Malware Scanner report for tommys-bookmarks.com

Malicious/Suspicious/Total urls checked: 7/0/17

7 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/22

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://tommys-bookmarks.com/	HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Feb 2015 14:54:15 GMT Location: http://www.tommys-bookmarks.com/ Server: Apache Vary: Accept-Encoding Content-Length: 240 Content-Type: text/html; charset=iso-8859-1	clean
http://www.tommys-bookmarks.com/	200 OK Content-Length: 10485 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=820,widt ... 1648 bytes are skipped ...ener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://live-cams-1.livejasmin.com/landing/?tid=101&psid=drotis&pstour=t1&psprogram=PPS&pstool=15_42'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Avast JS:PornPop-D [PUP]
http://www.tommys-bookmarks.com/main.shtml	200 OK Content-Length: 300464 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=820,widt ... 1648 bytes are skipped ...ener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://live-cams-1.livejasmin.com/landing/?tid=101&psid=drotis&pstour=t1&psprogram=PPS&pstool=15_42'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Avast JS:PornPop-D [PUP]
http://www.tommys-bookmarks.com/tube/js/jquery.js	200 OK Content-Length: 120676 Content-Type: application/javascript	clean
http://www.tommys-bookmarks.com/tube/js/thumbs.js	200 OK Content-Length: 1254 Content-Type: application/javascript	clean
http://www.tommys-bookmarks.com/tube/	200 OK Content-Length: 39616 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=820,widt ... 1648 bytes are skipped ...ener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://live-cams-1.livejasmin.com/landing/?tid=101&psid=drotis&pstour=t1&psprogram=PPS&pstool=15_42'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Avast JS:PornPop-D [PUP]
http://www.tommys-bookmarks.com/tube/videos/newest/	200 OK Content-Length: 35296 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=820,widt ... 1648 bytes are skipped ...ener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://live-cams-1.livejasmin.com/landing/?tid=101&psid=drotis&pstour=t1&psprogram=PPS&pstool=15_42'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Avast JS:PornPop-D [PUP]
http://www.tommys-bookmarks.com/tube/categories/	200 OK Content-Length: 19699 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=800,width=1050');... 1894 bytes are skipped ...( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://creatives.livejasmin.com/pu/cp/?tid=kontx_w2_girl_teen&site=jsm&cobrand_site_id=jsm&psid=drotis&pstour=t1&psprogram=PPS&pstool=160_48&'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Avast JS:PornPop-D [PUP]
http://www.tommys-bookmarks.com/tube/js/flowplayer-3.1.4.min.js	200 OK Content-Length: 15960 Content-Type: application/javascript	clean
http://www.tommys-bookmarks.com/tube/user/register/	200 OK Content-Length: 22144 Content-Type: text/html	clean
http://www.tommys-bookmarks.com/tube/user/login/	500 timeout Content-Length: 30 Content-Type: text/plain	clean
http://www.tommys-bookmarks.com/test404page.js	HTTP/1.1 302 Found Connection: close Date: Wed, 04 Feb 2015 14:54:27 GMT Location: http://www.tommys-bookmarks.com/main.shtml Server: Apache Vary: Accept-Encoding Content-Length: 226 Content-Type: text/html; charset=iso-8859-1	clean
http://www.tommys-bookmarks.com/tube/policy/terms/	200 OK Content-Length: 5665 Content-Type: text/html	clean
http://www.tommys-bookmarks.com/tube/policy/privacy/	200 OK Content-Length: 4146 Content-Type: text/html	clean
http://www.tommys-bookmarks.com/tube/category/amateurs/	200 OK Content-Length: 45803 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=800,width=1050');... 1894 bytes are skipped ...( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://creatives.livejasmin.com/pu/cp/?tid=kontx_w2_girl_teen&site=jsm&cobrand_site_id=jsm&psid=drotis&pstour=t1&psprogram=PPS&pstool=160_48&'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Avast JS:PornPop-D [PUP]
http://www.tommys-bookmarks.com/tube/video/26466/babes-never-pay-for-drugs	200 OK Content-Length: 32990 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } var wFeatures = "toolbar=0,statusbar=1,resizable=1,scrollbars=0,menubar=0,location=1,directories=0"; if(navigator.userAgent.indexOf('Chrome') != -1){ wFeatures = "scrollbar=yes"; } pu_window= window.open('about:blank','wmPu',wFeatures + ',height=820,widt ... 1648 bytes are skipped ...ener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e \|\| window.event; var win = doOpen('http://live-cams-1.livejasmin.com/landing/?tid=101&psid=drotis&pstour=t1&psprogram=PPS&pstool=15_42'); setCookie('popundr', 1, 246060*1000); } } initPu(); Antivirus reports: Avast JS:PornPop-D [PUP]
http://www.tommys-bookmarks.com/tube/player1/swfobject.js	200 OK Content-Length: 6880 Content-Type: application/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: tommys-bookmarks.com

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 04 Feb 2015 14:54:15 GMT
Location: http://www.tommys-bookmarks.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1

...240 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: tommys-bookmarks.com
Referer: http://www.google.com/search?q=tommys-bookmarks.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=tommys-bookmarks.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://tommys-bookmarks.com/

Result: tommys-bookmarks.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for tommys-bookmarks.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools