Malware Scanner report for samuelguimaraes.com

Malicious/Suspicious/Total urls checked: 4/0/22

4 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://samuelguimaraes.com/	HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Jun 2014 17:50:29 GMT Location: http://www.samuelguimaraes.com/ Server: Apache Vary: Accept-Encoding Content-Length: 239 Content-Type: text/html; charset=iso-8859-1	clean
http://www.samuelguimaraes.com/	HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Jun 2014 17:50:30 GMT Location: http://br.linkedin.com/in/samuelgui Server: Apache Vary: Accept-Encoding Content-Length: 243 Content-Type: text/html; charset=iso-8859-1	clean
http://br.linkedin.com/in/samuelgui	200 OK Content-Length: 38035 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'http:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports: Emsisoft Android.Trojan.FakeInst.GP (B)
http://static.licdn.com:80/scds/common/u/lib/fizzy/fz-1.3.5-min.js	200 OK Content-Length: 26523 Content-Type: text/javascript	clean
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=2	200 OK Content-Length: 2744 Content-Type: text/javascript	clean
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-b88qxy99s08xoes3weacd08uc-bymlr3eiytxzjg9or01ze5ia8-ac8pg92mfnb2j836ntpvg1fsi-8s85e76fq22lk42rfavbckpvb-lyi4ca0d33mbz <span>...172 symbols skipped</span>	200 OK Content-Length: 266924 Content-Type: text/javascript	clean
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=2	200 OK Content-Length: 2255 Content-Type: text/javascript	clean
https://www.linkedin.com/uas/authping?url=http%3A%2F%2Fbr%2Elinkedin%2Ecom%2Fin%2Fsamuelgui	200 OK Content-Length: 0 Content-Type: text/javascript	clean
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=d43qahhuvg0j5mlh4c2m9sipk-ew7wxbzv14lsc4vzkh2xrbzqn-dp1os5pzpoyifn8ljtjpfxrz-e17zy6z51dugr6fy4su92o7de-eq875keqggun9hoxzfhbanjes&fc=2	200 OK Content-Length: 17345 Content-Type: text/javascript	clean
http://samuelguimaraes.com/home?trk=hb_logo	HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Jun 2014 17:50:33 GMT Location: http://www.samuelguimaraes.com/home?trk=hb_logo Server: Apache Vary: Accept-Encoding Content-Length: 255 Content-Type: text/html; charset=iso-8859-1	clean
http://www.samuelguimaraes.com/home?trk=hb_logo	HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Jun 2014 17:50:33 GMT Location: http://br.linkedin.com/in/samuelguihome?trk=hb_logo Server: Apache Vary: Accept-Encoding Content-Length: 259 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug	clean
http://br.linkedin.com/in/samuelguihome?trk=hb_logo	404 Not Found Content-Length: 19809 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'http:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports: Emsisoft Android.Trojan.FakeInst.GP (B)
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=495c50siuofq2wkt2shjzquud&fc=2	200 OK Content-Length: 443 Content-Type: text/javascript	clean
http://samuelguimaraes.com/home	HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Jun 2014 17:50:35 GMT Location: http://www.samuelguimaraes.com/home Server: Apache Vary: Accept-Encoding Content-Length: 243 Content-Type: text/html; charset=iso-8859-1	clean
http://www.samuelguimaraes.com/home	HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Jun 2014 17:50:35 GMT Location: http://br.linkedin.com/in/samuelguihome Server: Apache Vary: Accept-Encoding Content-Length: 247 Content-Type: text/html; charset=iso-8859-1	clean
http://br.linkedin.com/in/samuelguihome	404 Not Found Content-Length: 19881 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'http:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports: Emsisoft Android.Trojan.FakeInst.GP (B)
http://br.linkedin.com/home?trk=hb_logo	HTTP/1.1 301 Moved Permanently Connection: keep-alive Date: Sat, 21 Jun 2014 17:45:14 GMT Location: https://br.linkedin.com?trk=hb_logo Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: pt-BR Content-Length: 0 P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: bcookie="v=2&4bcee9e8-7dd0-47ea-9b40-0b2be042be1f"; Version=1; Domain=linkedin.com; Max-Age=63072000; Expires=Mon, 20-Jun-2016 17:45:14 GMT; Path=/ Set-Cookie: leo_auth_token="GST:UrRDINIZqtvYoFpWa8RDjNITfHWYBJVD54LGjWsosBvH_MWD9bEkab:1403372714:032e4034635503f13ae452d7c0001dae522df8b8"; Version=1; Max-Age=1799; Expires=Sat, 21-Jun-2014 18:15:13 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.br.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:6132862584609974418"; Version=1; Domain=.br.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Mon, 20-Jun-2016 17:45:14 GMT; Path=/ Set-Cookie: lang="v=2&lang=pt-br"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=pt-br"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lidc="b=LB38:g=97:u=1:i=1403372714:t=1403459114:s=2633280990"; Expires=Sun, 22 Jun 2014 17:45:14 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: 4e7185620cc879131038d2a4e62a0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: TnGFYgzIeRMQONKk5ioAAA==	clean
https://br.linkedin.com?trk=hb_logo/	200 OK Content-Length: 49007 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports: Emsisoft Android.Trojan.FakeInst.GP (B)
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.5-min.js	200 OK Content-Length: 26523 Content-Type: text/javascript	clean
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=1	200 OK Content-Length: 2744 Content-Type: text/javascript	clean
https://static.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-4u94p4bxx04dc4qyt04hi6b7z-6qxi7j04m9bajw0tu0npnkexj-8s85e76fq22lk42rfavbckpvb-6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=1	200 OK Content-Length: 187078 Content-Type: text/javascript	clean
https://static.licdn.com/scds/common/u/js/scds-hashes.js	200 OK Content-Length: 186 Content-Type: text/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: samuelguimaraes.com

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 21 Jun 2014 17:50:29 GMT
Location: http://www.samuelguimaraes.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 239
Content-Type: text/html; charset=iso-8859-1

...239 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: samuelguimaraes.com
Referer: http://www.google.com/search?q=samuelguimaraes.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=samuelguimaraes.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://samuelguimaraes.com/

Result: samuelguimaraes.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for samuelguimaraes.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools