed7a.reokranz.be/iniframe/f56e61c52371689966a6bce3fe6f6e3c/81/bb225f4a2afbb9715f0a959f4639e5f2/7516fd43adaa5e0b8a65a672c39845d2
hxxp://b74ed095f1.reokranz.be/iniframe/ba5bfdbf5874f0863873a17a8caaad8f/83/baf0d61ea2763c1d29e00d12c6b68216/7516fd43adaa5e0b8a65a672c39845d2
hxxp://bddab46581.reokranz.be/iniframe/f56e61c52371689966a6bce3fe6f6e3c/81/0c1bbb4ea4fa82971ac28e1f3e119cac/7516fd43adaa5e0b8a65a672c39845d2
hxxp://799294ed7a.reokranz.be/iniframe/f56e61c52371689966a6bce3fe6f6e3c/81/bb225f4a2afbb9715f0a959f4639e5f2/7516fd43adaa5e0b8a65a672c39845d2
hxxp://654f9f419a.kmadre.info/iniframe/f56e61c52371689966a6bce3fe6f6e3c/81/57e48cfcc3c02ff269ed966fb8397b92/7516fd43adaa5e0b8a65a672c39845d2
hxxp://654f9f419a.kmadre.info/iniframe/f56e61c52371689966a6bce3fe6f6e3c/81/57e48cfcc3c02ff269ed966fb8397b92/7516fd43adaa5e0b8a65a672c39845d2
hxxp://e7ff634389.reokranz.be/iniframe/f56e61c52371689966a6bce3fe6f6e3c/81/81c53e3f8c8bf6b2aaabb22c9390fbe0/7516fd43adaa5e0b8a65a672c39845d2
hxxp://e7ff634389.reokranz.be/iniframe/f56e61c52371689966a6bce3fe6f6e3c/81/81c53e3f8c8bf6b2aaabb22c9390fbe0/7516fd43adaa5e0b8a65a672c39845d2

Comments are closed.