Scanned pages/files
Request | Server response | Status |
http://www.jonholt.com/ | HTTP/1.1 302 Found Cache-Control: max-age=900 Connection: close Date: Fri, 08 Aug 2014 04:22:17 GMT Age: 1 Location: http://www.linkedin.com/pub/jonathan-holt/4/1/257 Server: Microsoft-IIS/7.5 Content-Length: 166 Content-Type: text/html; charset=utf-8 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/pub/jonathan-holt/4/1/257 | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Date: Fri, 08 Aug 2014 04:22:18 GMT Pragma: no-cache Location: http://www.linkedin.com/profile/view?id=11946019 Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UisCnljbtmIYIOEHSZdwzTxmOfgieOsbFCjBzFjVqRgr2XeMlmNd0C:1407471739:9d89929e92e684fdd8e52fc9ff4e7fccd53c20e6"; Version=1; Max-Age=1799; Expires=Fri, 08-Aug-2014 04:52:18 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:6567009449015833658"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 07-Aug-2016 04:22:19 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&17fbcdc2-9cfc-418f-86ca-49cb22cf2c93"; domain=.linkedin.com; Path=/; Expires=Sun, 07-Aug-2016 15:59:51 GMT Set-Cookie: lidc="b=LB91:g=94:u=1:i=1407471739:t=1407558139:s=2041384560"; Expires=Sat, 09 Aug 2014 04:22:19 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: ee86b8f31658881300851d0b5a2b0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: 7oa48xZYiBMAhR0LWisAAA== | clean |
http://www.linkedin.com/profile/view?id=11946019 | HTTP/1.1 302 Found Cache-Control: no-cache, no-store Date: Fri, 08 Aug 2014 04:22:19 GMT Pragma: no-cache Location: https://www.linkedin.com/uas/login?session_redirect=http%3A%2F%2Fwww%2Elinkedin%2Ecom%2Fprofile%2Fview%3Fid%3D11946019 Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UupvOLVSq8NFA6qHnPWB3Qwp9fNhawdYnxtCanVWIKxFf-_bFu71sn:1407471739:f4bea12849ed5f0cc0a452b66a69e693d59890d6"; Version=1; Max-Age=1799; Expires=Fri, 08-Aug-2014 04:52:18 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:0955641501227937159"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 07-Aug-2016 04:22:19 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&ee01afa2-953b-4012-88d5-01018a28563d"; domain=.linkedin.com; Path=/; Expires=Sun, 07-Aug-2016 15:59:51 GMT Set-Cookie: lidc="b=LB91:g=94:u=1:i=1407471739:t=1407558139:s=2041384560"; Expires=Sat, 09 Aug 2014 04:22:19 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: ad09bc1117588813c0f16f005a2b0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: rQm8ERdYiBPA8W8AWisAAA== | clean |
https://www.linkedin.com/uas/login?session_redirect=http%3a%2f%2fwww%2elinkedin%2ecom%2fprofile%2fview%3fid%3d11946019 | HTTP/1.1 302 Found Cache-Control: no-cache, no-store Date: Fri, 08 Aug 2014 04:22:20 GMT Pragma: no-cache Location: https://www.linkedin.com/reg/join?trk=login_reg_redirect&session_redirect=http%3A%2F%2Fwww.linkedin.com%2Fprofile%2Fview%3Fid%3D11946019 Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:9Gz-ncWoIU-Sg1_5adAmAhH6A9yagbI19GRB5tHohiGt6bcpShPz8w:1407471740:2fa3216164e55740cf8ab52f94e0e1c3761368a4"; Version=1; Max-Age=1799; Expires=Fri, 08-Aug-2014 04:52:19 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:3350039548646282187"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 07-Aug-2016 04:22:20 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&92c1205d-92c2-4bf0-8693-5b361999e7d2"; domain=.linkedin.com; Path=/; Expires=Sun, 07-Aug-2016 15:59:52 GMT Set-Cookie: bscookie="v=1&20140808042220e41b65a9-4daa-4189-8068-fef404858347AQFCNLlKFhY14eeRHN0hNqoRF1pL7F9m"; domain=.www.linkedin.com; Path=/; Secure; Expires=Sun, 07-Aug-2016 15:59:52 GMT; HttpOnly Set-Cookie: lidc="b=LB91:g=94:u=1:i=1407471740:t=1407558140:s=1846072040"; Expires=Sat, 09 Aug 2014 04:22:20 GMT; domain=.linkedin.com; Path=/ Strict-Transport-Security: max-age=0 X-FS-UUID: 62d2064717588813d0d9e9c7592b0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: YtIGRxdYiBPQ2enHWSsAAA== | clean |
