Scanned pages/files
Request | Server response | Status |
http://melissabaroni.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Tue, 29 Apr 2014 01:08:09 GMT Age: 0 Location: http://www.linkedin.com/in/melibaroni Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/melibaroni | 200 OK Content-Length: 92618 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) LI.Controls.addControl('control-http-12248-4321640-1', 'ToggleClass', { classname: 'view-all-skills', on: '#profile-skills' }); Antivirus reports:
| ||
http://static.licdn.com:80/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=2 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-b88qxy99s08xoes3weacd08uc-bymlr3eiytxzjg9or01ze5ia8-ac8pg92mfnb2j836ntpvg1fsi-8s85e76fq22lk42rfavbckpvb-lyi4ca0d33mbz <span>...172 symbols skipped</span> | 200 OK Content-Length: 266871 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=2 | 200 OK Content-Length: 2185 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=d43qahhuvg0j5mlh4c2m9sipk-ew7wxbzv14lsc4vzkh2xrbzqn-dp1os5pzpoyifn8ljtjpfxrz-e17zy6z51dugr6fy4su92o7de-eq875keqggun9hoxzfhbanjes&fc=2 | 200 OK Content-Length: 17345 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=2ktfa1kftfo63s0zzwtqt9mf0-8gbx7j37ci71i6ql6288dl551&fc=2 | 200 OK Content-Length: 2106 Content-Type: text/javascript | clean |
http://melissabaroni.com/home?trk=hb_logo | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Tue, 29 Apr 2014 01:08:17 GMT Age: 0 Location: http://www.linkedin.com/in/melibaroni/home?trk=hb_logo Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/melibaroni/home?trk=hb_logo | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: keep-alive Date: Tue, 29 Apr 2014 01:08:17 GMT Pragma: no-cache Location: http://www.linkedin.com/in/melibaroni Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UKa8LM_3cTICg-8VGJ5cL82fCldBZWLMt31NLQ2zVTjmJPlywgpCGR:1398733698:872b52b4a044f41e75bc48d704b30ac196134976"; Version=1; Max-Age=1799; Expires=Tue, 29-Apr-2014 01:38:17 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:6242125390084804581"; Version=1; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Thu, 28-Apr-2016 01:08:18 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&dcb58db4-7601-4aa1-82b6-504cdfbe2370"; domain=.linkedin.com; Path=/; Expires=Thu, 28-Apr-2016 12:45:50 GMT Set-Cookie: lidc="b=VB38:g=68:u=1:i=1398733698:t=1398820098:s=1826631855"; Expires=Wed, 30 Apr 2014 01:08:18 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 581d4f39e34c6913101bdfe0202b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: prod-lva1 X-LI-UUID: WB1POeNMaRMQG9/gICsAAA== | clean |
http://www.linkedin.com/test404page.js | 404 Not Found Content-Length: 30484 Content-Type: text/html | clean |
http://www.linkedin.com/home | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: keep-alive Date: Tue, 29 Apr 2014 01:08:18 GMT Pragma: no-cache Location: https://www.linkedin.com Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:Ub16S773NUDm_B8ph950SyqfJ9umBhRFebOcS27jmRGwvY8unAZPnL:1398733699:fa839709385e05038c41f2ecbe473f8a0c40a6a4"; Version=1; Max-Age=1799; Expires=Tue, 29-Apr-2014 01:38:18 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:5958133504498217111"; Version=1; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Thu, 28-Apr-2016 01:08:19 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&b52f5d11-fb58-4603-8fb5-279633de7757"; domain=.linkedin.com; Path=/; Expires=Thu, 28-Apr-2016 12:45:51 GMT Set-Cookie: lidc="b=VB38:g=68:u=1:i=1398733699:t=1398820099:s=1875459985"; Expires=Wed, 30 Apr 2014 01:08:19 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 10bd8d70e34c691390887ac3202b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: prod-lva1 X-LI-UUID: EL2NcONMaROQiHrDICsAAA== | clean |
https://www.linkedin.com/ | 200 OK Content-Length: 64270 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=1 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-4u94p4bxx04dc4qyt04hi6b7z-6qxi7j04m9bajw0tu0npnkexj-8s85e76fq22lk42rfavbckpvb-6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=1 | 200 OK Content-Length: 187078 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/common/u/js/scds-hashes.js | 200 OK Content-Length: 186 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl&fc=1 | 200 OK Content-Length: 84246 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3qsk2peor188gw7gmh2irlhe5-78bwuml1uwwm9yb9sr3bw68qb-9xms7fd8xdfrly2skx89dmkyc&fc=1 | 200 OK Content-Length: 20133 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: melissabaroni.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Tue, 29 Apr 2014 01:08:09 GMT
Age: 0
Location: http://www.linkedin.com/in/melibaroni
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
GET / HTTP/1.1
Host: melissabaroni.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Tue, 29 Apr 2014 01:08:09 GMT
Age: 0
Location: http://www.linkedin.com/in/melibaroni
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: melissabaroni.com
Referer: http://www.google.com/search?q=melissabaroni.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: melissabaroni.com
Referer: http://www.google.com/search?q=melissabaroni.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=melissabaroni.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://melissabaroni.com/
Result: melissabaroni.com is not infected or malware details are not published yet.
Result: melissabaroni.com is not infected or malware details are not published yet.