Scanned pages/files
| Request | Server response | Status |
http://mysynchrony.com/ | HTTP/1.1 301 Moved Permanently Connection: Keep-Alive Location: https://www.mysynchrony.com/ Server: BigIP Content-Length: 0 | clean |
https://www.mysynchrony.com/ | 200 OK Content-Length: 24001 Content-Type: text/html | clean |
https://www.mysynchrony.com//nexus.ensighten.com/gecrbblue/synchronyProd/Bootstrap.js/ | 404 Not Found Content-Length: 9332 Content-Type: text/html | clean |
https://www.mysynchrony.com/index.html | 200 OK Content-Length: 24001 Content-Type: text/html | clean |
https://www.mysynchrony.com/js/vendor/modernizr-2.6.2-respond-1.1.0.min.js | 200 OK Content-Length: 19494 Content-Type: application/javascript | clean |
https://www.mysynchrony.com/js/main.min.cc57f59f.js | 200 OK Content-Length: 165028 Content-Type: application/javascript | clean |
https://www.mysynchrony.com/js/a-b.js | 200 OK Content-Length: 1653 Content-Type: application/javascript | clean |
https://www.mysynchrony.com/js/tagging.js | 200 OK Content-Length: 727 Content-Type: application/javascript | clean |
https://www.mysynchrony.com/foresee/foresee-trigger.js | 200 OK Content-Length: 72914 Content-Type: application/javascript | clean |
https://www.mysynchrony.com/financing.html | 200 OK Content-Length: 19663 Content-Type: text/html | clean |
https://www.mysynchrony.com/js/vendor/jquery-ui.autocomplete.min.js | 200 OK Content-Length: 302105 Content-Type: application/javascript | clean |
https://www.mysynchrony.com/js/locator/locator.js | 200 OK Content-Length: 8644 Content-Type: application/javascript | clean |
https://www.mysynchrony.com/merchants/auto-parts-services-financing.html | 200 OK Content-Length: 16989 Content-Type: text/html | clean |
https://www.mysynchrony.com/js/category.js | 200 OK Content-Length: 19161 Content-Type: application/javascript | clean |
https://www.mysynchrony.com/merchants/electronics-appliances-financing.html | 200 OK Content-Length: 17885 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://4394803.fls.doubleclick.net/activityi;src=4394803;type=ECApp0;cat=ECApp0;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
https://www.mysynchrony.com/merchants/flooring-financing.html | 200 OK Content-Length: 16753 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mysynchrony.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Location: https://www.mysynchrony.com/
Server: BigIP
Content-Length: 0
...0 bytes of data.
GET / HTTP/1.1
Host: mysynchrony.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Location: https://www.mysynchrony.com/
Server: BigIP
Content-Length: 0
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mysynchrony.com
Referer: http://www.google.com/search?q=mysynchrony.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mysynchrony.com
Referer: http://www.google.com/search?q=mysynchrony.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mysynchrony.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mysynchrony.com/
Result: mysynchrony.com is not infected or malware details are not published yet.
Result: mysynchrony.com is not infected or malware details are not published yet.