Scanned pages/files
| Request | Server response | Status |
http://pauldierickx.info/ | HTTP/1.1 302 Found Cache-Control: max-age=900 Connection: close Date: Fri, 02 May 2014 06:47:05 GMT Age: 0 Location: http://www.linkedin.com/in/pauldierickx Server: Microsoft-IIS/7.5 Content-Length: 156 Content-Type: text/html; charset=utf-8 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/pauldierickx | 200 OK Content-Length: 72537 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'http:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
http://static.licdn.com:80/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=2 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-b88qxy99s08xoes3weacd08uc-bymlr3eiytxzjg9or01ze5ia8-ac8pg92mfnb2j836ntpvg1fsi-8s85e76fq22lk42rfavbckpvb-lyi4ca0d33mbz <span>...172 symbols skipped</span> | 200 OK Content-Length: 266871 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=2 | 200 OK Content-Length: 2185 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=d43qahhuvg0j5mlh4c2m9sipk-ew7wxbzv14lsc4vzkh2xrbzqn-dp1os5pzpoyifn8ljtjpfxrz-e17zy6z51dugr6fy4su92o7de-eq875keqggun9hoxzfhbanjes&fc=2 | 200 OK Content-Length: 17345 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=2ktfa1kftfo63s0zzwtqt9mf0-8gbx7j37ci71i6ql6288dl551&fc=2 | 200 OK Content-Length: 2106 Content-Type: text/javascript | clean |
http://pauldierickx.info/home?trk=hb_logo | HTTP/1.1 302 Found Cache-Control: max-age=900 Connection: close Date: Fri, 02 May 2014 06:47:09 GMT Age: 0 Location: http://www.linkedin.com/in/pauldierickx/home?trk=hb_logo Server: Microsoft-IIS/7.5 Content-Length: 173 Content-Type: text/html; charset=utf-8 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/pauldierickx/home?trk=hb_logo | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: keep-alive Date: Fri, 02 May 2014 06:47:10 GMT Pragma: no-cache Location: http://www.linkedin.com/in/pauldierickx Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:ZMvmGsLSs5w_sx2nQ3tJpdL1qRPlGxohgCt4dyLaAbw_Wse1fT6c0F:1399013230:1c74d307f8ef4bf892e587755f0b16d043bc3f44"; Version=1; Max-Age=1799; Expires=Fri, 02-May-2014 07:17:09 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:2320564657204998172"; Version=1; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 01-May-2016 06:47:10 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&6db46ea2-30fa-43ac-8b20-4911e741afe0"; domain=.linkedin.com; Path=/; Expires=Sun, 01-May-2016 18:24:42 GMT Set-Cookie: lidc="b=VB38:g=68:u=1:i=1399013230:t=1399099630:s=2539549042"; Expires=Sat, 03 May 2014 06:47:10 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 4021f9ef1e4b6a137039474ddb2a0000 X-Li-Fabric: prod-lva1 X-Li-Pop: PROD-IDB2 X-LI-UUID: QCH57x5LahNwOUdN2yoAAA== | clean |
http://www.linkedin.com/test404page.js | 404 Not Found Content-Length: 30484 Content-Type: text/html | clean |
http://www.linkedin.com/home | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: keep-alive Date: Fri, 02 May 2014 06:47:10 GMT Pragma: no-cache Location: https://www.linkedin.com Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:8pgknXMMrXeeu3zwcoxZnnMJHm77I3Zwvtok7RailOe7P8A-Bg6Ez3:1399013231:aef3eca907e6a1e4b3c9a897fa57983073bfc79e"; Version=1; Max-Age=1799; Expires=Fri, 02-May-2014 07:17:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:2575494055500291170"; Version=1; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 01-May-2016 06:47:11 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&20567272-cecd-4850-8620-85a01b881661"; domain=.linkedin.com; Path=/; Expires=Sun, 01-May-2016 18:24:43 GMT Set-Cookie: lidc="b=VB38:g=68:u=1:i=1399013231:t=1399099631:s=2588377172"; Expires=Sat, 03 May 2014 06:47:11 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 38dec1171f4b6a13f05d9bd3932b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: PROD-IDB2 X-LI-UUID: ON7BFx9LahPwXZvTkysAAA== | clean |
https://www.linkedin.com/ | 200 OK Content-Length: 64100 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=1 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-4u94p4bxx04dc4qyt04hi6b7z-6qxi7j04m9bajw0tu0npnkexj-8s85e76fq22lk42rfavbckpvb-6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=1 | 200 OK Content-Length: 187078 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/common/u/js/scds-hashes.js | 200 OK Content-Length: 186 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl&fc=1 | 200 OK Content-Length: 84246 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3qsk2peor188gw7gmh2irlhe5-78bwuml1uwwm9yb9sr3bw68qb-9xms7fd8xdfrly2skx89dmkyc&fc=1 | 200 OK Content-Length: 20133 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pauldierickx.info
Result:
HTTP/1.1 302 Found
Cache-Control: max-age=900
Connection: close
Date: Fri, 02 May 2014 06:47:05 GMT
Age: 0
Location: http://www.linkedin.com/in/pauldierickx
Server: Microsoft-IIS/7.5
Content-Length: 156
Content-Type: text/html; charset=utf-8
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...156 bytes of data.
GET / HTTP/1.1
Host: pauldierickx.info
Result:
HTTP/1.1 302 Found
Cache-Control: max-age=900
Connection: close
Date: Fri, 02 May 2014 06:47:05 GMT
Age: 0
Location: http://www.linkedin.com/in/pauldierickx
Server: Microsoft-IIS/7.5
Content-Length: 156
Content-Type: text/html; charset=utf-8
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...156 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: pauldierickx.info
Referer: http://www.google.com/search?q=pauldierickx.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pauldierickx.info
Referer: http://www.google.com/search?q=pauldierickx.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pauldierickx.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pauldierickx.info/
Result: pauldierickx.info is not infected or malware details are not published yet.
Result: pauldierickx.info is not infected or malware details are not published yet.