Scanned pages/files
| Request | Server response | Status |
http://jmiley.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Thu, 14 Aug 2014 03:22:20 GMT Age: 1 Location: http://www.youravon.com/jeanmiley Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.youravon.com/jeanmiley | HTTP/1.1 302 Found Connection: Keep-Alive Date: Thu, 14 Aug 2014 03:22:22 GMT Location: http://jeanmiley.avonrepresentative.com/ Server: IBM_HTTP_Server Content-Length: 292 Content-Type: text/html; charset=iso-8859-1 Keep-Alive: timeout=10 | clean |
http://jeanmiley.avonrepresentative.com/ | 200 OK Content-Length: 49847 Content-Type: text/html | clean |
http://jeanmiley.avonrepresentative.com//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/ | 200 OK Content-Length: 49987 Content-Type: text/html | clean |
http://jeanmiley.avonrepresentative.com//ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js/ | 200 OK Content-Length: 49997 Content-Type: text/html | clean |
http://jeanmiley.avonrepresentative.com/compiled/en_US/frontend/js.js | 200 OK Content-Length: 266951 Content-Type: application/x-javascript | clean |
http://jeanmiley.avonrepresentative.com/compiled/en_US/frontend/js/form.js | 200 OK Content-Length: 103389 Content-Type: application/x-javascript | clean |
http://jeanmiley.avonrepresentative.com/compiled/en_US/frontend/home/js.js | 200 OK Content-Length: 1248 Content-Type: application/x-javascript | clean |
http://jeanmiley.avonrepresentative.com/about | 200 OK Content-Length: 14664 Content-Type: text/html | clean |
http://jeanmiley.avonrepresentative.com/opportunity | 200 OK Content-Length: 16692 Content-Type: text/html | clean |
http://jeanmiley.avonrepresentative.com/online_events | 200 OK Content-Length: 11675 Content-Type: text/html | clean |
http://jeanmiley.avonrepresentative.com/shop | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 14 Aug 2014 03:22:34 GMT Pragma: no-cache Location: http://shop.avon.com/default.aspx?c=repPWP&otc=201418&repid=9318557&setlang=1&s=ShopTab&Code= Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT P3P: CP="NON CURa ADMa OUR STP PHY ONL COM PRE" policyref="//static.sole.avonrepresentative.com/w3c/p3p.xml" Set-Cookie: sole=ho4b27k7qlacglqcu4ba07c5p0; path=/ Set-Cookie: my_acct_nr=9318557; expires=Fri, 14-Aug-2015 03:22:34 GMT; Max-Age=31536000; path=/; domain=avonrepresentative.com Set-Cookie: NSC_bwposfqsftfoubujwf.dpn=ffffffff85491bb345525d5f4f58455e445a4a423660;Version=1;path=/;httponly X-UA-Compatible: IE=edge, chrome=1 | clean |
http://shop.avon.com/default.aspx?c=reppwp&otc=201418&repid=9318557&setlang=1&s=shoptab&code= | 200 OK Content-Length: 52036 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://fls.doubleclick.net/activityi;src=3610146;type=count489;cat=homep528;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://shop.avon.com//ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js/ | 404 Not Found Content-Length: 42024 Content-Type: text/html | clean |
http://shop.avon.com/Scripts/Globalisation/Messages-en-US.js | 200 OK Content-Length: 2687 Content-Type: text/javascript | clean |
http://shop.avon.com//ajax.googleapis.com/ajax/libs/angularjs/1.2.10/angular.min.js/ | 404 Not Found Content-Length: 42024 Content-Type: text/html | clean |
http://shop.avon.com//ajax.googleapis.com/ajax/libs/angularjs/1.2.10/angular-sanitize.min.js/ | 404 Not Found Content-Length: 42024 Content-Type: text/html | clean |
