Scanned pages/files
Request | Server response | Status |
http://bit.do/5gnj | 200 OK Content-Length: 5462 Content-Type: text/html | clean |
http://bit.do/js/jquery/jquery.min.js | 200 OK Content-Length: 95786 Content-Type: text/javascript | clean |
http://bit.do/ | 200 OK Content-Length: 34091 Content-Type: text/html | clean |
http://bit.do//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 3091 Content-Type: text/html | clean |
http://bit.do/best-url-shortener.php | 200 OK Content-Length: 24498 Content-Type: text/html | clean |
http://bit.do/admin | 200 OK Content-Length: 4359 Content-Type: text/html | clean |
http://bit.do/?$base_url? | 200 OK Content-Length: 34091 Content-Type: text/html | clean |
https://apis.google.com/js/platform.js | 200 OK Content-Length: 37331 Content-Type: application/javascript | clean |
http://bit.do/about-us.php | 200 OK Content-Length: 27576 Content-Type: text/html | clean |
http://bit.do/rodrigo | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 12 Jun 2015 00:07:34 GMT Location: http://br.linkedin.com/in/rodrigosiqueira Server: Apache/2.2.29 (Amazon) Content-Length: 321 Content-Type: text/html; charset=iso-8859-1 | clean |
http://br.linkedin.com/in/rodrigosiqueira | 200 OK Content-Length: 78776 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) LI.Controls.addControl("control-dust-server-26254191-13","ToggleClass",{classname:'view-all-skills',on:'#profile-skills'}) Antivirus reports:
| ||
http://static.licdn.com:80/scds/common/u/lib/fizzy/fz-1.3.8-min.js | 200 OK Content-Length: 27534 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-5j9cn6jiwhc47x6gzmpv6ogni-b7ksroocq54owoz2fawjb292y-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-8gz32kphtrjyfula3jpu9q6wl-51dv6schthjydhvcv6rxvospp-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-7my8wd3ep8ztx2 <span>...301 symbols skipped</span> | 200 OK Content-Length: 300181 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-5twpadgpdpe2fd2drxbyynj9s-dtx8oyvln9y03x1ku6t0abhc9-9yrlkzqdz2fq4zzcxtkisx0j2-edp77ghrpkbbons0amvyb2ejm-8ohb0iio22nbqe1w8et54sawe-5n5dp3pn32p4zstdag5cbpr1-eehwe5piqwg4elnl8jvj9vpx-amjylk8w8039f2lwlov2e4nmc-47qp7uw3i5i1pqeovirlcc070-502kfdfn2vrcmr3gu87mt1aa0-1fz6jht38isjjtl3cpq3k4924-d0xbkmth84j48zsiq4iptzyog-cxt2xy6s0697lq <span>...94 symbols skipped</span> | 200 OK Content-Length: 101491 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=ditm8xdycl29ta8gqk5tpmxf8-czstax4e6y68hymdvqxpwe5so | 200 OK Content-Length: 9200 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=4zslye83akez5s4mf91hrq425-95d8d303rtd0n9wj4dcjbnh2c-arbgv2252ztzfkx4ttedufn6d-dkdnel3qyxdabl44dfxjdks1c-5j9ytf091oscwtui7nf86wpzf-e2qurhslc3tudjtufn4sxxai6-d638hjstdjtxe4t85q40byqcd&fc=2 | 200 OK Content-Length: 19145 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bit.do
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 12 Jun 2015 00:07:31 GMT
Server: Apache/2.2.29 (Amazon)
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: bit.do
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 12 Jun 2015 00:07:31 GMT
Server: Apache/2.2.29 (Amazon)
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: bit.do
Referer: http://www.google.com/search?q=bit.do
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bit.do
Referer: http://www.google.com/search?q=bit.do
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bit.do
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bit.do/
Result: bit.do is not infected or malware details are not published yet.
Result: bit.do is not infected or malware details are not published yet.