Scanned pages/files
| Request | Server response | Status |
https://nl.linkedin.com/ | 200 OK Content-Length: 49387 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=1 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-4u94p4bxx04dc4qyt04hi6b7z-6qxi7j04m9bajw0tu0npnkexj-8s85e76fq22lk42rfavbckpvb-6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=1 | 200 OK Content-Length: 187078 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/common/u/js/scds-hashes.js | 200 OK Content-Length: 186 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl&fc=1 | 200 OK Content-Length: 84246 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3qsk2peor188gw7gmh2irlhe5-78bwuml1uwwm9yb9sr3bw68qb-9xms7fd8xdfrly2skx89dmkyc&fc=1 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://static.licdn.com/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
https://www.linkedin.com/uas/authping | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=4gd308q7uhcsqx9gfzu9dv06p&fc=1 | 200 OK Content-Length: 343 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=eq875keqggun9hoxzfhbanjes&fc=1 | 200 OK Content-Length: 1128 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3i7ubdukif1jevuf29ftmtvjs-dl9atqq4ehr8q76eobsd8mbm8-dlcimwl96rttjyfr26x4i92ol-1m7sfcez3isjwlg5yrudwy1mz-85irzxzbd5halvkstu9vwbyf6 | 200 OK Content-Length: 8938 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=4hgdenw9tkjmuhlq6d246d7i5-2r5gveucqe4lsolc3n0oljsn1-4ctyhul13sruu19hcui2s5a9p-czstax4e6y68hymdvqxpwe5so-5nccf2l0s6sx33q8rxgr9lg73-ewrduopcd88m8ounxtwh89zr2-9t8kuspsvkr9x9idyawoejfbv-cfrf2fnxaiq7a7n6w70fp9y7y&fc=1 | 200 OK Content-Length: 66816 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nl.linkedin.com:443
Result:
GET / HTTP/1.1
Host: nl.linkedin.com:443
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: nl.linkedin.com:443
Referer: http://www.google.com/search?q=nl.linkedin.com:443
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nl.linkedin.com:443
Referer: http://www.google.com/search?q=nl.linkedin.com:443
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nl.linkedin.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nl.linkedin.com/
Result: nl.linkedin.com:443 is not infected or malware details are not published yet.
Result: nl.linkedin.com:443 is not infected or malware details are not published yet.