Your counter2.pl redirects to triplexporn.org/err.html which has the frame breaker code you asked about.
This err.html redirects to erotiqsex.com/cgi-bin/td/tfr.pl?act=out&acc=topyo which earlier had the popup to nichetgp, but now amazingly is 404

As far as how it relates to you. Well these were sites that you force traffic to, so anyone that trades with you is essentially getting their traffic infected with the sites where you force traffic.

You are right, everyone has a choice with who they trade with, and honest webmasters don't like to trade with sites that get their potential customers infected with shitware.

did you have any idea what will be if img src html file?

as i see no.

Makes no difference to me.
The point is your site forces traffic to places on the web that infect users with trojans/malware/zango and whatever else.

yes. very clever. sure. i forcing traffic using img scr of html site.
go faster register pattent for this new technology.
you will be reach in seconds.

Sorry, you can try to deflect this all you want, but your trade script specifically is what I am referring to. The err page just tied you to more shit sites.
Your site forces traffic to these sites--
xtoplist.com/topteen/toplist.php3?Action=In&Login=porevo -- a zango spot
and
top-amateur.com/?28363 a site that is explained above

1. ultrahoster = russian
2. ultrahoster.com = a domain used in tons of guestbook (and other) spam campaigns.
3. ultrahoster.com is on several spyware lists (including the coolwebsearch (=spyware) domain lists)

so - how this related to me if i just purashed domains using this company?
and this was been more then 2 years ago. what wrong with this?

This thread keeps getting better by the day.

I like this thread

Great thread thanks for the info
If you are using xclicks.net here's all you have to do:cut-copy-paste this into the banned page in your script:
83.69.20.130, 81.169.224.98, 83.188.23.87, 70.84.80.50, 88.85.81.195, 72.55.148.87, 85.255.127, 85.255.121, 85.255.120, 85.255.119, 85.255.118, 85.255.117, 85.255.116, 85.255.115, 85.255.114, 85.255.113, 85.255.112, 69.50.191, 69.50.190, 69.50.189, 69.50.188, 69.50.187, 69.50.186, 69.50.185, 69.50.175, 69.50.169, 69.50.170, 69.50.168, 209.51.132.202, 209.8.19.242, 72.232.215.77, 72.232.215.74, 72.232.194.58, 216.255.178, 72.232.215.76, 216.255.178.60, 67.15.187.2, 216.240.149, 216.255.178, 70.84.80, 66.29.35.37, 74.52.6.43, lookmycunt.com,
mpeggalls.com, youngperfection.net, sexymovs.com, trygirls.com, pinkypussies.com, good-teens.com, teensinlaw.com, smokyvids.com, angelsvids.com, mixteenies.com, teensseduction.com, chickswar.com, pushpussy.com, hardsaloon.com, pinkyteenies.com, sappypussy.com, dullworld.com, perkyteenies.com, onlinesexmovie.net, pjunkie.net, brothervids.com, extrablow.com, fuckingcraft.org, 100freegalls.com, tgpporn.net, startfreevideo.com, sexgall.net, hotdailynudes.com, mashathumbs.com, shyteenies.com, yourthumbnails.com, xxxdesert.com, asianscity.com, girlsrussian.net, pornstarocean.com, lovelyteenvids.com, porn-cinema.net, need4pornvids.com, 216.255.189.123, 70.84.80.50, 216.255.189, 216.240.149.117, 66.29.35, 74.52.6, 216.255.189, 216.255.176.124, 74.52.6.43,
216.255.176, 216.255.178.52, 91.192.117.46, 69.50.160, 69.50.161, 69.50.162, 69.50.163, 69.50.167, 69.50.166, 69.50.165, 69.50.164, 69.50.171, 69.50.172, 69.50.173, 69.50.174, 69.50.176, 69.50.177, 69.50.178, 69.50.179, 69.50.180, 69.50.181, 69.50.182, 69.50.183, 69.50.184, 85.255.122, 85.255.123, 85.255.124, 85.255.125, 85.255.126, 88.151.106.252, 81.169.235.6, 81.169.234.219, 69.166.67.221, 91.192.117.46, 72.232.65.178, 64.151.36.201, 86.57.128.201, 91.124.155.94

hey bro.. would you like a Fuck Spyware T shirt?

http://justak.com/fspyware

Haha nice!

Fuck Spyware.

Back to what the original post in this thread was about.
If you haven't installed this stuff, you should find a way to research it further.
This affects anyone that buys traffic via PPC engines, gets natural traffic from the SE's, or even has just a little bit of traffic.

