Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bahiaschoya.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.bahiaschoya.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Thu, 08 Jan 2015 13:24:31 GMT Age: 1 Location: http://www.linkedin.com/in/jeremywhittaker Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/jeremywhittaker | HTTP/1.1 301 Moved Temporarily Date: Thu, 08 Jan 2015 13:24:32 GMT Location: https://www.linkedin.com/in/jeremywhittaker Server: ATS Content-Length: 0 X-Li-Pop: PROD-IDB2 X-LI-UUID: 6bdsnnhstxOg06KsjysAAA== | clean |
https://www.linkedin.com/in/jeremywhittaker | 200 OK Content-Length: 58974 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) LI.Controls.addControl("control-dust-server-17686593-3","ToggleClass",{classname:'view-all-skills',on:'#profile-skills'}) Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.6-min.js | 200 OK Content-Length: 27495 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-1odoqm6uqzmutse6kyk5satus-b7ksroocq54owoz2fawjb292y-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-8gz32kphtrjyfula3jpu9q6wl-51dv6schthjydhvcv6rxvospp-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-3eh5zbf8m3976fr <span>...301 symbols skipped</span> | 200 OK Content-Length: 292870 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-c5ebkkd7pexovk435l30l1dq5-ascppxxu6dqpt5sppka77kdt0-8ux0lklo90tb28s8gfw2ojhzb-5n5dp3pn32p4zstdag5cbpr1-eehwe5piqwg4elnl8jvj9vpx-amjylk8w8039f2lwlov2e4nmc-47qp7uw3i5i1pqeovirlcc070-3xqgp8jf23j83i1nnx1yxga4o-ayxwbavi1xwiu87tdhsu4heu1-9zfstbzn70th5stecee7kg1e1-9undj1hjru2i7vjjlqtb52ho2-7vr4nuab43rzvy2pgq7yvvxjk-4yhpyv3p9r574wkkbe8kcd2ou&fc=2 | 200 OK Content-Length: 119556 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=ditm8xdycl29ta8gqk5tpmxf8-czstax4e6y68hymdvqxpwe5so | 200 OK Content-Length: 9200 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=4zslye83akez5s4mf91hrq425-95d8d303rtd0n9wj4dcjbnh2c-b0i2ltvivggf15dlzc359ook3-7r1hr0x81n4m5vdil2awiladb-alv1b6ogz9d0wdvu14407mm19-2xkrig2d2e38eolz4s6d5kfkh-8czwq9t5lhsf1yk8ncis7lv0l&fc=2 | 200 OK Content-Length: 19020 Content-Type: text/javascript | clean |
https://www.linkedin.com/uas/authping?url=https%3A%2F%2Fwww%2Elinkedin%2Ecom%2Fin%2Fjeremywhittaker | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=4hbqp7aoxoph1cnia8g1cujwf-6z73a0n27w1mz287zlva9cbcx-e4t0yj6tjycwmm5gb2d6tkiqd-5fvtxehpzrlloquhuumc35sgq-d2la7obrbyceb8fp1fvppfzea-e17zy6z51dugr6fy4su92o7de-2axsz5yfnd6bwcna2ram04kr0&fc=2 | 200 OK Content-Length: 23931 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=62og8s54488owngg0s7escdit-8gz32kphtrjyfula3jpu9q6wl-aujmp9r1kj9k9x4ezyk8ahfbk-62cjxbtqyt2o85tawwwz12otx-a2blfu8y091887ailkls7jxq3-btg5gaqp36lg06pz3c61bdbll-4h7jw6m1hgmxfhfff4aqk85ga-6tyvplvemczf4qdrlxny6lq8d-8ugx4n599hqrhz6defhnrcalx-3i7ubdukif1jevuf29ftmtvjs-ukgkg4rtwlz74z78bt35jocx-5cmfpe4jqrweez449s97ldikg-clz7gb1h1gqkujqk14gbprnf5 | 200 OK Content-Length: 145112 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3i7ubdukif1jevuf29ftmtvjs-ukgkg4rtwlz74z78bt35jocx-dlcimwl96rttjyfr26x4i92ol-1m7sfcez3isjwlg5yrudwy1mz-clz7gb1h1gqkujqk14gbprnf5 | 200 OK Content-Length: 9043 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=7ohe7esuw1g26lqingx9rwag1-akfe1g1hb660050homjb2nwnr-9t8kuspsvkr9x9idyawoejfbv&fc=2 | 200 OK Content-Length: 4727 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=e1fkcmbpg6hdq87cju1knu5sv-3ute2g4ivrwzi292adtikwnrx-9k5nqxk2bamhakv2zd0ixdhmc-pga7vmnfl2zxgj9h9xzfi4wd-5tds0j1vao06co17fbjno87e8-8zfwpph4miiw03ge4zzjq3q9y-9om7tms46vlune9jqowyv153c-6d84ezg7o1o4h2l2pqhpeade-4ctyhul13sruu19hcui2s5a9p-51odc53wpcz4v3l2v2kq0k7g4&fc=2 | 200 OK Content-Length: 34621 Content-Type: text/javascript | clean |
http://www.bahiaschoya.com/reg/join?trk=hb_join | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Thu, 08 Jan 2015 13:24:38 GMT Age: 1 Location: http://www.linkedin.com/in/jeremywhittaker/reg/join?trk=hb_join Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/jeremywhittaker/reg/join?trk=hb_join | HTTP/1.1 301 Moved Temporarily Date: Thu, 08 Jan 2015 13:24:39 GMT Location: https://www.linkedin.com/in/jeremywhittaker/reg/join?trk=hb_join Server: ATS Content-Length: 0 X-Li-Pop: PROD-IDB2 X-LI-UUID: og4dPHpstxMQl+L4jSsAAA== | clean |
https://www.linkedin.com/in/jeremywhittaker/reg/join?trk=hb_join | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Date: Thu, 08 Jan 2015 13:24:39 GMT Pragma: no-cache Location: http://www.linkedin.com/in/jeremywhittaker Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: bcookie="v=2&8471ea90-d2d2-4393-82e2-de0cb1723aac"; domain=.linkedin.com; Path=/; Expires=Sun, 08-Jan-2017 01:02:12 GMT Set-Cookie: bscookie="v=1&20150108132440e3b218d1-713b-4514-8f3a-f4444de766caAQEgJKRZXyY4548pynTwCUrNG9Zr6TFL"; domain=.www.linkedin.com; Path=/; Secure; Expires=Sun, 08-Jan-2017 01:02:12 GMT; HttpOnly Set-Cookie: lidc="b=TB91:g=13:u=1:i=1420723480:t=1420809880:s=1794197408"; Expires=Fri, 09 Jan 2015 13:24:40 GMT; domain=.linkedin.com; Path=/ Strict-Transport-Security: max-age=0 X-FS-UUID: 8c84354b7a6cb71350aceead8f2b0000 X-Li-Fabric: prod-ltx1 X-Li-Pop: PROD-IDB2 X-LI-UUID: jIQ1S3pstxNQrO6tjysAAA== | clean |
http://www.linkedin.com/test404page.js | HTTP/1.1 301 Moved Temporarily Date: Thu, 08 Jan 2015 13:24:40 GMT Location: https://www.linkedin.com/test404page.js Server: ATS Content-Length: 0 X-Li-Pop: PROD-IDB2 X-LI-UUID: nvdnXnpstxMAl/InjysAAA== | clean |
https://www.linkedin.com/test404page.js | 404 Not Found Content-Length: 2153 Content-Type: text/html | clean |
https://www.linkedin.com//www.linkedin.com/home/ | 404 Not Found Content-Length: 2153 Content-Type: text/html | clean |
https://www.linkedin.com//www.linkedin.com/search/ | 404 Not Found Content-Length: 2153 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bahiaschoya.com
Result:
GET / HTTP/1.1
Host: bahiaschoya.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: bahiaschoya.com
Referer: http://www.google.com/search?q=bahiaschoya.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bahiaschoya.com
Referer: http://www.google.com/search?q=bahiaschoya.com
Result:
The result is similar to the first query. There are no suspicious redirects found.