Scanned pages/files
| Request | Server response | Status |
http://clintwatson.net/ | 200 OK Content-Length: 29972 Content-Type: text/html | clean |
http://clintwatson.net/styles/faso-light/js/modernizr.min.js | 200 OK Content-Length: 15416 Content-Type: application/x-javascript | clean |
http://clintwatson.net/styles/faso-light/js/device.min.js | 200 OK Content-Length: 2606 Content-Type: application/x-javascript | clean |
http://clintwatson.net//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Sat, 02 Aug 2014 05:21:18 GMT Location: http://clintwatson.net/ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://clintwatson.net/ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js | 404 Not Found Content-Length: 8985 Content-Type: text/html | clean |
http://clintwatson.net/styles/faso-light/js/plugins.js | 200 OK Content-Length: 22483 Content-Type: application/x-javascript | clean |
http://clintwatson.net/styles/faso-light/js/main.js | HTTP/1.1 301 Moved Permanently Date: Sat, 02 Aug 2014 05:21:25 GMT Location: http://canvoo.com/styles/faso-light/js/main.js Server: Microsoft-IIS/6.0 Content-Length: 0 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By: PHP/5.3.5 | clean |
http://canvoo.com/styles/faso-light/js/main.js | 404 Not Found Content-Length: 4325 Content-Type: text/html | clean |
http://canvoo.com/ | 200 OK Content-Length: 3523 Content-Type: text/html | clean |
http://canvoo.com/new/js/jquery-1.4.1.min.js | 200 OK Content-Length: 70842 Content-Type: application/x-javascript | clean |
http://canvoo.com/new/js/jquery.carousel.js | 200 OK Content-Length: 6519 Content-Type: application/x-javascript | clean |
http://canvoo.com/new/js/facebox/facebox.js | 200 OK Content-Length: 9122 Content-Type: application/x-javascript | clean |
http://canvoo.com/new/js/common.js | 200 OK Content-Length: 2994 Content-Type: application/x-javascript | clean |
http://data.fineartstudioonline.com/admin/analytics/analytics.js | 200 OK Content-Length: 992 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function qsrequest( name )
{ name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]"); var regexS = "[\\?&]"+name+"=([^&#]*)"; var regex = new RegExp( regexS ); var results = regex.exec( window.location.href ); if( results == null ) return ""; else return results[1]; } var promo=encodeURIComponent(qsrequest('promo')); var url=encodeURIComponent(document.location.href); var title=encodeURIComponent var gclid=encodeURIComponent(qsrequest('gclid')); var str_ref = url.indexOf('/ref/'); if (str_ref > 0 ) { var ary_ref = url.split('/'); promo = ary_ref(4); alert ('promo' + promo); } document.write('<iframe src="http://data.fineartstudioonline.com/admin/analytics/?ref=' + refurl + '&url=' + url +'&promo=' + promo + '&gclid=' + gclid + '" width="0px" height="0px"></iframe>'); Antivirus reports:
| ||
http://static.getclicky.com/js | 200 OK Content-Length: 17505 Content-Type: application/x-javascript | clean |
http://canvoo.com/products | 200 OK Content-Length: 5834 Content-Type: text/html | clean |
http://canvoo.com/fineartviews | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 02 Aug 2014 05:21:32 GMT Location: http://canvoo.com/fineartviews/ Server: Microsoft-IIS/6.0 Content-Length: 154 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://canvoo.com/fineartviews/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Sat, 02 Aug 2014 05:21:32 GMT Location: http://faso.com/art-marketing-newsletter Server: Microsoft-IIS/6.0 Content-Length: 0 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://faso.com/art-marketing-newsletter | HTTP/1.1 301 Moved Permanently Date: Sat, 02 Aug 2014 05:21:28 GMT Location: http://faso.com/art-marketing-newsletter/ Server: Microsoft-IIS/7.5 Content-Length: 164 Content-Type: text/html; charset=UTF-8 X-Powered-By: ASP.NET | clean |
http://faso.com/art-marketing-newsletter/ | 200 OK Content-Length: 12578 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: clintwatson.net
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sat, 02 Aug 2014 05:21:15 GMT
Server: Microsoft-IIS/7.5
Content-Type: text/html; Charset=windows-1252
Set-Cookie: faso%5Flanding%5Fpage=http%3A%2F%2Fclintwatson%2Enet%2Fdataviewer%2Easp; path=/
Set-Cookie: test%5Fcookie=test; path=/
X-Powered-By: ASP.NET
GET / HTTP/1.1
Host: clintwatson.net
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sat, 02 Aug 2014 05:21:15 GMT
Server: Microsoft-IIS/7.5
Content-Type: text/html; Charset=windows-1252
Set-Cookie: faso%5Flanding%5Fpage=http%3A%2F%2Fclintwatson%2Enet%2Fdataviewer%2Easp; path=/
Set-Cookie: test%5Fcookie=test; path=/
X-Powered-By: ASP.NET
Second query (visit from search engine):
GET / HTTP/1.1
Host: clintwatson.net
Referer: http://www.google.com/search?q=clintwatson.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: clintwatson.net
Referer: http://www.google.com/search?q=clintwatson.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=clintwatson.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://clintwatson.net/
Result: clintwatson.net is not infected or malware details are not published yet.
Result: clintwatson.net is not infected or malware details are not published yet.