Malware Scanner report for snydshop.com

Malicious/Suspicious/Total urls checked: 2/0/24

2 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/4/4

4 suspicious iframes found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://snydshop.com/	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:40 GMT Location: http://www.snydshop.com/ Server: nginx/1.0.15 Content-Length: 154 Content-Type: text/html	clean
http://www.snydshop.com/	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:40 GMT Location: http://www.amway.com/BrianMeredithSnyder Server: nginx/1.0.15 Content-Length: 154 Content-Type: text/html	clean
http://www.amway.com/brianmeredithsnyder	200 OK Content-Length: 77253 Content-Type: text/html	clean
http://www.amway.com/Shop/JS/Tealeaf/TeaLeafCfg.js	200 OK Content-Length: 8083 Content-Type: application/x-javascript	clean
http://snydshop.com/Shop/JS/Tealeaf/TeaLeaf.js	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:42 GMT Location: http://www.snydshop.com/Shop/JS/Tealeaf/TeaLeaf.js Server: nginx/1.0.15 Content-Length: 154 Content-Type: text/html	clean
http://www.snydshop.com/shop/js/tealeaf/tealeaf.js	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:43 GMT Location: http://www.amway.com/shop/js/tealeaf/tealeaf.js/BrianMeredithSnyder Server: nginx/1.0.15 Content-Length: 154 Content-Type: text/html	clean
http://www.amway.com/shop/js/tealeaf/tealeaf.js/brianmeredithsnyder	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:43 GMT Location: http://www.amway.com/shop/error/404.aspx Server: Microsoft-IIS/7.5 Content-Length: 163 Content-Type: text/html; charset=UTF-8 P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA" Set-Cookie: TLTHID=CDCC46F947AC27A1690F15AE04594095; Path=/; Domain=.amway.com Set-Cookie: TLTSID=CDCC46F947AC27A1690F15AE04594095; Path=/; Domain=.amway.com Set-Cookie: TLTUID=CDCC46F947AC27A1690F15AE04594095; Path=/; Domain=.amway.com; expires=Sun, 28-09-2024 08:35:43 GMT X-Powered-By: ASP.NET	clean
http://www.amway.com/shop/error/404.aspx	404 Not Found Content-Length: 16883 Content-Type: text/html	clean
http://www.amway.com/	200 OK Content-Length: 76155 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=homep778;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=homep778;ord=1? <iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=homep778;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=homep778;ord= <iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=homep778;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">
http://www.amway.com/Shop/JS/Tealeaf/TeaLeaf.js	200 OK Content-Length: 78679 Content-Type: application/x-javascript	clean
http://www.amway.com/Shop/JS/Bundled/Head-min.js?build=GW.04.11.00.03-2014.09.25.1308	200 OK Content-Length: 300480 Content-Type: application/x-javascript	clean
http://www.amway.com/WebResource.axd?d=_FpaXhr8UavY0awA0-NNjRCRQflBge2vvcFOPTW4gGgshLSr9IKoCBwboRga--1ZQ9BSHeUvv6Jhgdp-pvR5RAMUadY1&t=635471325868888835	200 OK Content-Length: 21823 Content-Type: application/x-javascript	clean
http://www.amway.com/ScriptResource.axd?d=_iy_cqWBPdHlZwMoqQH31KMPMZ9zP7ccfH-GhfjltI_2sl1dFT3pO05XuonBt8ZMky15rp69ZIWP1gFrJmd57hQxLVO6VxP_kpZeAQjYtIZqJ2UqVxOX5zbeuZN8CDD8YKulnGu7cSuAWDMPKAHb_P5xJjsfbAL7VpPP8B3szlKXcBBkKzLag-QGoXCyaq1j95AYL4itbzvMw4A3dngnodPcysm5R91TPjHUu_owG2-VysQstwD6OisFRQUVIRT-O5hgzOJDSaY8FRIhXF7Gn09Lbm29zQe0mOIkLWZB2r6UnhnJRIDwyFODwWOxOzZTTGKt09_ehI2s6PJnJpNhYBh08qVE_nBqdvVxfj <span>...374 symbols skipped</span>	200 OK Content-Length: 300873 Content-Type: application/x-javascript	clean
http://www.amway.com/Ajax/prototype-core.ashx	200 OK Content-Length: 19069 Content-Type: application/x-javascript	clean
http://www.amway.com/Ajax/converter.ashx	200 OK Content-Length: 4553 Content-Type: application/x-javascript	clean
http://www.amway.com/ajax/type.ashx?t=Amway.Core.Web.UI.Common.AmwayPopupControl,Amway.Core.Web.UI.Impl!Amway.Core.Web.UI.Analytics.AnalyticsControl,Amway.Core.Web.UI.Impl!Amway.Core.Web.UI.Search.SearchControl,Amway.Core.Web.UI.Impl!Amway.Core.Web.UI.Navigation.CountryControl,Amway.Core.Web.UI.Impl!Amway.Core.Web.UI.Cart.CartNavigationControl,Amway.Core.Web.UI.Impl!Amway.Core.Web.UI.Cart.CartAddI <span>...106 symbols skipped</span>	200 OK Content-Length: 5042 Content-Type: application/x-javascript	clean
http://www.amway.com/WebResource.axd?d=oWmTMK4owS4NHajRwcO4AdrCGSc9UPmNY-0ftERPzfYAKxynrLkXny6E2xLQZjRbs8bySpC9Upo884bqUznRS6QiT7pUuzv3nJQ1dHOONv5B9egXjkBHEgcahnLh_36FhyHfVtSCwxiiJeAs6xJDaoxJ7cMPmNd5GjvdCSzy3AU6nNGr0&t=635472484855523098	200 OK Content-Length: 29242 Content-Type: text/javascript	clean
