Scanned pages/files
| Request | Server response | Status |
http://tworivermortgage.com/ | 200 OK Content-Length: 32469 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By rEd X - 3xp1r3 Cyber Army » Feed <!DOCTYPE html> <!--[if lt IE 7]> <html class="ie ie6 lte9 lte8 lte7" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="ie ie7 lte9 lte8 lte7" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="ie ie8 lte9 lte8" lang="en-US"> <![endif]--> <!--[if IE 9]> <html class="ie ie9 lte9" lang="en-US"> <![endif]--> <!--[if gt IE 9]> <html> <![en ...[37149 bytes skipped]... | ||
http://tworivermortgage.com/wploc/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://tworivermortgage.com/wploc/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://tworivermortgage.com/wploc/wp-content/themes/infocus/lib/scripts/custom.js?ver=3.2 | 200 OK Content-Length: 54406 Content-Type: application/javascript | clean |
http://tworivermortgage.com/wploc/wp-content/themes/infocus/lib/scripts/prettyphoto/js/jquery.prettyPhoto.js?ver=3.2 | 200 OK Content-Length: 24867 Content-Type: application/javascript | clean |
http://tworivermortgage.com/wploc/wp-content/themes/infocus/lib/scripts/flexslider/jquery.flexslider-min.js?ver=3.2 | 200 OK Content-Length: 16100 Content-Type: application/javascript | clean |
http://tworivermortgage.com/wploc/wp-content/plugins/ct-mortgage-calculator/assets/calc.js?ver=1.0 | 200 OK Content-Length: 523 Content-Type: application/javascript | clean |
http://tworivermortgage.com/wploc/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.3 | 200 OK Content-Length: 4289 Content-Type: application/javascript | clean |
http://tworivermortgage.com/wploc/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.10.3 | 200 OK Content-Length: 6488 Content-Type: application/javascript | clean |
http://tworivermortgage.com/wploc/wp-includes/js/jquery/ui/jquery.ui.accordion.min.js?ver=1.10.3 | 200 OK Content-Length: 8368 Content-Type: application/javascript | clean |
http://tworivermortgage.com/wploc/wp-includes/js/jquery/ui/jquery.ui.tabs.min.js?ver=1.10.3 | 200 OK Content-Length: 11591 Content-Type: application/javascript | clean |
http://tworivermortgage.com/wploc/wp-content/plugins/squelch-tabs-and-accordions-shortcodes/js/squelch-tabs-and-accordions.js?ver=0.3.1 | 200 OK Content-Length: 27072 Content-Type: application/javascript | clean |
http://tworivermortgage.com/about-us/ | 200 OK Content-Length: 29585 Content-Type: text/html | clean |
http://tworivermortgage.com/wploc/wp-includes/js/comment-reply.min.js?ver=3.8.3 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://tworivermortgage.com/contact/ | 200 OK Content-Length: 30946 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tworivermortgage.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 28 Apr 2014 01:31:27 GMT
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-7
X-Pingback: http://tworivermortgage.com/wploc/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: tworivermortgage.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 28 Apr 2014 01:31:27 GMT
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-7
X-Pingback: http://tworivermortgage.com/wploc/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: tworivermortgage.com
Referer: http://www.google.com/search?q=tworivermortgage.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tworivermortgage.com
Referer: http://www.google.com/search?q=tworivermortgage.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tworivermortgage.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tworivermortgage.com/
Result: tworivermortgage.com is not infected or malware details are not published yet.
Result: tworivermortgage.com is not infected or malware details are not published yet.