Scanned pages/files
Request | Server response | Status |
http://snydshop.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:40 GMT Location: http://www.snydshop.com/ Server: nginx/1.0.15 Content-Length: 154 Content-Type: text/html | clean |
http://www.snydshop.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:40 GMT Location: http://www.amway.com/BrianMeredithSnyder Server: nginx/1.0.15 Content-Length: 154 Content-Type: text/html | clean |
http://www.amway.com/brianmeredithsnyder | 200 OK Content-Length: 77253 Content-Type: text/html | clean |
http://www.amway.com/Shop/JS/Tealeaf/TeaLeafCfg.js | 200 OK Content-Length: 8083 Content-Type: application/x-javascript | clean |
http://snydshop.com/Shop/JS/Tealeaf/TeaLeaf.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:42 GMT Location: http://www.snydshop.com/Shop/JS/Tealeaf/TeaLeaf.js Server: nginx/1.0.15 Content-Length: 154 Content-Type: text/html | clean |
http://www.snydshop.com/shop/js/tealeaf/tealeaf.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:43 GMT Location: http://www.amway.com/shop/js/tealeaf/tealeaf.js/BrianMeredithSnyder Server: nginx/1.0.15 Content-Length: 154 Content-Type: text/html | clean |
http://www.amway.com/shop/js/tealeaf/tealeaf.js/brianmeredithsnyder | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:43 GMT Location: http://www.amway.com/shop/error/404.aspx Server: Microsoft-IIS/7.5 Content-Length: 163 Content-Type: text/html; charset=UTF-8 P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA" Set-Cookie: TLTHID=CDCC46F947AC27A1690F15AE04594095; Path=/; Domain=.amway.com Set-Cookie: TLTSID=CDCC46F947AC27A1690F15AE04594095; Path=/; Domain=.amway.com Set-Cookie: TLTUID=CDCC46F947AC27A1690F15AE04594095; Path=/; Domain=.amway.com; expires=Sun, 28-09-2024 08:35:43 GMT X-Powered-By: ASP.NET | clean |
http://www.amway.com/shop/error/404.aspx | 404 Not Found Content-Length: 16883 Content-Type: text/html | clean |
http://www.amway.com/ | 200 OK Content-Length: 76155 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=homep778;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=homep778;ord=1? <iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=homep778;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=homep778;ord= <iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=homep778;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://www.amway.com/Shop/JS/Tealeaf/TeaLeaf.js | 200 OK Content-Length: 78679 Content-Type: application/x-javascript | clean |
http://www.amway.com/Shop/JS/Bundled/Head-min.js?build=GW.04.11.00.03-2014.09.25.1308 | 200 OK Content-Length: 300480 Content-Type: application/x-javascript | clean |
http://www.amway.com/WebResource.axd?d=_FpaXhr8UavY0awA0-NNjRCRQflBge2vvcFOPTW4gGgshLSr9IKoCBwboRga--1ZQ9BSHeUvv6Jhgdp-pvR5RAMUadY1&t=635471325868888835 | 200 OK Content-Length: 21823 Content-Type: application/x-javascript | clean |
http://www.amway.com/ScriptResource.axd?d=_iy_cqWBPdHlZwMoqQH31KMPMZ9zP7ccfH-GhfjltI_2sl1dFT3pO05XuonBt8ZMky15rp69ZIWP1gFrJmd57hQxLVO6VxP_kpZeAQjYtIZqJ2UqVxOX5zbeuZN8CDD8YKulnGu7cSuAWDMPKAHb_P5xJjsfbAL7VpPP8B3szlKXcBBkKzLag-QGoXCyaq1j95AYL4itbzvMw4A3dngnodPcysm5R91TPjHUu_owG2-VysQstwD6OisFRQUVIRT-O5hgzOJDSaY8FRIhXF7Gn09Lbm29zQe0mOIkLWZB2r6UnhnJRIDwyFODwWOxOzZTTGKt09_ehI2s6PJnJpNhYBh08qVE_nBqdvVxfj <span>...374 symbols skipped</span> | 200 OK Content-Length: 300873 Content-Type: application/x-javascript | clean |
http://www.amway.com/Ajax/prototype-core.ashx | 200 OK Content-Length: 19069 Content-Type: application/x-javascript | clean |
http://www.amway.com/Ajax/converter.ashx | 200 OK Content-Length: 4553 Content-Type: application/x-javascript | clean |
http://www.amway.com/ajax/type.ashx?t=Amway.Core.Web.UI.Common.AmwayPopupControl,Amway.Core.Web.UI.Impl!Amway.Core.Web.UI.Analytics.AnalyticsControl,Amway.Core.Web.UI.Impl!Amway.Core.Web.UI.Search.SearchControl,Amway.Core.Web.UI.Impl!Amway.Core.Web.UI.Navigation.CountryControl,Amway.Core.Web.UI.Impl!Amway.Core.Web.UI.Cart.CartNavigationControl,Amway.Core.Web.UI.Impl!Amway.Core.Web.UI.Cart.CartAddI <span>...106 symbols skipped</span> | 200 OK Content-Length: 5042 Content-Type: application/x-javascript | clean |
http://www.amway.com/WebResource.axd?d=oWmTMK4owS4NHajRwcO4AdrCGSc9UPmNY-0ftERPzfYAKxynrLkXny6E2xLQZjRbs8bySpC9Upo884bqUznRS6QiT7pUuzv3nJQ1dHOONv5B9egXjkBHEgcahnLh_36FhyHfVtSCwxiiJeAs6xJDaoxJ7cMPmNd5GjvdCSzy3AU6nNGr0&t=635472484855523098 | 200 OK Content-Length: 29242 Content-Type: text/javascript | clean |
http://www.amway.com/Shop/JS/Bundled/Main-min.js?build=GW.04.11.00.03-2014.09.25.1308 | 200 OK Content-Length: 292325 Content-Type: application/x-javascript | clean |