http://www.amway.com/Shop/JS/Bundled/Main-min.js?build=GW.04.11.00.03-2014.09.25.1308	200 OK Content-Length: 292325 Content-Type: application/x-javascript	clean
http://www.amway.com/en	HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 28 Sep 2014 08:35:49 GMT Location: http://www.amway.com/ Server: Microsoft-IIS/7.5 Content-Length: 144 Content-Type: text/html; charset=UTF-8 P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA" Set-Cookie: TLTHID=DD38ADF94E788499C4C554B4198EE95F; Path=/; Domain=.amway.com Set-Cookie: TLTSID=DD38ADF94E788499C4C554B4198EE95F; Path=/; Domain=.amway.com Set-Cookie: TLTUID=DD38ADF94E788499C4C554B4198EE95F; Path=/; Domain=.amway.com; expires=Sun, 28-09-2024 08:35:49 GMT X-Powered-By: ASP.NET	clean
http://www.amway.com/test404page.js	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 08:35:49 GMT Location: http://www.amway.com/shop/error/404.aspx Server: Microsoft-IIS/7.5 Content-Length: 163 Content-Type: text/html; charset=UTF-8 P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA" Set-Cookie: TLTHID=5998519E48AD4413BC483DA453EEB636; Path=/; Domain=.amway.com Set-Cookie: TLTSID=5998519E48AD4413BC483DA453EEB636; Path=/; Domain=.amway.com Set-Cookie: TLTUID=5998519E48AD4413BC483DA453EEB636; Path=/; Domain=.amway.com; expires=Sun, 28-09-2024 08:35:49 GMT X-Powered-By: ASP.NET	clean
http://www.amway.com/Shop/Access/Login.aspx?ReturnURL=http://www.amway.com/	HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Connection: close Date: Sun, 28 Sep 2014 08:35:50 GMT Pragma: no-cache Location: https://www.amway.com/Shop/Access/Login.aspx?ReturnURL=http://www.amway.com/ Server: Microsoft-IIS/7.5 Content-Length: 265 Expires: -1 P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA" Set-Cookie: x_Amway=USQS1114 - GW.04.11.00.03-2014.09.25.1308; path=/ Set-Cookie: __AmwayTmp=cid=0&cnty=US&lng=EN&bn=Visitor&orgclass=Visitor&put=Applicant1&crncy=USD&vcartid=37944010-73d0-46cd-bef8-51ddf0877cb9; domain=.amway.com; path=/ Set-Cookie: TLTHID=BEF4578A4008CDC45AEF0BAE068F7AAE; Path=/; Domain=.amway.com Set-Cookie: TLTSID=BEF4578A4008CDC45AEF0BAE068F7AAE; Path=/; Domain=.amway.com Set-Cookie: TLTUID=BEF4578A4008CDC45AEF0BAE068F7AAE; Path=/; Domain=.amway.com; expires=Sun, 28-09-2024 08:35:49 GMT X-Powered-By: ASP.NET	clean
https://www.amway.com/shop/access/login.aspx?returnurl=http://www.amway.com/	HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Connection: close Date: Sun, 28 Sep 2014 08:35:50 GMT Pragma: no-cache Location: /Shop/Access/Login.aspx Server: Microsoft-IIS/7.5 Content-Length: 72 Content-Type: text/html; charset=utf-8 Expires: -1 P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA" Set-Cookie: x_Amway=USQS1102 - GW.04.11.00.03-2014.09.25.1308; path=/ Set-Cookie: ASP.NET_SessionId=hz0hejendln1pcfgbv0yvbsk; path=/; HttpOnly Set-Cookie: __AmwayTmp=cid=0&cnty=US&lng=EN&bn=Visitor&orgclass=Visitor&put=Applicant1&crncy=USD&vcartid=cd125b93-686b-4f68-9bc6-f0cebb91f267; domain=.amway.com; path=/ Set-Cookie: TLTHID=CAC6DA00467BC3BD2D801797322E7724; Path=/; Domain=.amway.com Set-Cookie: TLTSID=CAC6DA00467BC3BD2D801797322E7724; Path=/; Domain=.amway.com Set-Cookie: TLTUID=CAC6DA00467BC3BD2D801797322E7724; Path=/; Domain=.amway.com; expires=Sun, 28-09-2024 08:35:50 GMT X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET	clean
https://www.amway.com/shop/access/login.aspx	200 OK Content-Length: 30266 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=iboho866;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=iboho866;ord= <iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=iboho866;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=iboho866;ord=1? <iframe src="http://1793284.fls.doubleclick.net/activityi;src=1793284;type=amway064;cat=iboho866;ord=1?" width="1" height="1" frameborder="0" style="display:none">
https://www.amway.com/Shop/JS/Tealeaf/TeaLeafCfg.js	200 OK Content-Length: 8083 Content-Type: application/x-javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: snydshop.com

Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 28 Sep 2014 08:35:40 GMT
Location: http://www.snydshop.com/
Server: nginx/1.0.15
Content-Length: 154
Content-Type: text/html

...154 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: snydshop.com
Referer: http://www.google.com/search?q=snydshop.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=snydshop.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://snydshop.com/

Result: snydshop.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for snydshop.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools