Scanned pages/files
| Request | Server response | Status |
http://faso.us/ | HTTP/1.1 404 Not Found Cache-Control: private Connection: close Date: Wed, 03 Sep 2014 22:03:26 GMT Location: http://fineartstudioonline.com Server: Microsoft-IIS/7.5 Content-Length: 18 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://fineartstudioonline.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Date: Wed, 03 Sep 2014 22:03:30 GMT Location: http://faso.com/ Server: Microsoft-IIS/6.0 Content-Length: 0 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCBSTCCD=NGBIBCMDJHMKILLCDIILGJPN; path=/ X-Powered-By: ASP.NET | clean |
http://faso.com/ | 200 OK Content-Length: 30649 Content-Type: text/html | clean |
http://faso.com/static/js/showhide.js | 200 OK Content-Length: 3170 Content-Type: application/x-javascript | clean |
http://faso.us//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Date: Wed, 03 Sep 2014 22:03:23 GMT Location: http://links.fineartstudioonline.com/links/1.49838729633054E+88 Server: Microsoft-IIS/6.0 Content-Length: 292 Content-Type: text/html Set-Cookie: ASPSESSIONIDACRARQCT=EDMMIPHDFIKLBOFKPIIAHKAL; path=/ X-Powered-By: ASP.NET | clean |
http://links.fineartstudioonline.com/links/1.49838729633054e+88 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 03 Sep 2014 22:03:26 GMT Location: http://faso.com/brushbuzz/links/1.49838729633054e+88 Server: Microsoft-IIS/6.0 Content-Length: 17543 Content-Type: text/html; charset=utf-8 X-Powered-By: ASP.NET X-Powered-By: PHP/5.3.5 | clean |
http://faso.com/brushbuzz/links/1.49838729633054e+88 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://faso.com/test404page.js | 404 Not Found Content-Length: 12068 Content-Type: text/html | clean |
http://faso.com//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js/ | 404 Not Found Content-Length: 12068 Content-Type: text/html | clean |
http://faso.com.edgesuite.net/static/js/jquery.cookie.js | 200 OK Content-Length: 4341 Content-Type: application/x-javascript | clean |
http://faso.com.edgesuite.net/static/js/easySlider1.7.js | 200 OK Content-Length: 7060 Content-Type: application/x-javascript | clean |
http://faso.com.edgesuite.net/static/js/signup.js | 200 OK Content-Length: 1739 Content-Type: application/x-javascript | clean |
http://faso.com/static/js/tipsy.js | 200 OK Content-Length: 10043 Content-Type: application/x-javascript | clean |
https://static.getclicky.com/js | 200 OK Content-Length: 17505 Content-Type: application/x-javascript | clean |
http://data.fineartstudioonline.com/admin/analytics/analytics.js | 200 OK Content-Length: 1366 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function qsrequest( name )
{ name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]"); var regexS = "[\\?&]"+name+"=([^&#]*)"; var regex = new RegExp( regexS ); var results = regex.exec( window.location.href ); if( results == null ) return ""; else return results[1]; } var promo=encodeURIComponent(qsrequest('promo')); var url=encodeURIComponent(document.location.href); var title=encodeURIComponent if(window.location.hash) { var hash = window.location.hash.substring(1); var str_fcid = hash; var ary_fcid = str_fcid.split('fcid='); fcid = ary_fcid[1]; } document.write('<iframe src="http://data.fineartstudioonline.com/admin/analytics/?ref=' + refurl + '&url=' + url +'&promo=' + promo + '&gclid=' + gclid + '&fcid=' + fcid + '" width="0px" height="0px"></iframe>'); Antivirus reports:
| ||
http://data.fineartstudioonline.com/styles/default/fasostatsexternal.js | 200 OK Content-Length: 4733 Content-Type: application/x-javascript | clean |
http://faso.com.edgesuite.net/static/js/bd.js | 200 OK Content-Length: 229 Content-Type: application/x-javascript | clean |
http://faso.com/blog | 200 OK Content-Length: 32241 Content-Type: text/html | clean |
http://faso.com/static/js/jquery.js | 200 OK Content-Length: 54267 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: faso.us
Result:
HTTP/1.1 404 Not Found
Cache-Control: private
Connection: close
Date: Wed, 03 Sep 2014 22:03:26 GMT
Location: http://fineartstudioonline.com
Server: Microsoft-IIS/7.5
Content-Length: 18
Content-Type: text/html
X-Powered-By: ASP.NET
...18 bytes of data.
GET / HTTP/1.1
Host: faso.us
Result:
HTTP/1.1 404 Not Found
Cache-Control: private
Connection: close
Date: Wed, 03 Sep 2014 22:03:26 GMT
Location: http://fineartstudioonline.com
Server: Microsoft-IIS/7.5
Content-Length: 18
Content-Type: text/html
X-Powered-By: ASP.NET
...18 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: faso.us
Referer: http://www.google.com/search?q=faso.us
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: faso.us
Referer: http://www.google.com/search?q=faso.us
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=faso.us
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://faso.us/
Result: faso.us is not infected or malware details are not published yet.
Result: faso.us is not infected or malware details are not published yet.