Scanned pages/files
Request | Server response | Status |
http://swellmedia.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Fri, 15 Aug 2014 23:27:19 GMT Age: 0 Location: https://www.linkedin.com/in/bobbrink1 Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
https://www.linkedin.com/in/bobbrink1 | 200 OK Content-Length: 35306 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) LI.Controls.addControl('control-http-12248-4712887-1','ToggleClass',{classname:'view-all-skills',on:'#profile-skills'}); Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.6-min.js | 200 OK Content-Length: 27495 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-dfoaudjrk6rbf82f45bz5crwi-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-b88qxy99s08xoes <span>...275 symbols skipped</span> | 200 OK Content-Length: 269981 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=4zslye83akez5s4mf91hrq425-95d8d303rtd0n9wj4dcjbnh2c&fc=2 | 200 OK Content-Length: 2254 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=d43qahhuvg0j5mlh4c2m9sipk-ew7wxbzv14lsc4vzkh2xrbzqn-dp1os5pzpoyifn8ljtjpfxrz-e17zy6z51dugr6fy4su92o7de-eq875keqggun9hoxzfhbanjes&fc=2 | 200 OK Content-Length: 17345 Content-Type: text/javascript | clean |
http://swellmedia.com/reg/join?trk=hb_join | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Fri, 15 Aug 2014 23:27:25 GMT Age: 1 Location: https://www.linkedin.com/in/bobbrink1/reg/join?trk=hb_join Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
https://www.linkedin.com/in/bobbrink1/reg/join?trk=hb_join | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Date: Fri, 15 Aug 2014 23:27:26 GMT Pragma: no-cache Location: http://www.linkedin.com/in/bobbrink1 Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:9VR5XCDgP6jnH5wifcz1a5w09IIpc4tMPtRF10DZ7Ig1-ODb2J6eIE:1408145247:eb46c8ae5f473a15813ac2f21ea708bb4068d90f"; Version=1; Max-Age=1799; Expires=Fri, 15-Aug-2014 23:57:26 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:0243183840337040668"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 14-Aug-2016 23:27:27 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&86f484f4-e15e-49c4-8e8c-75d4a05ba684"; domain=.linkedin.com; Path=/; Expires=Mon, 15-Aug-2016 11:04:59 GMT Set-Cookie: bscookie="v=1&20140815232727dbd6e449-2fc5-4d60-8862-36b176cbbabbAQFgRb9wrqkUrQVE3yTatHRJZbxIpTbc"; domain=.www.linkedin.com; Path=/; Secure; Expires=Mon, 15-Aug-2016 11:04:59 GMT; HttpOnly Set-Cookie: lidc="b=LB91:g=96:u=1:i=1408145247:t=1408231647:s=2299014208"; Expires=Sat, 16 Aug 2014 23:27:27 GMT; domain=.linkedin.com; Path=/ Strict-Transport-Security: max-age=0 X-FS-UUID: e759333da4bc8a13e0a757cb0c2b0000 X-Li-Fabric: PROD-ELA4 X-Li-Pop: PROD-ELA4 X-LI-UUID: 51kzPaS8ihPgp1fLDCsAAA== | clean |
http://www.linkedin.com/in/bobbrink1 | 200 OK Content-Length: 34089 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) LI.Controls.addControl('control-http-12248-16320197-1','ToggleClass',{classname:'view-all-skills',on:'#profile-skills'}); Antivirus reports:
| ||
http://static.licdn.com:80/scds/common/u/lib/fizzy/fz-1.3.6-min.js | 200 OK Content-Length: 27495 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-dfoaudjrk6rbf82f45bz5crwi-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-b88qxy99s08xoe <span>...276 symbols skipped</span> | 200 OK Content-Length: 269981 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=4zslye83akez5s4mf91hrq425-95d8d303rtd0n9wj4dcjbnh2c&fc=2 | 200 OK Content-Length: 2254 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=d43qahhuvg0j5mlh4c2m9sipk-ew7wxbzv14lsc4vzkh2xrbzqn-dp1os5pzpoyifn8ljtjpfxrz-e17zy6z51dugr6fy4su92o7de-eq875keqggun9hoxzfhbanjes&fc=2 | 200 OK Content-Length: 17345 Content-Type: text/javascript | clean |
http://swellmedia.com/home?trk=hb_logo | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Fri, 15 Aug 2014 23:27:29 GMT Age: 0 Location: https://www.linkedin.com/in/bobbrink1/home?trk=hb_logo Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
