Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.laura-carvajal.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.laura-carvajal.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: max-age=900 Connection: close Date: Mon, 07 Jul 2014 08:54:13 GMT Age: 0 Location: http://www.linkedin.com/in/lauracarvajal Server: Microsoft-IIS/7.5 Content-Length: 157 Content-Type: text/html; charset=utf-8 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.laura-carvajal.com/ | 500 Can't connect to www.laura-carvajal.com:80 (ÐÐµÑ Ð¼Ð°ÑÑÑÑÑа до Ñзла) Content-Length: 210 Content-Type: text/plain | clean |
http://www.laura-carvajal.com/test404page.js | HTTP/1.1 302 Found Cache-Control: max-age=900 Connection: close Date: Mon, 07 Jul 2014 08:54:15 GMT Age: 0 Location: http://www.linkedin.com/in/lauracarvajal/test404page.js Server: Microsoft-IIS/7.5 Content-Length: 172 Content-Type: text/html; charset=utf-8 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/lauracarvajal/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: keep-alive Date: Mon, 07 Jul 2014 08:54:15 GMT Pragma: no-cache Location: http://es.linkedin.com/in/lauracarvajal Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:8XgSYs9ipYicI3vfikoSKq3whci6GRwLrFxGg-3iXBF8ekpfQuRtmN:1404723256:6229eefa187b21e46ca0c6fa74972d671d1e1530"; Version=1; Max-Age=1799; Expires=Mon, 07-Jul-2014 09:24:15 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:2433381841899795189"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Wed, 06-Jul-2016 08:54:16 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&1a15df98-1d12-41d1-8f84-18e347ff8b07"; domain=.linkedin.com; Path=/; Expires=Wed, 06-Jul-2016 20:31:48 GMT Set-Cookie: lidc="b=LB38:g=105:u=1:i=1404723256:t=1404809656:s=3079366857"; Expires=Tue, 08 Jul 2014 08:54:16 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 4eeee3025c947e13102008b0332b0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: Tu7jAlyUfhMQIAiwMysAAA== | clean |
http://es.linkedin.com/in/lauracarvajal | 200 OK Content-Length: 58527 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) LI.Controls.addControl('control-http-12248-9857537-9', 'ToggleClass', { classname: 'view-all-skills', on: '#profile-skills' }); Antivirus reports:
| ||
http://static.licdn.com:80/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=2 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-b88qxy99s08xoes3weacd08uc-bymlr3eiytxzjg9or01ze5ia8-ac8pg92mfnb2j836ntpvg1fsi-8s85e76fq22lk42rfavbckpvb-lyi4ca0d33mbz <span>...172 symbols skipped</span> | 200 OK Content-Length: 266924 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=2 | 200 OK Content-Length: 2255 Content-Type: text/javascript | clean |
https://www.linkedin.com/uas/authping?url=https%3A%2F%2Fes%2Elinkedin%2Ecom%2Fin%2Flauracarvajal | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=d43qahhuvg0j5mlh4c2m9sipk-ew7wxbzv14lsc4vzkh2xrbzqn-dp1os5pzpoyifn8ljtjpfxrz-e17zy6z51dugr6fy4su92o7de-eq875keqggun9hoxzfhbanjes&fc=2 | 200 OK Content-Length: 17345 Content-Type: text/javascript | clean |
http://www.laura-carvajal.com/home?trk=hb_logo | HTTP/1.1 302 Found Cache-Control: max-age=900 Connection: close Date: Mon, 07 Jul 2014 08:54:24 GMT Age: 0 Location: http://www.linkedin.com/in/lauracarvajal/home?trk=hb_logo Server: Microsoft-IIS/7.5 Content-Length: 174 Content-Type: text/html; charset=utf-8 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/lauracarvajal/home?trk=hb_logo | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: keep-alive Date: Mon, 07 Jul 2014 08:54:25 GMT Pragma: no-cache Location: http://es.linkedin.com/in/lauracarvajal Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:8Jhk8W3WV0X6jwAfBTHgrYln4Jn0jpfA81tKi6fWyZSTqYK2BYOIZG:1404723265:980ebd2530f77fd996fa1b1a3550489336af84e3"; Version=1; Max-Age=1799; Expires=Mon, 07-Jul-2014 09:24:24 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:0108292695759424183"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Wed, 06-Jul-2016 08:54:25 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&0887bedd-cefa-4da0-87ca-a7c5b6628e23"; domain=.linkedin.com; Path=/; Expires=Wed, 06-Jul-2016 20:31:58 GMT Set-Cookie: lidc="b=VB38:g=83:u=1:i=1404723266:t=1404809666:s=1264628614"; Expires=Tue, 08 Jul 2014 08:54:26 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 3873e3295e947e1310a2f092462b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: PROD-IDB2 X-LI-UUID: OHPjKV6UfhMQovCSRisAAA== | clean |
http://es.linkedin.com/test404page.js | 404 Not Found Content-Length: 30630 Content-Type: text/html | clean |
http://es.linkedin.com/home | HTTP/1.1 301 Moved Permanently Connection: keep-alive Date: Mon, 07 Jul 2014 08:54:27 GMT Location: https://es.linkedin.com Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: es-ES Content-Length: 0 P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: bcookie="v=2&344f113d-ca3c-43e5-bef3-44507a9e1998"; Version=1; Domain=linkedin.com; Max-Age=63072000; Expires=Wed, 06-Jul-2016 08:54:27 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UHOSWeuzq6YnVVBaFoODdqGU1uYPVD-S1V1DswDeW6YhVptaOKNIS4:1404723267:e47b61b9e6bfceb15bfe106b7aa74817c5b8d49f"; Version=1; Max-Age=1799; Expires=Mon, 07-Jul-2014 09:24:26 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.es.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:0918452719903911361"; Version=1; Domain=.es.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Wed, 06-Jul-2016 08:54:27 GMT; Path=/ Set-Cookie: lang="v=2&lang=es-es"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=es-es"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lidc="b=LB38:g=105:u=1:i=1404723267:t=1404809667:s=3372335637"; Expires=Tue, 08 Jul 2014 08:54:27 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: c8689b8b5e947e13102ce60c162b0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: yGibi16UfhMQLOYMFisAAA== | clean |
https://es.linkedin.com/ | 200 OK Content-Length: 49754 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=1 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-4u94p4bxx04dc4qyt04hi6b7z-6qxi7j04m9bajw0tu0npnkexj-8s85e76fq22lk42rfavbckpvb-6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=1 | 200 OK Content-Length: 187078 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/common/u/js/scds-hashes.js | 200 OK Content-Length: 186 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl&fc=1 | 200 OK Content-Length: 84246 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=laura-carvajal.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://laura-carvajal.com/
Result: laura-carvajal.com is not infected or malware details are not published yet.
Result: laura-carvajal.com is not infected or malware details are not published yet.