Scanned pages/files
Request | Server response | Status |
http://jeffmarcher.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Mon, 23 Jun 2014 05:28:14 GMT Age: 0 Location: http://www.linkedin.com/profile/view?id=11135284&authType=name&authToken=Iuu4&locale=en_US&pvs=pp&trk=ppro_viewmore Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/profile/view?id=11135284&authtype=name&authtoken=iuu4&locale=en_us&pvs=pp&trk=ppro_viewmore | HTTP/1.1 302 Found Cache-Control: no-cache, no-store Connection: keep-alive Date: Mon, 23 Jun 2014 05:28:14 GMT Pragma: no-cache Location: https://www.linkedin.com/uas/login?session_redirect=http%3A%2F%2Fwww%2Elinkedin%2Ecom%2Fprofile%2Fview%3Ftrk%3Dppro_viewmore%26authtoken%3Diuu4%26pvs%3Dpp%26authtype%3Dname%26locale%3Den_us%26id%3D11135284 Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UW6VRYP4dJvhdmjOGcerG7uMaFp1zS6XWGeYt2D4h1vuIJsDoBBbki:1403501295:519cb5b6ca31355f148fc0166b9625438446fc89"; Version=1; Max-Age=1799; Expires=Mon, 23-Jun-2014 05:58:14 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:0370357130491413674"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Wed, 22-Jun-2016 05:28:15 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&eef13d3f-1bd2-4577-8c20-958d62bb3711"; domain=.linkedin.com; Path=/; Expires=Wed, 22-Jun-2016 17:05:47 GMT Set-Cookie: lidc="b=VB38:g=81:u=1:i=1403501295:t=1403587695:s=2946235803"; Expires=Tue, 24 Jun 2014 05:28:15 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 652751e9fd3c7a131068b804e32a0000 X-Li-Fabric: prod-lva1 X-Li-Pop: PROD-IDB2 X-LI-UUID: ZSdR6f08ehMQaLgE4yoAAA== | clean |
https://www.linkedin.com/uas/login?session_redirect=http%3a%2f%2fwww%2elinkedin%2ecom%2fprofile%2fview%3ftrk%3dppro_viewmore%26authtoken%3diuu4%26pvs%3dpp%26authtype%3dname%26locale%3den_us%26id%3d11135284 | HTTP/1.1 302 Found Cache-Control: no-cache, no-store Connection: keep-alive Date: Mon, 23 Jun 2014 05:28:14 GMT Pragma: no-cache Location: https://www.linkedin.com/reg/join?trk=login_reg_redirect Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UCBxXo2GHLYw7WZW3zh0L7epMZv-uDAtURB6Pw2GyzY-SP8D7n2nhY:1403501295:94d6392f34a69dd72393f0faf1e95abe89d5ded1"; Version=1; Max-Age=1799; Expires=Mon, 23-Jun-2014 05:58:14 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:6630176917917955551"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Wed, 22-Jun-2016 05:28:15 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&c1c89e5e-d729-4fe8-84ca-6f5c87700b22"; domain=.linkedin.com; Path=/; Expires=Wed, 22-Jun-2016 17:05:47 GMT Set-Cookie: bscookie="v=1&2014062305281572b874a9-b2a3-4890-8d4a-5ff392c87a1dAQGl69bts25yLMWZ_E8_131Ite29EcxI"; domain=.www.linkedin.com; Path=/; Secure; Expires=Wed, 22-Jun-2016 17:05:47 GMT; HttpOnly Set-Cookie: lidc="b=VB38:g=81:u=1:i=1403501295:t=1403587695:s=2946235803"; Expires=Tue, 24 Jun 2014 05:28:15 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: c76cc1fffd3c7a131034eaee0f2b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: PROD-IDB2 X-LI-UUID: x2zB//08ehMQNOruDysAAA== | clean |
https://www.linkedin.com/reg/join?trk=login_reg_redirect | 200 OK Content-Length: 21115 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=9yapbb9c5ce3w0tjhqp8s1ben-be35lq69dqsbgl8h9t4bqpy08-avftajdh5oq2u6k2vaor3czdy-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-3eh5zbf8m3976frnzqqz8r2md-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxs <span>...297 symbols skipped</span> | 200 OK Content-Length: 300961 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/common/u/js/scds-hashes.js | 200 OK Content-Length: 186 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl-3qsk2peor188gw7gmh2irlhe5-78bwuml1uwwm9yb9sr3bw68qb-9xms7fd8xdfrly2skx89dmkyc | 200 OK Content-Length: 104379 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c | 200 OK Content-Length: 2185 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=4ctyhul13sruu19hcui2s5a9p-3ns2d4ano7knp93wdj2zg3drz | 200 OK Content-Length: 6986 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=eq875keqggun9hoxzfhbanjes | 200 OK Content-Length: 1128 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=8872t40y1btgzwt8qb4j9arqt-4hgdenw9tkjmuhlq6d246d7i5-20g3lu4gz98n43eeeoge3e3kt-83k2i76l9mneyhc4l874h3sr9 | 200 OK Content-Length: 4549 Content-Type: text/javascript | clean |