https://www.linkedin.com/reg/join?trk=login_reg_redirect&session_redirect=http%3a%2f%2fwww.linkedin.com%2fprofile%2fview%3fid%3d11946019 | 200 OK Content-Length: 22069 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-9yapbb9c5ce3w0tjhqp8s1ben-be35lq69dqsbgl8h9t4bqpy08-avftajdh5oq2u6k2vaor3czdy-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lso <span>...399 symbols skipped</span> | 200 OK Content-Length: 302610 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/common/u/js/scds-hashes.js | 200 OK Content-Length: 18153 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl-3qsk2peor188gw7gmh2irlhe5-78bwuml1uwwm9yb9sr3bw68qb-9xms7fd8xdfrly2skx89dmkyc | 200 OK Content-Length: 104379 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=4zslye83akez5s4mf91hrq425-95d8d303rtd0n9wj4dcjbnh2c | 200 OK Content-Length: 2254 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=4ctyhul13sruu19hcui2s5a9p-b0fmwulzun5h9v3vouth2gf36 | 200 OK Content-Length: 7039 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=eq875keqggun9hoxzfhbanjes | 200 OK Content-Length: 1128 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=8872t40y1btgzwt8qb4j9arqt-4hgdenw9tkjmuhlq6d246d7i5-20g3lu4gz98n43eeeoge3e3kt-83k2i76l9mneyhc4l874h3sr9 | 200 OK Content-Length: 4549 Content-Type: text/javascript | clean |
http://www.jonholt.com/test404page.js | HTTP/1.1 302 Found Cache-Control: max-age=900 Connection: close Date: Fri, 08 Aug 2014 04:22:26 GMT Age: 0 Location: http://www.linkedin.com/pub/jonathan-holt/4/1/257/test404page.js Server: Microsoft-IIS/7.5 Content-Length: 181 Content-Type: text/html; charset=utf-8 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/pub/jonathan-holt/4/1/257/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Date: Fri, 08 Aug 2014 04:22:26 GMT Pragma: no-cache Location: http://www.linkedin.com/profile/view?id=11946019 Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UJ0odgqKZby4y80nqkA_SceQYKym69fFzOKEUVqZMQV4wZkpXNe7wz:1407471747:5350aa0f11ceda14e125c75e5d718da7a62e7396"; Version=1; Max-Age=1799; Expires=Fri, 08-Aug-2014 04:52:26 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:1798521158049516492"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 07-Aug-2016 04:22:27 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&b1775640-be40-4974-8de5-f6b1f326f68b"; domain=.linkedin.com; Path=/; Expires=Sun, 07-Aug-2016 15:59:59 GMT Set-Cookie: lidc="b=LB91:g=94:u=1:i=1407471747:t=1407558147:s=2187868950"; Expires=Sat, 09 Aug 2014 04:22:27 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 48d1fcd918588813907375025a2b0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: SNH82RhYiBOQc3UCWisAAA== | clean |
http://www.linkedin.com/test404page.js | 404 Not Found Content-Length: 30484 Content-Type: text/html | clean |
http://www.linkedin.com/home | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Date: Fri, 08 Aug 2014 04:22:27 GMT Pragma: no-cache Location: https://www.linkedin.com Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UyjdiTViYN8ujm4xLojqZlGJC2ZPpSacLPjL8iDi6NlFGJiQkM5xZl:1407471748:3284715e836472ed65d03acceaf5a9eda3bf9afc"; Version=1; Max-Age=1799; Expires=Fri, 08-Aug-2014 04:52:27 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:8276107226706528883"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 07-Aug-2016 04:22:28 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&1595ba4b-c1cc-447a-8d43-42074eec10d0"; domain=.linkedin.com; Path=/; Expires=Sun, 07-Aug-2016 16:00:00 GMT Set-Cookie: lidc="b=LB91:g=94:u=1:i=1407471748:t=1407558148:s=2236697080"; Expires=Sat, 09 Aug 2014 04:22:28 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 3f67ce161958881300888b0b5a2b0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: P2fOFhlYiBMAiIsLWisAAA== | clean |
https://www.linkedin.com/ | 200 OK Content-Length: 50603 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.6-min.js | 200 OK Content-Length: 27495 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-a7br995b5xb4ztral63cjods4-rftdnvfzuncra9644jbr38ht-8s85e76fq22lk42rfavbckpvb-4zslye83akez5s4mf91hrq425-95d8d303rtd0n9wj4dcjbnh2c&fc=1 | 200 OK Content-Length: 191107 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl&fc=1 | 200 OK Content-Length: 84246 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3qsk2peor188gw7gmh2irlhe5-78bwuml1uwwm9yb9sr3bw68qb-9xms7fd8xdfrly2skx89dmkyc&fc=1 | 200 OK Content-Length: 20133 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=4gd308q7uhcsqx9gfzu9dv06p&fc=1 | 200 OK Content-Length: 343 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: jonholt.com
Result:
GET / HTTP/1.1
Host: jonholt.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: jonholt.com
Referer: http://www.google.com/search?q=jonholt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: jonholt.com
Referer: http://www.google.com/search?q=jonholt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jonholt.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jonholt.com/
Result: jonholt.com is not infected or malware details are not published yet.
Result: jonholt.com is not infected or malware details are not published yet.