Scanned pages/files
| Request | Server response | Status |
http://himmelreich-it.com/ | HTTP/1.1 200 OK Connection: close Date: Thu, 17 Apr 2014 10:53:52 GMT Accept-Ranges: bytes ETag: "6e594b" Server: nginx Vary: Host Content-Length: 79 Content-Type: text/html Last-Modified: Tue, 22 Oct 2013 14:55:02 GMT | clean |
http://nl.linkedin.com/in/oskar77/ | HTTP/1.1 301 Moved Permanently Connection: keep-alive Date: Thu, 17 Apr 2014 10:56:09 GMT Location: http://nl.linkedin.com/in/oskar77 Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: nl-NL Content-Length: 0 P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: bcookie="v=2&4aa2ecac-1806-4143-ac01-82840d0d7021"; Version=1; Domain=linkedin.com; Max-Age=63072000; Expires=Sat, 16-Apr-2016 10:56:09 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UQLDeesoqDvblOpOu8AGW2xQ3DBH_JVtU4LODWjktuWY0rptWc6GRb:1397732169:105ff619bec49ca1e22cc7d9d8612bc1f3756c34"; Version=1; Max-Age=1799; Expires=Thu, 17-Apr-2014 11:26:08 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.nl.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:1298554396114838005"; Version=1; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sat, 16-Apr-2016 10:56:09 GMT; Path=/ Set-Cookie: lang="v=2&lang=nl-nl"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=nl-nl"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lidc="b=LB38:g=78:u=1:i=1397732169:t=1397818569:s=2498613278"; Expires=Fri, 18 Apr 2014 10:56:09 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 28cbd3c900be651390f4774fb52a0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: KMvTyQC+ZROQ9HdPtSoAAA== | clean |
http://nl.linkedin.com/in/oskar77 | 200 OK Content-Length: 92459 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'http:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
http://static.licdn.com:80/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=2 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-b88qxy99s08xoes3weacd08uc-bymlr3eiytxzjg9or01ze5ia8-ac8pg92mfnb2j836ntpvg1fsi-20ku023x05hx6bidduddbyymn-lyi4ca0d33mbz <span>...172 symbols skipped</span> | 200 OK Content-Length: 266867 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=2 | 200 OK Content-Length: 2255 Content-Type: text/javascript | clean |
https://www.linkedin.com/uas/authping?url=http%3A%2F%2Fnl%2Elinkedin%2Ecom%2Fin%2Foskar77 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=d43qahhuvg0j5mlh4c2m9sipk-ew7wxbzv14lsc4vzkh2xrbzqn-dp1os5pzpoyifn8ljtjpfxrz-e17zy6z51dugr6fy4su92o7de-eq875keqggun9hoxzfhbanjes&fc=2 | 200 OK Content-Length: 17345 Content-Type: text/javascript | clean |
http://himmelreich-it.com/home?trk=hb_logo | 404 Not Found Content-Length: 321 Content-Type: text/html | clean |
http://himmelreich-it.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://himmelreich-it.com/company/amsco?trk=ppro_cprof | 404 Not Found Content-Length: 330 Content-Type: text/html | clean |
http://himmelreich-it.com/company/mediacatalyst?trk=ppro_cprof | 404 Not Found Content-Length: 338 Content-Type: text/html | clean |
http://himmelreich-it.com/edu/university-of-amsterdam-15451 | 404 Not Found Content-Length: 350 Content-Type: text/html | clean |
http://himmelreich-it.com/profile/view?id=7563264&authType=name&authToken=sDF4&goback=%2Enppvan_oskar77&trk=member | 404 Not Found Content-Length: 329 Content-Type: text/html | clean |
http://himmelreich-it.com/redir/redirect?url=https%3A%2F%2Fplay%2Egoogle%2Ecom%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom%2Esoftwaregroup%2Eerecording&urlhash=awkl | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://himmelreich-it.com/static?key=country_listing | 404 Not Found Content-Length: 323 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: himmelreich-it.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 17 Apr 2014 10:53:52 GMT
Accept-Ranges: bytes
ETag: "6e594b"
Server: nginx
Vary: Host
Content-Length: 79
Content-Type: text/html
Last-Modified: Tue, 22 Oct 2013 14:55:02 GMT
...79 bytes of data.
GET / HTTP/1.1
Host: himmelreich-it.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 17 Apr 2014 10:53:52 GMT
Accept-Ranges: bytes
ETag: "6e594b"
Server: nginx
Vary: Host
Content-Length: 79
Content-Type: text/html
Last-Modified: Tue, 22 Oct 2013 14:55:02 GMT
...79 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: himmelreich-it.com
Referer: http://www.google.com/search?q=himmelreich-it.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: himmelreich-it.com
Referer: http://www.google.com/search?q=himmelreich-it.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=himmelreich-it.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://himmelreich-it.com/
Result: himmelreich-it.com is not infected or malware details are not published yet.
Result: himmelreich-it.com is not infected or malware details are not published yet.