http://shop.avon.com//assets.adobedtm.com/7dc0646f0ec6b8a4fc7236459e015c177d3624ef/satelliteLib-e001fe27741e8c3de04304d4dfde60b4a7c228c0.js/ | HTTP/1.1 302 Found Cache-Control: private Date: Thu, 14 Aug 2014 03:22:41 GMT Location: /Error404 Server: Microsoft-IIS/7.5 Content-Language: en Content-Length: 126 Access-Control-Allow-Origin: * Content-Script-Type: text/javascript Content-Style-Type: text/css P3P: policyref="/w3c/p3p.xml", CP="NON CURa ADMa OUR STP PHY ONL COM PRE" Set-Cookie: activity=timestamp=; path=/ Set-Cookie: bazaarvoice=bvprodreturl=; path=/ Set-Cookie: ccsession=declinecount=&merchantorder=&reportcode=; path=/ Set-Cookie: partyinfo=couponcode=&name=&oldrepid=&orderprefix=&repid=&type=; path=/ Set-Cookie: shipinfo=defaultrep=&defaultship=; path=/ Set-Cookie: shoppermanager=customerid=&repid=&customertotal=0&langid=1&langtheme=&shopperid=; expires=Sun, 12-Aug-2018 04:00:00 GMT; path=/ Set-Cookie: shoppersession=collegecd=&couponcode=&msnsource=&referrer=&reptofarfromcustomer=0&firstAddToBag=N&vmodeeplink=&checkoutPromoCouponCode=&showBreadcrumbLogin=N&showBreadcrumbSetAddress=N; path=/ Set-Cookie: customerinfo=accessanewsub=N&accessbenefits=N&accesslog=N&accessmember=N&accessmodify=N&accessorder=N&alistpoints=&firstname=&lastname=&billfirstname=&billlastname=&billaddress1=&billaddress2=&billcity=&billstate=&billcountry=&billzip=&billphone=&birth=&chosenshippingmethod=&chosenshippingoverride=&contactpref=&custtype=AP&email=&gotoshared=N&reprltnshpind=N&isattached=N&isstranded=N&isguestshopper=N&repphone=&shipfirstname=&shiplastname=&ppshipaddress=1&shipaddress1=&shipaddress2=&shipcity=&shipstate=&shipcountry=&shipzip=&shopas=&statuscode=I&token=&sweep=; path=/ Set-Cookie: repinfo=repid=&replinkid=&signature=&code=0&repcode=&firstname=&lastname=&email=&phone=&thepwpname=&homeaddress1=&homeaddress2=&homecity=&homecountry=&homestate=&homezip=&repshopper=N&campaign=&repbranchid=&changedrep=N&delsource=&emailtemplate=&haspwp=N&trendsetter=N&message=&repdelivery=N&shipdelivery=Y&pwpChatAwayMsg=&pwpChatStatus=0&pwpChatTs=&invoicecitystate=N&invoiceemail=N&invoicephone=N&pwpaddress=N&pwpemail=N&pwpname=N&pwpphone=N&imageurl=&weburl=; path=/ Set-Cookie: omnsession=c=&erepenroll=&omnlang=&omnpurchaseproductstring=&omnpagename=&paytype=&repadvisor=&repdistrict=&repdivision=&replang=&repleadlvl=&reploa=&repmailplan=&reppclvl=&reptier=; path=/ Set-Cookie: paypal=tk=&pid=&pemail=&st=0; path=/ Set-Cookie: breadcrumbs=Count=0; path=/ WebServerIndex: 2 X-AspNetMvc-Version: 4.0 | clean |
http://shop.avon.com/error404 | 404 Not Found Content-Length: 42024 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: jmiley.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Thu, 14 Aug 2014 03:22:20 GMT
Age: 1
Location: http://www.youravon.com/jeanmiley
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
GET / HTTP/1.1
Host: jmiley.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Thu, 14 Aug 2014 03:22:20 GMT
Age: 1
Location: http://www.youravon.com/jeanmiley
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: jmiley.com
Referer: http://www.google.com/search?q=jmiley.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: jmiley.com
Referer: http://www.google.com/search?q=jmiley.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jmiley.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jmiley.com/
Result: jmiley.com is not infected or malware details are not published yet.
Result: jmiley.com is not infected or malware details are not published yet.