http://www.amway.com/en | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 28 Sep 2014 08:35:49 GMT Location: http://www.amway.com/ Server: Microsoft-IIS/7.5 Content-Length: 144 Content-Type: text/html; charset=UTF-8 P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA" Set-Cookie: TLTHID=DD38ADF94E788499C4C554B4198EE95F; Path=/; Domain=.amway.com Set-Cookie: TLTSID=DD38ADF94E788499C4C554B4198EE95F; Path=/; Domain=.amway.com Set-Cookie: TLTUID=DD38ADF94E788499C4C554B4198EE95F; Path=/; Domain=.amway.com; expires=Sun, 28-09-2024 08:35:49 GMT X-Powered-By: ASP.NET | clean |
http://www.amway.com/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:49 GMT Location: http://www.amway.com/shop/error/404.aspx Server: Microsoft-IIS/7.5 Content-Length: 163 Content-Type: text/html; charset=UTF-8 P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA" Set-Cookie: TLTHID=5998519E48AD4413BC483DA453EEB636; Path=/; Domain=.amway.com Set-Cookie: TLTSID=5998519E48AD4413BC483DA453EEB636; Path=/; Domain=.amway.com Set-Cookie: TLTUID=5998519E48AD4413BC483DA453EEB636; Path=/; Domain=.amway.com; expires=Sun, 28-09-2024 08:35:49 GMT X-Powered-By: ASP.NET | clean |
http://www.amway.com/Shop/Access/Login.aspx?ReturnURL=http://www.amway.com/ | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Connection: close Date: Sun, 28 Sep 2014 08:35:50 GMT Pragma: no-cache Location: https://www.amway.com/Shop/Access/Login.aspx?ReturnURL=http://www.amway.com/ Server: Microsoft-IIS/7.5 Content-Length: 265 Expires: -1 P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA" Set-Cookie: x_Amway=USQS1114 - GW.04.11.00.03-2014.09.25.1308; path=/ Set-Cookie: __AmwayTmp=cid=0&cnty=US&lng=EN&bn=Visitor&orgclass=Visitor&put=Applicant1&crncy=USD&vcartid=37944010-73d0-46cd-bef8-51ddf0877cb9; domain=.amway.com; path=/ Set-Cookie: TLTHID=BEF4578A4008CDC45AEF0BAE068F7AAE; Path=/; Domain=.amway.com Set-Cookie: TLTSID=BEF4578A4008CDC45AEF0BAE068F7AAE; Path=/; Domain=.amway.com Set-Cookie: TLTUID=BEF4578A4008CDC45AEF0BAE068F7AAE; Path=/; Domain=.amway.com; expires=Sun, 28-09-2024 08:35:49 GMT X-Powered-By: ASP.NET | clean |
https://www.amway.com/shop/access/login.aspx?returnurl=http://www.amway.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Connection: close Date: Sun, 28 Sep 2014 08:35:50 GMT Pragma: no-cache Location: /Shop/Access/Login.aspx Server: Microsoft-IIS/7.5 Content-Length: 72 Content-Type: text/html; charset=utf-8 Expires: -1 P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA" Set-Cookie: x_Amway=USQS1102 - GW.04.11.00.03-2014.09.25.1308; path=/ Set-Cookie: ASP.NET_SessionId=hz0hejendln1pcfgbv0yvbsk; path=/; HttpOnly Set-Cookie: __AmwayTmp=cid=0&cnty=US&lng=EN&bn=Visitor&orgclass=Visitor&put=Applicant1&crncy=USD&vcartid=cd125b93-686b-4f68-9bc6-f0cebb91f267; domain=.amway.com; path=/ Set-Cookie: TLTHID=CAC6DA00467BC3BD2D801797322E7724; Path=/; Domain=.amway.com Set-Cookie: TLTSID=CAC6DA00467BC3BD2D801797322E7724; Path=/; Domain=.amway.com Set-Cookie: TLTUID=CAC6DA00467BC3BD2D801797322E7724; Path=/; Domain=.amway.com; expires=Sun, 28-09-2024 08:35:50 GMT X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
https://www.amway.com/shop/access/login.aspx | 200 OK Content-Length: 30266 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=iboho866;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=iboho866;ord= <iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=iboho866;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=iboho866;ord=1? <iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=iboho866;ord=1?" width="1" height="1" frameborder="0" style="display:none"> | ||
https://www.amway.com/Shop/JS/Tealeaf/TeaLeafCfg.js | 200 OK Content-Length: 8083 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: snydshop.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 28 Sep 2014 08:35:40 GMT
Location: http://www.snydshop.com/
Server: nginx/1.0.15
Content-Length: 154
Content-Type: text/html
...154 bytes of data.
GET / HTTP/1.1
Host: snydshop.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 28 Sep 2014 08:35:40 GMT
Location: http://www.snydshop.com/
Server: nginx/1.0.15
Content-Length: 154
Content-Type: text/html
...154 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: snydshop.com
Referer: http://www.google.com/search?q=snydshop.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: snydshop.com
Referer: http://www.google.com/search?q=snydshop.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=snydshop.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://snydshop.com/
Result: snydshop.com is not infected or malware details are not published yet.
Result: snydshop.com is not infected or malware details are not published yet.