Scanned pages/files
| Request | Server response | Status |
http://jimsmitherwatercolors.com/ | HTTP/1.1 404 Not Found Cache-Control: private Connection: close Date: Sun, 31 Aug 2014 05:43:28 GMT Location: http://fineartstudioonline.com Server: Microsoft-IIS/6.0 Content-Length: 18 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://fineartstudioonline.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Date: Sun, 31 Aug 2014 05:43:28 GMT Location: http://faso.com/ Server: Microsoft-IIS/6.0 Content-Length: 0 Content-Type: text/html Set-Cookie: ASPSESSIONIDQCAQQABB=OGOPPKFBCBDOBMCHHBBDHFLK; path=/ X-Powered-By: ASP.NET | clean |
http://faso.com/ | 200 OK Content-Length: 30649 Content-Type: text/html | clean |
http://faso.com/static/js/showhide.js | 200 OK Content-Length: 3170 Content-Type: application/x-javascript | clean |
http://jimsmitherwatercolors.com//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js/ | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://jimsmitherwatercolors.com/test404page.js | HTTP/1.1 404 Not Found Cache-Control: private Connection: close Date: Sun, 31 Aug 2014 05:43:31 GMT Location: http://fineartstudioonline.com Server: Microsoft-IIS/6.0 Content-Length: 18 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://fineartstudioonline.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Sun, 31 Aug 2014 05:43:29 GMT Location: http://faso.com/test404page.js Server: Microsoft-IIS/6.0 Content-Length: 0 Content-Type: text/html Set-Cookie: ASPSESSIONIDCADSRDBD=IKAJFAABGOLOAJGAGFBMNPHN; path=/ X-Powered-By: ASP.NET | clean |
http://faso.com/test404page.js | 404 Not Found Content-Length: 12068 Content-Type: text/html | clean |
http://faso.com//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js/ | 404 Not Found Content-Length: 12068 Content-Type: text/html | clean |
http://faso.com.edgesuite.net/static/js/jquery.cookie.js | 200 OK Content-Length: 4341 Content-Type: application/x-javascript | clean |
http://faso.com.edgesuite.net/static/js/easySlider1.7.js | 200 OK Content-Length: 7060 Content-Type: application/x-javascript | clean |
http://faso.com.edgesuite.net/static/js/signup.js | 200 OK Content-Length: 1739 Content-Type: application/x-javascript | clean |
http://faso.com/static/js/tipsy.js | 200 OK Content-Length: 10043 Content-Type: application/x-javascript | clean |
https://static.getclicky.com/js | 200 OK Content-Length: 17505 Content-Type: application/x-javascript | clean |
http://data.fineartstudioonline.com/admin/analytics/analytics.js | 200 OK Content-Length: 1366 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function qsrequest( name )
{ name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]"); var regexS = "[\\?&]"+name+"=([^&#]*)"; var regex = new RegExp( regexS ); var results = regex.exec( window.location.href ); if( results == null ) return ""; else return results[1]; } var promo=encodeURIComponent(qsrequest('promo')); var url=encodeURIComponent(document.location.href); var title=encodeURIComponent if(window.location.hash) { var hash = window.location.hash.substring(1); var str_fcid = hash; var ary_fcid = str_fcid.split('fcid='); fcid = ary_fcid[1]; } document.write('<iframe src="http://data.fineartstudioonline.com/admin/analytics/?ref=' + refurl + '&url=' + url +'&promo=' + promo + '&gclid=' + gclid + '&fcid=' + fcid + '" width="0px" height="0px"></iframe>'); Antivirus reports:
| ||
http://data.fineartstudioonline.com/styles/default/fasostatsexternal.js | 200 OK Content-Length: 4733 Content-Type: application/x-javascript | clean |
http://faso.com.edgesuite.net/static/js/bd.js | 200 OK Content-Length: 229 Content-Type: application/x-javascript | clean |
http://faso.com/blog | 200 OK Content-Length: 32354 Content-Type: text/html | clean |
http://faso.com/static/js/jquery.js | 200 OK Content-Length: 54267 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: jimsmitherwatercolors.com
Result:
HTTP/1.1 404 Not Found
Cache-Control: private
Connection: close
Date: Sun, 31 Aug 2014 05:43:28 GMT
Location: http://fineartstudioonline.com
Server: Microsoft-IIS/6.0
Content-Length: 18
Content-Type: text/html
X-Powered-By: ASP.NET
...18 bytes of data.
GET / HTTP/1.1
Host: jimsmitherwatercolors.com
Result:
HTTP/1.1 404 Not Found
Cache-Control: private
Connection: close
Date: Sun, 31 Aug 2014 05:43:28 GMT
Location: http://fineartstudioonline.com
Server: Microsoft-IIS/6.0
Content-Length: 18
Content-Type: text/html
X-Powered-By: ASP.NET
...18 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: jimsmitherwatercolors.com
Referer: http://www.google.com/search?q=jimsmitherwatercolors.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: jimsmitherwatercolors.com
Referer: http://www.google.com/search?q=jimsmitherwatercolors.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jimsmitherwatercolors.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jimsmitherwatercolors.com/
Result: jimsmitherwatercolors.com is not infected or malware details are not published yet.
Result: jimsmitherwatercolors.com is not infected or malware details are not published yet.