Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=colohealth.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://colohealth.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://colohealth.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=2592000 Connection: close Date: Mon, 22 Dec 2014 01:12:24 GMT Location: http://www.colohealth.com/ Server: Apache Vary: Accept-Encoding Content-Length: 298 Content-Type: text/html; charset=iso-8859-1 Expires: Wed, 21 Jan 2015 01:12:24 GMT | clean |
http://www.colohealth.com/ | 200 OK Content-Length: 19542 Content-Type: text/html | clean |
http://scripts.hashemian.com/js/countdown.js | 200 OK Content-Length: 2546 Content-Type: text/javascript | clean |
http://output59.rssinclude.com/output?type=js&id=709591&hash=77a242ee575ec6bfcb68aff6de6c856b | 200 OK Content-Length: 27950 Content-Type: text/javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.colohealth.com document.write(" <div id=\"rssincl-box-709591\">\n <div class=\"rssincl-content\">\n <div class=\"rssincl-entry\">\n <p class=\"rssincl-itemtitle\">\n <a href=\"http://www.colohealth.com/colohealthblog/medical-pricing/\" target=\"_blank\">\n Is Your Neighbor Paying Less for Medical Care? </a>\n </p>\n ...[3418 bytes skipped]... Decoded script: <div id="rssincl-box-709591"> <div class="rssincl-content"> <div class="rssincl-entry"> <p class="rssincl-itemtitle"> <a href="http://www.colohealth.com/colohealthblog/medical-pricing/" target="_blank"> Is Your Neighbor Paying Less for Medical Care? </a> </p> ...[28770 bytes skipped]... | ||
https://seal.verisign.com/getseal?host_name=www.colohealth.com&size=S&use_flash=YES&use_transparent=YES&lang=en | 200 OK Content-Length: 3921 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: www.colohealth.com <!-- dn="www.colohealth.com"; lang="en"; tpt="transparent"; vrsn_style="WW"; splash_url="https://trustsealinfo.websecurity.norton.com"; seal_url="https://seal.websecurity.norton.com"; u1=splash_url+"/splash?form_file=fdf/splash.fdf&dn="+dn+"&lang="+lang;u2=seal_url+"/getseal?at=0&sealid=2&dn="+dn+"&lang="+lang;u3=seal_url+"/getseal?at=1&sealid=2&dn="+dn+"&lang="+lang;var sopener;function vrsn_splash(){if(sope ...[3761 bytes skipped]... | ||
http://538.xg4ken.com/media/number-changer/voicestar/number-changer.php | 200 OK Content-Length: 235 Content-Type: application/javascript | clean |
https://m243.infusionsoft.com/app/webTracking/getTrackingCode?trackingId=633ff937382f00048fd7d2fdf21c1339 | 200 OK Content-Length: 3757 Content-Type: text/plain | clean |
http://m243.infusionsoft.com/test404page.js | HTTP/1.1 302 Found Connection: Keep-Alive Location: https://m243.infusionsoft.com/test404page.js Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
https://m243.infusionsoft.com/test404page.js | HTTP/1.1 302 Found Date: Mon, 22 Dec 2014 01:12:30 GMT Location: https://signin.infusionsoft.com?service=https%3A%2F%2Fm243.infusionsoft.com%2Fj_spring_cas_security_check Server: Apache-Coyote/1.1 Content-Length: 0 Content-Type: text/javascript;charset=UTF-8 Expires: Mon, 22 Dec 2014 13:12:30 GMT Set-Cookie: JSESSIONID=08F27DA96B82EF402212EBB1882EF0B4; Path=/; Secure; HttpOnly Set-Cookie: app-lb=386269194.20480.0000; path=/ X-Cnection: close | clean |
https://signin.infusionsoft.com?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/ | HTTP/1.1 302 Found Date: Mon, 22 Dec 2014 01:12:32 GMT Location: https://signin.infusionsoft.com/login?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/ Content-Length: 0 Content-Type: text/html;charset=UTF-8 Set-Cookie: app-lb=319291402.20480.0000; path=/ Set-Cookie: TS1b1025=d876a405831f30d22c36c21e57e84e77544c2097db425ecc54976fff431c4549669001e6; Path=/; Secure; HTTPOnly Set-Cookie: TS1b1025_28=d053ad5cd4b378f8d5ec3511a5c04cd9544c2097db425ecc00000000000000000054976fff544c2097db425ecc; Path=/; Secure; HTTPOnly X-Cnection: close X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN | clean |
