Scanned pages/files
Request | Server response | Status |
http://oliviermilcent.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Wed, 06 Aug 2014 19:04:19 GMT Age: 1 Location: http://www.linkedin.com/in/omilcent Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/omilcent | 200 OK Content-Length: 30655 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) LI.Controls.addControl('control-http-12248-6412770-1', 'ToggleClass', { classname: 'view-all-skills', on: '#profile-skills' }); Antivirus reports:
| ||
http://static.licdn.com:80/scds/common/u/lib/fizzy/fz-1.3.6-min.js | 200 OK Content-Length: 27495 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-dfoaudjrk6rbf82f45bz5crwi-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-b88qxy99s08xoe <span>...276 symbols skipped</span> | 200 OK Content-Length: 269981 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=4zslye83akez5s4mf91hrq425-95d8d303rtd0n9wj4dcjbnh2c&fc=2 | 200 OK Content-Length: 2254 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=d43qahhuvg0j5mlh4c2m9sipk-ew7wxbzv14lsc4vzkh2xrbzqn-dp1os5pzpoyifn8ljtjpfxrz-e17zy6z51dugr6fy4su92o7de-eq875keqggun9hoxzfhbanjes&fc=2 | 200 OK Content-Length: 17345 Content-Type: text/javascript | clean |
http://oliviermilcent.com/home?trk=hb_logo | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Wed, 06 Aug 2014 19:04:25 GMT Age: 0 Location: http://www.linkedin.com/in/omilcent/home?trk=hb_logo Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/omilcent/home?trk=hb_logo | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: close Date: Wed, 06 Aug 2014 19:04:25 GMT Pragma: no-cache Location: http://fr.linkedin.com/in/omilcent Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:8FLLVxRoQNSEo4i2HKKdmyK8ojSoVl5Ik1TLmgzZZES__ZiAEf4Soa:1407351865:1a0f31268e2850d345e8d561c1d9ccaf95bdcd9a"; Version=1; Max-Age=1799; Expires=Wed, 06-Aug-2014 19:34:24 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:7955144204007796353"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Fri, 05-Aug-2016 19:04:25 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&665d3dd1-0eb7-4d25-8dbd-87665fd0a01b"; domain=.linkedin.com; Path=/; Expires=Sat, 06-Aug-2016 06:41:57 GMT Set-Cookie: lidc="b=VB38:g=96:u=1:i=1407351865:t=1407438265:s=1544197671"; Expires=Thu, 07 Aug 2014 19:04:25 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: f5e1d2c810eb8713e077ff8e502b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: prod-lva1 X-LI-UUID: 9eHSyBDrhxPgd/+OUCsAAA== | clean |
http://fr.linkedin.com/in/omilcent | 200 OK Content-Length: 31161 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) LI.Controls.addControl('control-http-12248-4917854-1', 'ToggleClass', { classname: 'view-all-skills', on: '#profile-skills' }); Antivirus reports:
| ||
https://www.linkedin.com/uas/authping?url=http%3A%2F%2Ffr%2Elinkedin%2Ecom%2Fin%2Fomilcent | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://oliviermilcent.com/static?key=country_listing | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Wed, 06 Aug 2014 19:04:27 GMT Age: 1 Location: http://www.linkedin.com/in/omilcent/static?key=country_listing Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/omilcent/static?key=country_listing | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: close Date: Wed, 06 Aug 2014 19:04:28 GMT Pragma: no-cache Location: http://fr.linkedin.com/in/omilcent Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UsjAHpYMEHrXLCneAudIvtv-4wrOp5C39_d2EWHyYPCtUiFsMKClXi:1407351869:9ae4fff2f66efbe8a2c47d30d0773f22c4a800fb"; Version=1; Max-Age=1799; Expires=Wed, 06-Aug-2014 19:34:28 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:6351337232099135361"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Fri, 05-Aug-2016 19:04:29 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&edd5b9e3-a244-4b33-84b3-8a9fcfbd166e"; domain=.linkedin.com; Path=/; Expires=Sat, 06-Aug-2016 06:42:01 GMT Set-Cookie: lidc="b=VB38:g=96:u=1:i=1407351869:t=1407438269:s=1739510191"; Expires=Thu, 07 Aug 2014 19:04:29 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 7a895c8211eb8713f044782d512b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: prod-lva1 X-LI-UUID: eolcghHrhxPwRHgtUSsAAA== | clean |