https://www.linkedin.com/in/bobbrink1/home?trk=hb_logo | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Date: Fri, 15 Aug 2014 23:27:30 GMT Pragma: no-cache Location: http://www.linkedin.com/in/bobbrink1 Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:9i1mfFeR2r2v6y_BGT1J9l72L0e-_Hs4PO5CF8e3jL2By-_ByI_F6b:1408145250:0069079f8684aa8758d87b23d50d1a2a2b4bbc8e"; Version=1; Max-Age=1799; Expires=Fri, 15-Aug-2014 23:57:29 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:3223415071555769867"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 14-Aug-2016 23:27:30 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&138c19c0-0616-4b11-8255-5045ad148243"; domain=.linkedin.com; Path=/; Expires=Mon, 15-Aug-2016 11:05:02 GMT Set-Cookie: bscookie="v=1&2014081523273074d3efaa-6ece-483a-8499-4fd99ab23cdfAQFBNB2IIgU1j2n8TF1y65eVCaczVl3z"; domain=.www.linkedin.com; Path=/; Secure; Expires=Mon, 15-Aug-2016 11:05:02 GMT; HttpOnly Set-Cookie: lidc="b=VB91:g=110:u=1:i=1408145250:t=1408231650:s=3525174921"; Expires=Sat, 16 Aug 2014 23:27:30 GMT; domain=.linkedin.com; Path=/ Strict-Transport-Security: max-age=0 X-FS-UUID: b367b609a5bc8a1380990be1872b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: prod-lva1 X-LI-UUID: s2e2CaW8ihOAmQvhhysAAA== | clean |
http://www.linkedin.com/test404page.js | 404 Not Found Content-Length: 30484 Content-Type: text/html | clean |
http://www.linkedin.com/home | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Date: Fri, 15 Aug 2014 23:27:31 GMT Pragma: no-cache Location: https://www.linkedin.com Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO CUR ADM DEV PSA PSD OUR" P3P: CP="CAO CUR ADM DEV PSA PSD OUR" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:9LrBXNjs1fwHTcE1W1rvRxjIIU-V0gIua5MC1WoRO0wbQj61KgdeV7:1408145251:cc96edc8f9f425fa42b7551bfa94dbc98f13e1bc"; Version=1; Max-Age=1799; Expires=Fri, 15-Aug-2014 23:57:30 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:1642184766418840607"; Version=1; Domain=.www.linkedin.com; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 14-Aug-2016 23:27:31 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&9ca0cb90-71d3-400a-8dc2-5d3ae7a44267"; domain=.linkedin.com; Path=/; Expires=Mon, 15-Aug-2016 11:05:03 GMT Set-Cookie: lidc="b=VB91:g=110:u=1:i=1408145251:t=1408231651:s=3574003051"; Expires=Sat, 16 Aug 2014 23:27:31 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: cbf15248a5bc8a13c0e051e0872b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: prod-lva1 X-LI-UUID: y/FSSKW8ihPA4FHghysAAA== | clean |
https://www.linkedin.com/ | 200 OK Content-Length: 48046 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on(window,'load',function(){(function(){var protocol='https:';var d=new Image(1,1);d.onerror=d.onload=function(){d.onerror=d.onload=null;};d.src=[protocol,"//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=",escape(window.location.href),"&ts=compact&rnd=",(new Date()).getTime()].join('');})();}); Antivirus reports:
| ||
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v-dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-a7br995b5xb4ztral63cjods4-rftdnvfzuncra9644jbr38ht-8s85e76fq22lk42rfavbckpvb-4zslye83akez5s4mf91hrq425-95d8d303rtd0n9wj4dcjbnh2c&fc=1 | 200 OK Content-Length: 191107 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/common/u/js/scds-hashes.js | 200 OK Content-Length: 18153 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl&fc=1 | 200 OK Content-Length: 84246 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: swellmedia.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Fri, 15 Aug 2014 23:27:19 GMT
Age: 0
Location: https://www.linkedin.com/in/bobbrink1
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
GET / HTTP/1.1
Host: swellmedia.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Fri, 15 Aug 2014 23:27:19 GMT
Age: 0
Location: https://www.linkedin.com/in/bobbrink1
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: swellmedia.com
Referer: http://www.google.com/search?q=swellmedia.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: swellmedia.com
Referer: http://www.google.com/search?q=swellmedia.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=swellmedia.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://swellmedia.com/
Result: swellmedia.com is not infected or malware details are not published yet.
Result: swellmedia.com is not infected or malware details are not published yet.