diff --git a/definitions/patterns_iraw.txt b/definitions/patterns_iraw.txt
index 9a5da94..bfa9aca 100644
--- a/definitions/patterns_iraw.txt
+++ b/definitions/patterns_iraw.txt
@@ -1,7 +1,7 @@
-#This file contains raw strings that will be matched case-insensitive.
-#Comments and whitespace are possible, but comments must have '#' at the first character of the line.
+# This file contains raw strings that will be matched case-insensitive.
+# Comments and whitespace are possible, but comments must have '#' at the first character of the line.
 
-#List of security service providers that phishers often block.
+# List of security service providers that phishers often block.
 abovenet
 avira
 bitdefender
@@ -17,3 +17,6 @@ phishtank
 sophos
 surfright
 symantec
+
+# SEO poison, pharmacy redirect
+dealonline.su
\ No newline at end of file
diff --git a/definitions/patterns_raw.txt b/definitions/patterns_raw.txt
index bef302a..8f62ca1 100644
--- a/definitions/patterns_raw.txt
+++ b/definitions/patterns_raw.txt
@@ -371,3 +371,7 @@ ZeroByte
 
 # JS escaped: String.fromCharCode(
 83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 40
+
+# SEO poisoning control site call
+"http://$xxx
+?useragent=$botbotbot
diff --git a/definitions/patterns_re.txt b/definitions/patterns_re.txt
index 47a5f76..fa5f1fe 100644
--- a/definitions/patterns_re.txt
+++ b/definitions/patterns_re.txt
@@ -40,6 +40,9 @@ Googlebot['"]{0,1}\s*\)\){echo\s+file_get_contents
 #execute base64 code
 eVaL\(\s*trim\(\s*baSe64_deCoDe\(
 
+# execute escaped code
+exec\("(\\[0-9a-fx]{2,3}){3,}
+
 #
 if\s*\(\s*mail\s*\(\s*\$mails\[\$i\]\s*,\s*\$tema\s*,\s*base64_encode\s*\(\s*\$text
 
@@ -110,4 +113,7 @@ function\s+_[0-9]{8,}\(
 @include ".*?(\\x[0-9a-f]{2,}.*?){2,}.*?";
 
 # create_function is dangerous as like eval() see http://php.net/manual/en/function.create-function.php
-create_function\s*\(\s*['"]{2}
\ No newline at end of file
+create_function\s*\(\s*['"]{2}
+
+# control concated from cookie at the call
+(\$[a-z]{2,}=urldecode\(\$_COOKIE\['[a-z]{2,}'\]\);){3,}
\ No newline at end of file