http://jeffmarcher.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Mon, 23 Jun 2014 05:28:19 GMT Age: 0 Location: http://www.linkedin.com/profile/view?id=11135284&authType=name&authToken=Iuu4&locale=en_US&pvs=pp&trk=ppro_viewmore/test404page.js Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/profile/view?id=11135284&authtype=name&authtoken=iuu4&locale=en_us&pvs=pp&trk=ppro_viewmore/test404page.js | HTTP/1.1 302 Found Cache-Control: no-cache, no-store Connection: keep-alive Date: Mon, 23 Jun 2014 05:28:19 GMT Pragma: no-cache Location: https://www.linkedin.com/uas/login?session_redirect=http%3A%2F%2Fwww%2Elinkedin%2Ecom%2Fprofile%2Fview%3Ftrk%3Dppro_viewmore%252Ftest404page%252Ejs%26authtoken%3Diuu4%26pvs%3Dpp%26authtype%3Dname%26locale%3Den_us%26id%3D11135284 Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:87rppRJ3SWqIJNuJJDC5dAnqWh_dJeHBJxm5qSbzABEq0NP-i_EHBI:1403501299:65c3a57ab94ed415b12b23c217621d69349dda69"; Version=1; Max-Age=1799; Expires=Mon, 23-Jun-2014 05:58:18 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:2417979987856030997"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Wed, 22-Jun-2016 05:28:19 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&2e37f362-0919-47df-8aae-df746dac0c65"; domain=.linkedin.com; Path=/; Expires=Wed, 22-Jun-2016 17:05:51 GMT Set-Cookie: lidc="b=VB38:g=81:u=1:i=1403501299:t=1403587699:s=3141548323"; Expires=Tue, 24 Jun 2014 05:28:19 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: ea564d02ff3c7a131082b61db72a0000 X-Li-Fabric: prod-lva1 X-Li-Pop: PROD-IDB2 X-LI-UUID: 6lZNAv88ehMQgrYdtyoAAA== | clean |
https://www.linkedin.com/uas/login?session_redirect=http%3a%2f%2fwww%2elinkedin%2ecom%2fprofile%2fview%3ftrk%3dppro_viewmore%252ftest404page%252ejs%26authtoken%3diuu4%26pvs%3dpp%26authtype%3dname%26locale%3den_us%26id%3d11135284 | HTTP/1.1 302 Found Cache-Control: no-cache, no-store Connection: keep-alive Date: Mon, 23 Jun 2014 05:28:19 GMT Pragma: no-cache Location: https://www.linkedin.com/reg/join?trk=login_reg_redirect Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:U8YDOg_a32VJOjBFR4BOON6P7jVC1xPFA9YSLyEazc--1jHFNkQRC4:1403501300:2cd4381a912dc806aa992cdb5631b1a1a8a10e4f"; Version=1; Max-Age=1799; Expires=Mon, 23-Jun-2014 05:58:19 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:5574218293677191329"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Wed, 22-Jun-2016 05:28:20 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&75116ca7-c368-4a06-8f63-e0b2190247b6"; domain=.linkedin.com; Path=/; Expires=Wed, 22-Jun-2016 17:05:52 GMT Set-Cookie: bscookie="v=1&2014062305282001620f64-fa76-41e7-8c84-cfbf2580291eAQG0VHGyi9LiSTToGoCybb3w1f5MvNlc"; domain=.www.linkedin.com; Path=/; Secure; Expires=Wed, 22-Jun-2016 17:05:52 GMT; HttpOnly Set-Cookie: lidc="b=VB38:g=81:u=1:i=1403501300:t=1403587700:s=1725532553"; Expires=Tue, 24 Jun 2014 05:28:20 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 474e941cff3c7a1310d091be342b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: PROD-IDB2 X-LI-UUID: R06UHP88ehMQ0JG+NCsAAA== | clean |
http://www.linkedin.com/test404page.js | 404 Not Found Content-Length: 30484 Content-Type: text/html | clean |
http://www.linkedin.com/home | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: keep-alive Date: Mon, 23 Jun 2014 05:28:20 GMT Pragma: no-cache Location: https://www.linkedin.com Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:U076n6ov6AYyLF8tRbqx1ddM4zpif5ROR0eTXwo4M8vY5MQSffIUL7:1403501301:eed48eb171d4750d960336fa888512b74da5b988"; Version=1; Max-Age=1799; Expires=Mon, 23-Jun-2014 05:58:20 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:4341779568901061454"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Wed, 22-Jun-2016 05:28:21 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&2767da46-0da8-4e2f-88f4-1db4bf7c5321"; domain=.linkedin.com; Path=/; Expires=Wed, 22-Jun-2016 17:05:53 GMT Set-Cookie: lidc="b=VB38:g=81:u=1:i=1403501301:t=1403587701:s=1774360683"; Expires=Tue, 24 Jun 2014 05:28:21 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 94a1164aff3c7a1310887048e32a0000 X-Li-Fabric: prod-lva1 X-Li-Pop: PROD-IDB2 X-LI-UUID: lKEWSv88ehMQiHBI4yoAAA== | clean |
https://www.linkedin.com/ | 200 OK Content-Length: 49869 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=1 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-4u94p4bxx04dc4qyt04hi6b7z-6qxi7j04m9bajw0tu0npnkexj-8s85e76fq22lk42rfavbckpvb-6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=1 | 200 OK Content-Length: 187078 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl&fc=1 | 200 OK Content-Length: 84246 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: jeffmarcher.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Mon, 23 Jun 2014 05:28:14 GMT
Age: 0
Location: http://www.linkedin.com/profile/view?id=11135284&authType=name&authToken=Iuu4&locale=en_US&pvs=pp&trk=ppro_viewmore
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
GET / HTTP/1.1
Host: jeffmarcher.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Mon, 23 Jun 2014 05:28:14 GMT
Age: 0
Location: http://www.linkedin.com/profile/view?id=11135284&authType=name&authToken=Iuu4&locale=en_US&pvs=pp&trk=ppro_viewmore
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: jeffmarcher.com
Referer: http://www.google.com/search?q=jeffmarcher.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: jeffmarcher.com
Referer: http://www.google.com/search?q=jeffmarcher.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jeffmarcher.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jeffmarcher.com/
Result: jeffmarcher.com is not infected or malware details are not published yet.
Result: jeffmarcher.com is not infected or malware details are not published yet.