Scanned pages/files
Request | Server response | Status |
http://tommys-bookmarks.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Feb 2015 14:54:15 GMT Location: http://www.tommys-bookmarks.com/ Server: Apache Vary: Accept-Encoding Content-Length: 240 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.tommys-bookmarks.com/ | 200 OK Content-Length: 10485 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=820,widt { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e || window.event; var win = doOpen('http://live-cams-1.livejasmin.com/landing/?tid=101&psid=drotis&pstour=t1&psprogram=PPS&pstool=15_42'); setCookie('popundr', 1, 24*60*60*1000); } } initPu(); Antivirus reports:
| ||
http://www.tommys-bookmarks.com/main.shtml | 200 OK Content-Length: 300464 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=820,widt { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e || window.event; var win = doOpen('http://live-cams-1.livejasmin.com/landing/?tid=101&psid=drotis&pstour=t1&psprogram=PPS&pstool=15_42'); setCookie('popundr', 1, 24*60*60*1000); } } initPu(); Antivirus reports:
| ||
http://www.tommys-bookmarks.com/tube/js/jquery.js | 200 OK Content-Length: 120676 Content-Type: application/javascript | clean |
http://www.tommys-bookmarks.com/tube/js/thumbs.js | 200 OK Content-Length: 1254 Content-Type: application/javascript | clean |
http://www.tommys-bookmarks.com/tube/ | 200 OK Content-Length: 39616 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=820,widt { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e || window.event; var win = doOpen('http://live-cams-1.livejasmin.com/landing/?tid=101&psid=drotis&pstour=t1&psprogram=PPS&pstool=15_42'); setCookie('popundr', 1, 24*60*60*1000); } } initPu(); Antivirus reports:
| ||
http://www.tommys-bookmarks.com/tube/videos/newest/ | 200 OK Content-Length: 35296 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=820,widt { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e || window.event; var win = doOpen('http://live-cams-1.livejasmin.com/landing/?tid=101&psid=drotis&pstour=t1&psprogram=PPS&pstool=15_42'); setCookie('popundr', 1, 24*60*60*1000); } } initPu(); Antivirus reports:
| ||
http://www.tommys-bookmarks.com/tube/categories/ | 200 OK Content-Length: 19699 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=800,width=1050'); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e || window.event; var win = doOpen('http://creatives.livejasmin.com/pu/cp/?tid=kontx_w2_girl_teen&site=jsm&cobrand_site_id=jsm&psid=drotis&pstour=t1&psprogram=PPS&pstool=160_48&'); setCookie('popundr', 1, 24*60*60*1000); } } initPu(); Antivirus reports:
| ||
http://www.tommys-bookmarks.com/tube/js/flowplayer-3.1.4.min.js | 200 OK Content-Length: 15960 Content-Type: application/javascript | clean |
http://www.tommys-bookmarks.com/tube/user/register/ | 200 OK Content-Length: 22144 Content-Type: text/html | clean |
http://www.tommys-bookmarks.com/tube/user/login/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.tommys-bookmarks.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Wed, 04 Feb 2015 14:54:27 GMT Location: http://www.tommys-bookmarks.com/main.shtml Server: Apache Vary: Accept-Encoding Content-Length: 226 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.tommys-bookmarks.com/tube/policy/terms/ | 200 OK Content-Length: 5665 Content-Type: text/html | clean |
http://www.tommys-bookmarks.com/tube/policy/privacy/ | 200 OK Content-Length: 4146 Content-Type: text/html | clean |
http://www.tommys-bookmarks.com/tube/category/amateurs/ | 200 OK Content-Length: 45803 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=800,width=1050'); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e || window.event; var win = doOpen('http://creatives.livejasmin.com/pu/cp/?tid=kontx_w2_girl_teen&site=jsm&cobrand_site_id=jsm&psid=drotis&pstour=t1&psprogram=PPS&pstool=160_48&'); setCookie('popundr', 1, 24*60*60*1000); } } initPu(); Antivirus reports:
| ||
http://www.tommys-bookmarks.com/tube/video/26466/babes-never-pay-for-drugs | 200 OK Content-Length: 32990 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=820,widt { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e || window.event; var win = doOpen('http://live-cams-1.livejasmin.com/landing/?tid=101&psid=drotis&pstour=t1&psprogram=PPS&pstool=15_42'); setCookie('popundr', 1, 24*60*60*1000); } } initPu(); Antivirus reports:
| ||
http://www.tommys-bookmarks.com/tube/player1/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tommys-bookmarks.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 04 Feb 2015 14:54:15 GMT
Location: http://www.tommys-bookmarks.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
...240 bytes of data.
GET / HTTP/1.1
Host: tommys-bookmarks.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 04 Feb 2015 14:54:15 GMT
Location: http://www.tommys-bookmarks.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
...240 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tommys-bookmarks.com
Referer: http://www.google.com/search?q=tommys-bookmarks.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tommys-bookmarks.com
Referer: http://www.google.com/search?q=tommys-bookmarks.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tommys-bookmarks.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tommys-bookmarks.com/
Result: tommys-bookmarks.com is not infected or malware details are not published yet.
Result: tommys-bookmarks.com is not infected or malware details are not published yet.