https://signin.infusionsoft.com/login?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/ | 200 OK Content-Length: 17129 Content-Type: text/html | clean |
https://signin.infusionsoft.com/js/jquery-1.11.0/jquery-1.11.0.min.js;jsessionid=09225F38CD620F836D0B3B124E808BB4 | 200 OK Content-Length: 96381 Content-Type: text/javascript | clean |
http://m243.infusionsoft.com/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=09225F38CD620F836D0B3B124E808BB4 | HTTP/1.1 302 Found Connection: Keep-Alive Location: https://m243.infusionsoft.com/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=09225F38CD620F836D0B3B124E808BB4 Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
https://m243.infusionsoft.com/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=09225f38cd620f836d0b3b124e808bb4 | HTTP/1.1 302 Found Date: Mon, 22 Dec 2014 01:12:36 GMT Location: https://signin.infusionsoft.com?service=https%3A%2F%2Fm243.infusionsoft.com%2Fj_spring_cas_security_check Server: Apache-Coyote/1.1 Content-Length: 0 Expires: Mon, 22 Dec 2014 13:12:36 GMT Set-Cookie: JSESSIONID=BCC9E2DB74CA773F26A24BACE9D48F8F; Path=/; Secure; HttpOnly Set-Cookie: app-lb=386269194.20480.0000; path=/ X-Cnection: close | clean |
http://signin.infusionsoft.com?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/test404page.js | HTTP/1.1 302 Found Connection: Keep-Alive Location: https://signin.infusionsoft.com/?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/test404page.js Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
https://signin.infusionsoft.com/?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/test404page.js | HTTP/1.1 302 Found Date: Mon, 22 Dec 2014 01:12:38 GMT Location: https://signin.infusionsoft.com/login?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/test404page.js Content-Length: 0 Content-Type: text/html;charset=UTF-8 Set-Cookie: app-lb=185073674.20480.0000; path=/ Set-Cookie: TS1b1025=b9b8c397dfd5e4b62d3b3bf659cc5745cec3876a4e8f91f254977005431c4549cae1bce6; Path=/; Secure; HTTPOnly Set-Cookie: TS1b1025_28=470b00e8f3d6b61fbb9ae1f24171c3ebcec3876a4e8f91f200000000000000000054977005cec3876a4e8f91f2; Path=/; Secure; HTTPOnly X-Cnection: close X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN | clean |
https://signin.infusionsoft.com/login?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/test404page.js | 200 OK Content-Length: 17143 Content-Type: text/html | clean |
https://signin.infusionsoft.com/js/jquery-1.11.0/jquery-1.11.0.min.js;jsessionid=5B3BCED3A26ABAB7754FD3A29774229D | 200 OK Content-Length: 96381 Content-Type: text/javascript | clean |
http://signin.infusionsoft.com?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=5B3BCED3A26ABAB7754FD3A29774229D | HTTP/1.1 302 Found Connection: Keep-Alive Location: https://signin.infusionsoft.com/?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=5B3BCED3A26ABAB7754FD3A29774229D Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
https://signin.infusionsoft.com/?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=5b3bced3a26abab7754fd3a29774229d | HTTP/1.1 302 Found Date: Mon, 22 Dec 2014 01:12:42 GMT Location: https://signin.infusionsoft.com/login?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=5b3bced3a26abab7754fd3a29774229d Content-Length: 0 Content-Type: text/html;charset=UTF-8 Set-Cookie: app-lb=319291402.20480.0000; path=/ Set-Cookie: TS1b1025=9484eefa1208602e42db99cc33162b807cd0dac1c18c4fc854977009431c4549669001e6; Path=/; Secure; HTTPOnly Set-Cookie: TS1b1025_28=e4d82bd92c69a84502f2407338dda57c7cd0dac1c18c4fc8000000000000000000549770097cd0dac1c18c4fc8; Path=/; Secure; HTTPOnly X-Cnection: close X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN | clean |
https://signin.infusionsoft.com/login?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=5b3bced3a26abab7754fd3a29774229d | 200 OK Content-Length: 17211 Content-Type: text/html | clean |
