Malware Scanner report for it.xhamster3.com

Malicious/Suspicious/Total urls checked: 5/0/16

5 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://it.xhamster3.com/	200 OK Content-Length: 12715 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800'); if ( win ) { win.blur(); puShown = true; ... 1177 bytes are skipped ...ventListener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://www.porncome.mobi'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Agnitum JS.Pornpop.Gen
http://it.xhamster3.com/jquery.js	200 OK Content-Length: 134911 Content-Type: application/x-javascript	clean
http://it.xhamster3.com/js/jquery-1.5.2.min.js	200 OK Content-Length: 85925 Content-Type: application/x-javascript	clean
http://it.xhamster3.com/js/preview.js	200 OK Content-Length: 478 Content-Type: application/x-javascript	clean
http://it.xhamster3.com/jquery.cookie.js	200 OK Content-Length: 832 Content-Type: application/x-javascript	clean
http://it.xhamster3.com/popup.js	200 OK Content-Length: 1216 Content-Type: application/x-javascript	clean
http://adspaces.ero-advertising.com/adspace/178394.js	200 OK Content-Length: 767 Content-Type: application/javascript	clean
http://adspaces.ero-advertising.com/adspace/178396.js	200 OK Content-Length: 1826 Content-Type: application/javascript	clean
http://adspaces.ero-advertising.com/adspace/178395.js	200 OK Content-Length: 1829 Content-Type: application/javascript	clean
http://www.statcounter.com/counter/counter.js	200 OK Content-Length: 9028 Content-Type: application/x-javascript	clean
http://it.xhamster3.com/rss.xml	200 OK Content-Length: 429 Content-Type: text/xml	clean
http://it.xhamster3.com/test404page.js	HTTP/1.1 302 Found Cache-Control: public, max-age=86400 Connection: close Date: Wed, 09 Apr 2014 04:13:43 GMT Location: http://it.xhamster3.com/404.php Server: cloudflare-nginx Content-Type: text/html; charset=iso-8859-1 Expires: Thu, 10 Apr 2014 04:13:43 GMT CF-Cache-Status: MISS CF-RAY: 1183dfa6dd210325-MIA Set-Cookie: __cfduid=dd8606943984e1a79ca1cf2b3c63fb1271397016822856; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.xhamster3.com; HttpOnly	clean
http://it.xhamster3.com/404.php	200 OK Content-Length: 10827 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800'); if ( win ) { win.blur(); puShown = true; ... 1177 bytes are skipped ...ventListener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://www.porncome.mobi'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Agnitum JS.Pornpop.Gen
http://it.xhamster3.com/contact form.php	200 OK Content-Length: 13841 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800'); if ( win ) { win.blur(); puShown = true; ... 1177 bytes are skipped ...ventListener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://www.porncome.mobi'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Agnitum JS.Pornpop.Gen
http://it.xhamster3.com/casuali-videos.html	200 OK Content-Length: 10771 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800'); if ( win ) { win.blur(); puShown = true; ... 1177 bytes are skipped ...ventListener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://www.porncome.mobi'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Agnitum JS.Pornpop.Gen
http://it.xhamster3.com/top-videos.html	200 OK Content-Length: 10792 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800'); if ( win ) { win.blur(); puShown = true; ... 1177 bytes are skipped ...ventListener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://www.porncome.mobi'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Agnitum JS.Pornpop.Gen

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: it.xhamster3.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 09 Apr 2014 04:13:36 GMT
Server: cloudflare-nginx
Vary: Accept-Encoding
Content-Type: text/html
CF-RAY: 1183df79b8d20325-MIA
Set-Cookie: __cfduid=dbb363e07bcd68025b02d71133dee5b471397016815638; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.xhamster3.com; HttpOnly
X-Cache: HIT from Backend
X-Powered-By: PHP/5.3.25

Second query (visit from search engine):
GET / HTTP/1.1
Host: it.xhamster3.com
Referer: http://www.google.com/search?q=it.xhamster3.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=it.xhamster3.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://it.xhamster3.com/

Result: it.xhamster3.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for it.xhamster3.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools