Stats.php is a huge and distributed malware network, which is made of lots of compromised websites. All of the hijacked websites involve an iframe tag in which the src URL is hackedsite[dot]com/stats.php. Stats.php is a malicious file, which is a part of an iFrame Injection attack. When injected, these iFrames can be controlled to propagate malware infections as well as be used to add drive-by downloads and other types of browser-related attacks. Even though the actual vector is unidentified, Stats.php has been recognized on websites with known outdated security tools and known vulnerable versions.