Say for instance that a surfer with this malware searches for "thehun.net" into google. The first result is of course thehun.net, but clicking on it won't get you there.
After several clicks that surfer might actually get to TheHun, but clicks from there are just redirected as well. This scenario seems to ring true for most sites and all keywords. Users are redirected to either their(zlob) sponsor, or redirected through a PPC engine to another destination.

If you use any of the smaller ppc engines, search123, goclick, searchfeed etc., you might have noticed a huge drop in your campaign returns since this scumware(moviebox,zlob) came out, especially for more generic terms.

There is a lot more to it, if you have a spare computer, check it out. You might be surprised :(

Anyone else watch the videos or download this MOVIEBOX 'codec'?
http://img89.imageshack.us/img89/653...ivexvidbt6.jpg

May 4th. This is why sales are down to the point that they are the past 3-4 days

Sponsors need to open their eyes and look at the big picture. Look at your sales the past 3-4 days, compare your join page VS 1st bill page. You will see that your join page traffic has not changed, however your biller page traffic went to shit.

Bump for an interesting thread which is posing a real issue to this industry. This needs to be stopped, and learning about it's workings is the first step. :thumbsup

This thread would deserve a STICKY !

Simple.

GEOIP check the user's country on ALL of your sites. If the user/webmaster is from Russia... Send them to an auto-install badware page that monetizes off of their legacy of scamming and unscrupulous methods of doing business.

100.....,..

Notice your sales on May 2, 3, 4, 5th? Now watch what happens as of 6th.

If we all dont unite and do something the sky WILL fall

spyware doctor = best anti spyware program.

Nope, once infected with the stuff in this thread there is not much they can do except reinstall.

The best solution (besides taking these fuckheads down..thats in the works btw) is to make the surfers awear.

Bump.../

i lost about 80% of my sales mostly from payed spots from GTS :(

lol what? You bought GTS traffic and then suddenly your sales took a nosedive?

very good thread

I've been buying gallery spots from them for a long time not that i bought it now for the first time then the sales went down :) I am saying that sales are down 80% from those spots compared to a few weeks ago.

today bump

The truly big issue here is that the program owners aren't feeling any pain because sales continue for them, just different affiliates are getting credited for the sales. Something will happen when the spyware guys start massively redirecting traffic away from program join pages and onto other program's join pages. Then suddenly the "Bros club" will wake up and smell the shit they are standing in.

Until then, it sucks to be an affiliate.

this sounds like that we're experiencing on our paysite, have you heard about other owners who are having these direct issues? :Oh crap

Don't ask where I know this from but...

These guys are stealing ALOT OF FUCKING sales (more than you can imagine) and for some unknown reason their script do not, in many cases at least, change the refering URL when they replace your affiliate ID with their affiliate ID when your surfer clicks his way to the sponsor..

So... these guys accounts has alot of sales with your domains (your galleries) as the refering URL..

So... the program owners who looks at their data on a regular basis is fully aware of this problem .. and knows it's HUGE

I'm not sure how many surfers who's infected with this CODEC trojan, but I think it's MANY .. the way it's installed is genious... "You need this codec to watch this movie" .. I almost clicked the fucking download the first time I saw it... and I'm just average stupid ;)

I'm afraid we're talking 1000s of stolen sales a day..

99% of programs are seeing this. Rather than face the facts and attack the issue at hand they are busy changing billers, hosting and tweaking tours.

They/we will all get how serious this is soon.....I hope

i would like to talk with you, can i have your icq/email?

Since most programs depend on affiliates and don't have loads of inhouse traffic, they'll be fucked...as soon as really big affiliates look for other programs because ratios go shit.

It's only a matter of time and owners still have the choice if they'll be losers or winners in this ugly game.

Yes, but it takes time - most people aren't going to go back and pull up long embedded links, they aren't going to kill off older galleries... so there is plenty of traffic that just doesn't go away. The program owners will feel it though if they lose major listings because they don't convert.

What's your email? I will hit you up asap

Bump, For the program owners to read

This is only the tip of things but it is a good example of how traffic is being diverted from many places.

The following comes from 1 click on an infected machine. Everything in the quote all took place in about a second.
Notice that after clicking an ad on the Google results, it takes the user through the Google ad to the intended advertiser. It is then redirected so fast that most people won't even realize they even went to the intended site.

So, the advertisers on Google(and the other engines) are getting hit by a PPC charge, for traffic that really doesn't even make it to their site, but for a millisecond.

The traffic that is redirected is sent to various smaller PPC engines, through multiple redirects. The user finally lands at a, non-affiliated, top paying advertiser for these various PPC engines and the terms used. In this case the term was 'tomato seeds'.

this is happening for all keywords and all niches, mainstream and adult.


In this redirect it appears they are using abcsearch.com.
They use spoofed referrers such as indaxis.info/search.php?q=term-used and many other similarly styled refs.