Scanned pages/files
| Request | Server response | Status |
http://tgnelson.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Fri, 09 May 2014 12:55:24 GMT Age: 0 Location: http://www.linkedin.com/in/tgnelson Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/tgnelson | 200 OK Content-Length: 72874 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) LI.Controls.addControl('control-http-12248-2029162-1', 'ToggleClass', { classname: 'view-all-skills', on: '#profile-skills' }); Antivirus reports:
| ||
http://static.licdn.com:80/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=2 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-62og8s54488owngg0s7escdit-c8ha6zrgpgcni7poa5ctye7il-djim7uyllidc9gta745y2wo5m-51dv6schthjydhvcv6rxvospp-d7z5zqt26qe7ht91f8494hqx5-e9rsfv7b5gx0bk0tln31dx3sq-2r5gveucqe4lsolc3n0oljsn1-8v2hz0euzy8m1tk5d6tfrn6j-b88qxy99s08xoes3weacd08uc-bymlr3eiytxzjg9or01ze5ia8-ac8pg92mfnb2j836ntpvg1fsi-8s85e76fq22lk42rfavbckpvb-lyi4ca0d33mbz <span>...172 symbols skipped</span> | 200 OK Content-Length: 266871 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=2 | 200 OK Content-Length: 2185 Content-Type: text/javascript | clean |
http://s.c.lnkd.licdn.com/scds/concat/common/js?h=d43qahhuvg0j5mlh4c2m9sipk-ew7wxbzv14lsc4vzkh2xrbzqn-dp1os5pzpoyifn8ljtjpfxrz-e17zy6z51dugr6fy4su92o7de-eq875keqggun9hoxzfhbanjes&fc=2 | 200 OK Content-Length: 17345 Content-Type: text/javascript | clean |
http://tgnelson.com/home?trk=hb_logo | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Fri, 09 May 2014 12:55:31 GMT Age: 0 Location: http://www.linkedin.com/in/tgnelson/home?trk=hb_logo Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.linkedin.com/in/tgnelson/home?trk=hb_logo | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: keep-alive Date: Fri, 09 May 2014 12:55:31 GMT Pragma: no-cache Location: http://www.linkedin.com/in/tgnelson Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:ZCvbPgADAF-lWIsPZAYbqjRhPCVEFqEhYLvYGuAOLCVESggp9LnG_f:1399640131:3ed819257fb86717edb071d914ada7a288f88359"; Version=1; Max-Age=1799; Expires=Fri, 09-May-2014 13:25:30 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:3729219057283433208"; Version=1; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 08-May-2016 12:55:31 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&16c1f9ae-5992-4d31-8c49-2de6ccd936e3"; domain=.linkedin.com; Path=/; Expires=Mon, 09-May-2016 00:33:03 GMT Set-Cookie: lidc="b=VB38:g=70:u=1:i=1399640131:t=1399726531:s=4283650002"; Expires=Sat, 10 May 2014 12:55:31 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: c0caaabd48856c13f05b47052e2b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: PROD-IDB2 X-LI-UUID: wMqqvUiFbBPwW0cFLisAAA== | clean |
http://www.linkedin.com/test404page.js | 404 Not Found Content-Length: 30484 Content-Type: text/html | clean |
http://www.linkedin.com/home | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store Connection: keep-alive Date: Fri, 09 May 2014 12:55:31 GMT Pragma: no-cache Location: https://www.linkedin.com Server: Apache-Coyote/1.1 Vary: Accept-Encoding Content-Language: en-US Content-Length: 0 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE" Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: leo_auth_token="GST:8ip2B5Aa-H9lsHnN6AtUYOkhm-3EdGrcJSt2-fAOBI9KGhSNtihItQ:1399640132:3fd0834d7631e47484825bb5ebc882497e147ed0"; Version=1; Max-Age=1799; Expires=Fri, 09-May-2014 13:25:31 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sl="delete