Scanned pages/files
Request | Server response | Status |
http://basg.org/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Fri, 01 Aug 2014 08:14:13 GMT Age: 1 Location: http://www.linkedin.com/groups?gid=4788147 Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/groups?gid=4788147 | 200 OK Content-Length: 32244 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'http:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
http://static.licdn.com:80/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-1odoqm6uqzmutse6kyk5satus-b7ksroocq54owoz2fawjb292y-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-8gz32kphtrjyfula3jpu9q6wl-51dv6schthjydhvcv6rxvospp-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-3eh5zbf8m3976f <span>...322 symbols skipped</span> | 200 OK Content-Length: 291728 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-39m26cyluvvg09z6pvsh1e2z2-b6pywrj7tjq8qgs5770lcm6ph-c19zsujfl1pg46iqy33ubhqc5-jg2geo9vvgi07uxonjwzcd6y-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-28yt9dz78enxj3756l075s8j6-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl-amjylk8w8039f2lwlov2e4nmc-47qp7uw3i5i1pqeovirlcc070-6xw4rwcqlk3ki <span>...116 symbols skipped</span> | 200 OK Content-Length: 111611 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=ditm8xdycl29ta8gqk5tpmxf8-czstax4e6y68hymdvqxpwe5so | 200 OK Content-Length: 9200 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=4zslye83akez5s4mf91hrq425-95d8d303rtd0n9wj4dcjbnh2c-b0i2ltvivggf15dlzc359ook3 | 200 OK Content-Length: 9174 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=62og8s54488owngg0s7escdit-8gz32kphtrjyfula3jpu9q6wl-aujmp9r1kj9k9x4ezyk8ahfbk-62cjxbtqyt2o85tawwwz12otx-80bc71htcvb1hpj24e3weqpaf-d25t3jwqpgzv7njh2nak0ihfd-1pa3tpaab6s85oxj5wgz5m0p7-diik5zm9tmkk2krb8l1s5k1r5-3w1gylvemc30mzsbfu0huph3y-3i7ubdukif1jevuf29ftmtvjs-ukgkg4rtwlz74z78bt35jocx-e02ms2kh6357terxovfpp6335-5cmfpe4jqrweez449s97ldikg-85irzxzbd5halvkstu9vwbyf6 | 200 OK Content-Length: 155526 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3i7ubdukif1jevuf29ftmtvjs-ukgkg4rtwlz74z78bt35jocx-dlcimwl96rttjyfr26x4i92ol-1m7sfcez3isjwlg5yrudwy1mz-85irzxzbd5halvkstu9vwbyf6 | 200 OK Content-Length: 9042 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=5nccf2l0s6sx33q8rxgr9lg73-9t8kuspsvkr9x9idyawoejfbv | 200 OK Content-Length: 2796 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=bi7v093xs2maserpnkqqxme5n-b26s7utt1ftg8ck4wlgbv9vwc-6y9mbi0r2o6usgrmm8vm1vw4k-7jsf2hgsjrsktriwkbyq01imu-71usve2px363b1c5pfj9fl3m3-1wq18rvqnu5ju66mrccyhjupj-atxcnnlftgmuw0xm95utxru7r-w1xajp7uxkl58lmb4u5luo1u-e17zy6z51dugr6fy4su92o7de | 200 OK Content-Length: 20764 Content-Type: text/javascript | clean |
http://basg.org/static?key=what_is_linkedin&trk=hb_what | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Fri, 01 Aug 2014 08:14:23 GMT Age: 1 Location: http://www.linkedin.com/groups?gid=4788147/static?key=what_is_linkedin&trk=hb_what Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/groups?gid=4788147/static?key=what_is_linkedin&trk=hb_what | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: keep-alive Date: Fri, 01 Aug 2014 08:14:24 GMT Pragma: no-cache Location: http://www.linkedin.com/directory/groups/ Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: leo_auth_token="GST:UMFQeA2dobdBoG9i7KSNPaE3QSjBTvKMh4FQuR7dTidv_P9b2hmCfF:1406880865:f075ae89cb6302fb51fc015b8d5ba96c13cd6cfd"; Version=1; Max-Age=1799; Expires=Fri, 01-Aug-2014 08:44:24 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:7486717345226128373"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 31-Jul-2016 08:14:25 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us&c="; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: L1l=5971db0a; path=/ Set-Cookie: bcookie="v=2&0ef8b5e3-46c1-4395-8d39-44d8bb609f31"; domain=.linkedin.com; Path=/; Expires=Sun, 31-Jul-2016 19:51:57 GMT Set-Cookie: lidc="b=VB38:g=93:u=1:i=1406880865:t=1406967265:s=3082916536"; Expires=Sat, 02 Aug 2014 08:14:25 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: b0af6257b13e86131042da82ff2a0000 X-Li-Fabric: prod-lva1 X-Li-Pop: prod-lva1 X-LI-UUID: sK9iV7E+hhMQQtqC/yoAAA== | clean |
http://www.linkedin.com/directory/groups/ | 200 OK Content-Length: 18075 Content-Type: text/html | clean |
http://www.linkedin.com/home?trk=seo_header_logo | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: close Date: Fri, 01 Aug 2014 08:14:25 GMT Pragma: no-cache Location: https://www.linkedin.com?trk=seo_header_logo Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:8UlD9MQNFxsN08Wb-O8Xf99EscI8QkGrEaQOLf8cUYN6CrvibIopG2:1406880866:35926ee9790e590a86b9e6b54cc3bdebc60ec56c"; Version=1; Max-Age=1799; Expires=Fri, 01-Aug-2014 08:44:25 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:1846368810391434782"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 31-Jul-2016 08:14:26 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&a57a012d-d344-4fb8-820b-21b28632ffea"; domain=.linkedin.com; Path=/; Expires=Sun, 31-Jul-2016 19:51:58 GMT Set-Cookie: lidc="b=LB38:g=111:u=1:i=1406880866:t=1406967266:s=684127779"; Expires=Sat, 02 Aug 2014 08:14:26 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 717a07adb13e8613100811be082b0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: cXoHrbE+hhMQCBG+CCsAAA== | clean |
https://www.linkedin.com?trk=seo_header_logo/ | 200 OK Content-Length: 50848 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-73i7ia1nx5zzwu00y71dahe04-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-a7br995b5xb4ztral63cjods4-rftdnvfzuncra9644jbr38ht-8s85e76fq22lk42 <span>...67 symbols skipped</span> | 200 OK Content-Length: 191204 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/common/u/js/scds-hashes.js | 200 OK Content-Length: 22315 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: basg.org
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Fri, 01 Aug 2014 08:14:13 GMT
Age: 1
Location: http://www.linkedin.com/groups?gid=4788147
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
GET / HTTP/1.1
Host: basg.org
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Fri, 01 Aug 2014 08:14:13 GMT
Age: 1
Location: http://www.linkedin.com/groups?gid=4788147
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: basg.org
Referer: http://www.google.com/search?q=basg.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: basg.org
Referer: http://www.google.com/search?q=basg.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=basg.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://basg.org/
Result: basg.org is not infected or malware details are not published yet.
Result: basg.org is not infected or malware details are not published yet.