https://signin.infusionsoft.com/js/jquery-1.11.0/jquery-1.11.0.min.js;jsessionid=8169E669592360662D545F6E891D9FA8 | 200 OK Content-Length: 96381 Content-Type: text/javascript | clean |
http://signin.infusionsoft.com?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=8169E669592360662D545F6E891D9FA8 | HTTP/1.1 302 Found Connection: Keep-Alive Location: https://signin.infusionsoft.com/?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=8169E669592360662D545F6E891D9FA8 Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
https://signin.infusionsoft.com/?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=8169e669592360662d545f6e891d9fa8 | HTTP/1.1 302 Found Date: Mon, 22 Dec 2014 01:12:46 GMT Location: https://signin.infusionsoft.com/login?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=8169e669592360662d545f6e891d9fa8 Content-Length: 0 Content-Type: text/html;charset=UTF-8 Set-Cookie: app-lb=168296458.20480.0000; path=/ Set-Cookie: TS1b1025=de22bd7afb3c650eb9a3f3062dd65d868f2dc1b738ea9a6a5497700e431c454977a70f4c; Path=/; Secure; HTTPOnly Set-Cookie: TS1b1025_28=62a6e3f3da9af654aa5f79d5308f7b1b8f2dc1b738ea9a6a0000000000000000005497700e8f2dc1b738ea9a6a; Path=/; Secure; HTTPOnly X-Cnection: close X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN | clean |
https://signin.infusionsoft.com/login?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=8169e669592360662d545f6e891d9fa8 | 200 OK Content-Length: 17213 Content-Type: text/html | clean |
https://signin.infusionsoft.com/js/jquery-1.11.0/jquery-1.11.0.min.js;jsessionid=5A855D18074B64AB4EC00240B6A97128 | 200 OK Content-Length: 96381 Content-Type: text/javascript | clean |
http://signin.infusionsoft.com?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=5A855D18074B64AB4EC00240B6A97128 | HTTP/1.1 302 Found Connection: Keep-Alive Location: https://signin.infusionsoft.com/?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=5A855D18074B64AB4EC00240B6A97128 Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
https://signin.infusionsoft.com/?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=5a855d18074b64ab4ec00240b6a97128 | HTTP/1.1 302 Found Date: Mon, 22 Dec 2014 01:12:49 GMT Location: https://signin.infusionsoft.com/login?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=5a855d18074b64ab4ec00240b6a97128 Content-Length: 0 Content-Type: text/html;charset=UTF-8 Set-Cookie: app-lb=336068618.20480.0000; path=/ Set-Cookie: TS1b1025=05bcfdfac2818f516ac2f8d9e161a22ac976a1ae8eb2517954977011431c454980507999; Path=/; Secure; HTTPOnly Set-Cookie: TS1b1025_28=292b3dd42d04b351ce4d9b1889385437c976a1ae8eb2517900000000000000000054977011c976a1ae8eb25179; Path=/; Secure; HTTPOnly X-Cnection: close X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN | clean |
https://signin.infusionsoft.com/login?service=https%3a%2f%2fm243.infusionsoft.com%2fj_spring_cas_security_check/bootstrap-3.2.0-dist/js/bootstrap.min.js;jsessionid=5a855d18074b64ab4ec00240b6a97128 | 200 OK Content-Length: 17212 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: colohealth.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=2592000
Connection: close
Date: Mon, 22 Dec 2014 01:12:24 GMT
Location: http://www.colohealth.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 298
Content-Type: text/html; charset=iso-8859-1
Expires: Wed, 21 Jan 2015 01:12:24 GMT
...298 bytes of data.
GET / HTTP/1.1
Host: colohealth.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=2592000
Connection: close
Date: Mon, 22 Dec 2014 01:12:24 GMT
Location: http://www.colohealth.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 298
Content-Type: text/html; charset=iso-8859-1
Expires: Wed, 21 Jan 2015 01:12:24 GMT
...298 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: colohealth.com
Referer: http://www.google.com/search?q=colohealth.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: colohealth.com
Referer: http://www.google.com/search?q=colohealth.com
Result:
The result is similar to the first query. There are no suspicious redirects found.