me"; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: JSESSIONID="ajax:6870577536687336861"; Version=1; Path=/ Set-Cookie: visit="v=1&G"; Version=1; Max-Age=63072000; Expires=Sun, 08-May-2016 12:55:32 GMT; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Set-Cookie: bcookie="v=2&89c2b45b-fe4d-4884-82f6-21d3f268856b"; domain=.linkedin.com; Path=/; Expires=Mon, 09-May-2016 00:33:04 GMT Set-Cookie: lidc="b=VB38:g=70:u=1:i=1399640132:t=1399726532:s=37510836"; Expires=Sat, 10 May 2014 12:55:32 GMT; domain=.linkedin.com; Path=/ X-FS-UUID: d8e0dfeb48856c13d088dd0f092b0000 X-Li-Fabric: prod-lva1 X-Li-Pop: PROD-IDB2 X-LI-UUID: 2ODf60iFbBPQiN0PCSsAAA== | clean |
https://www.linkedin.com/ | 200 OK Content-Length: 50022 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) YEvent.on( window, 'load', function() { (function () { var protocol = 'https:'; var d = new Image(1, 1); d.onerror = d.onload = function () { d.onerror = d.onload = null; }; d.src = [ protocol, "//secure-us.imrworldwide.com/cgi-bin/m?ci=us-603751h&cg=0&cc=1&si=", escape(window.location.href), "&ts=compact&rnd=", (new Date()).getTime() ].join(''); })(); }); Antivirus reports:
| ||
https://static.licdn.com:443/scds/common/u/lib/fizzy/fz-1.3.5-min.js | 200 OK Content-Length: 26523 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3nuvxgwg15rbghxm1gpzfbya2-35e6ug1j754avohmn1bzmucat-mv3v66b8q0h1hvgvd3yfjv5f-14k913qahq3mh0ac0lh0twk9v&fc=1 | 200 OK Content-Length: 2744 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=dfoaudjrk6rbf82f45bz5crwi-e9rsfv7b5gx0bk0tln31dx3sq-b88qxy99s08xoes3weacd08uc-3eh5zbf8m3976frnzqqz8r2md-1l6r5aklcrehj1n7wy2v08xoy-8zc7dy7k0uqxxso1zmcx40mxo-4u94p4bxx04dc4qyt04hi6b7z-6qxi7j04m9bajw0tu0npnkexj-8s85e76fq22lk42rfavbckpvb-6b5tomv24hymqjdn9yh9vdxyg-95d8d303rtd0n9wj4dcjbnh2c&fc=1 | 200 OK Content-Length: 187078 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/common/u/js/scds-hashes.js | 200 OK Content-Length: 186 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=25kaepc6rgo1820ap1rglmzr4-c19zsujfl1pg46iqy33ubhqc5-8dsj0i05aa9so2un8dmci2gmx-ascppxxu6dqpt5sppka77kdt0-39o2kw4renyd4i8pt5n9x0qaz-9cttgd1ueltkur8cb164nt1vt-35b6d44bfxo2cvy5hbzc0zsgl&fc=1 | 200 OK Content-Length: 84246 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=3qsk2peor188gw7gmh2irlhe5-78bwuml1uwwm9yb9sr3bw68qb-9xms7fd8xdfrly2skx89dmkyc&fc=1 | 200 OK Content-Length: 20133 Content-Type: text/javascript | clean |
https://static.licdn.com/scds/concat/common/js?h=4gd308q7uhcsqx9gfzu9dv06p&fc=1 | 200 OK Content-Length: 343 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tgnelson.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Fri, 09 May 2014 12:55:24 GMT
Age: 0
Location: http://www.linkedin.com/in/tgnelson
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
GET / HTTP/1.1
Host: tgnelson.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Fri, 09 May 2014 12:55:24 GMT
Age: 0
Location: http://www.linkedin.com/in/tgnelson
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tgnelson.com
Referer: http://www.google.com/search?q=tgnelson.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tgnelson.com
Referer: http://www.google.com/search?q=tgnelson.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tgnelson.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tgnelson.com/
Result: tgnelson.com is not infected or malware details are not published yet.
Result: tgnelson.com is not infected or malware details are not published yet.