http://fr.linkedin.com/test404page.js | 404 Not Found Content-Length: 30631 Content-Type: text/html | clean |
http://fr.linkedin.com/home | HTTP/1.1 301 Moved Permanently Connection: keep-alive Date: Wed, 06 Aug 2014 19:04:30 GMT Location: https://fr.linkedin.com Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: fr-FR Content-Length: 0 P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: bcookie="v=2&04fb86ce-e662-4a20-9558-33f3429a9eed"; Version=1; Domain=linkedin.com; Max-Age=63072000; Expires=Fri, 05-Aug-2016 19:04:30 GMT; Path=/ Set-Cookie: leo_auth_token="GST:Up8qLVpcQ6GXNLbuWdlIUqtkHq-GERaP7B9q3eh8ij-tHRXpudHDWA:1407351870:4890cd9f62ac001361106679f3f427264019c1b1"; Version=1; Max-Age=1799; Expires=Wed, 06-Aug-2014 19:34:29 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.fr.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:8016297334818830177"; Version=1; Domain=.fr.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Fri, 05-Aug-2016 19:04:30 GMT; Path=/ Set-Cookie: lang="v=2&lang=fr-fr"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=fr-fr"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lidc="b=LB38:g=114:u=1:i=1407351870:t=1407438270:s=3391548080"; Expires=Thu, 07 Aug 2014 19:04:30 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 4d4391d411eb87138082a6882e2b0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: TUOR1BHrhxOAgqaILisAAA== | clean |
https://fr.linkedin.com/ | 200 OK Content-Length: 49945 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.6-min.js | 200 OK Content-Length: 27495 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-73i7ia1nx5zzwu00y71dahe04-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-a7br995b5xb4ztral63cjods4-rftdnvfzuncra9644jbr38ht-8s85e76fq22lk42 <span>...67 symbols skipped</span> | 200 OK Content-Length: 191204 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/common/u/js/scds-hashes.js | 200 OK Content-Length: 186 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-39m26cyluvvg09z6pvsh1e2z2-b6pywrj7tjq8qgs5770lcm6ph-c19zsujfl1pg46iqy33ubhqc5-jg2geo9vvgi07uxonjwzcd6y-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-28yt9dz78enxj3756l075s8j6-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl&fc=1 | 200 OK Content-Length: 84926 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=6xw4rwcqlk3kict9ouk5wjzxs-3qsk2peor188gw7gmh2irlhe5-78bwuml1uwwm9yb9sr3bw68qb-9xms7fd8xdfrly2skx89dmkyc-737qvlzqtyapsgwkydpsrbyum&fc=1 | 200 OK Content-Length: 20321 Content-Type: text/javascript | clean |
https://www.linkedin.com/uas/authping | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: oliviermilcent.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Wed, 06 Aug 2014 19:04:19 GMT
Age: 1
Location: http://www.linkedin.com/in/omilcent
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
GET / HTTP/1.1
Host: oliviermilcent.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Wed, 06 Aug 2014 19:04:19 GMT
Age: 1
Location: http://www.linkedin.com/in/omilcent
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: oliviermilcent.com
Referer: http://www.google.com/search?q=oliviermilcent.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: oliviermilcent.com
Referer: http://www.google.com/search?q=oliviermilcent.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=oliviermilcent.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://oliviermilcent.com/
Result: oliviermilcent.com is not infected or malware details are not published yet.
Result: oliviermilcent.com is not infected or malware details are not published yet.