Results 1 to 17 of 17
  1. #1
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    I opened this thread this morning before logging in and three instances of a pdf tried to open on my computer. They're called 1.pdf and come from IP 76.74.239.143. See image. I logged in and couldn't repeat it. So I logged out again and reloaded the page and got the three PDFs again. What's up?

    I scanned the PDF and if appears to be clean...

    Attached Images Attached Images



    X

  2. #2
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    http://www.siteadvisor.com/sites/76.74.239.143

    Says that ip/site has some downloads of trojans

    Downloader-BKK trojan
    Generic Downloader.x trojan

  3. #3
    ABW Founder Haiko de Poel, Jr.'s Avatar
    Join Date
    January 18th, 2005
    Location
    New York
    Posts
    21,609
    I've replicated it and am on it ... give me a minute please
    Continued Success,

    Haiko
    The secret of success is constancy of purpose ~ Disraeli

  4. #4
    ABW Founder Haiko de Poel, Jr.'s Avatar
    Join Date
    January 18th, 2005
    Location
    New York
    Posts
    21,609
    In the unregistered (not logged in) banner rotator there are two ads (not hosted on ABW) 1) adsense and 2) Chitika. I've disabled both and will contact them with the information I have, to resolve this issue. If anyone has any additional information please forward it.
    Continued Success,

    Haiko
    The secret of success is constancy of purpose ~ Disraeli

  5. #5
    ABW Ambassador jodyq's Avatar
    Join Date
    August 28th, 2008
    Location
    Melbourne, Florida
    Posts
    660
    Quote Originally Posted by Ed Byerly
    IP 76.74.239.143.
    Hostname: server1.valuepromo.net
    ISP: Peer 1 Network
    Organization: ServerBeach
    Proxy: None detected
    Type: Corporate

    Geo-Location Information
    Country: United States
    State/Region: CA
    City: Los Angeles
    Latitude: 34.053
    Longitude: -118.2642
    Area Code: 213
    Wear Short Sleeves!!! Support the right to bare arms!

  6. #6
    ABW Ambassador purplebear's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,960
    I can't really add anything helpful but least I know I'm not crackin up. lol I've actually had this happen to me a couple of times in the last couple days. Didn't say anything cos thought somehow I must've been doin somethin somehow to have it happen. Didn't think a pdf could be somethin harmful.

    I don't know how to describe this stuff so will sound goofy but first time it happened, hourglass just kept up and some sorta pdf thing appeared. Ended up haveing to close down all the windows and logging back on the computer.

    Figured to be safe I ran my security stuff and it didn't say there was anything. (That's when I figured maybe I somehow clicked somethin or adobe (ooops....editing ....didn't mean adobe, meant acrobat reader) was making an update or somethin.)

    This morning same thing happened and a java icon was down in bottom of the screen that I didn't know how it got there. (don't really understand java so don't know if was coincidence, doin an update or what) I just right clicked it and closed it. Shut all the windows same as the first time and everything was ok.

    After the mess from a few weeks ago, hope no bad guys have gotten me again. Least maybe if they have, sounds like same as what you had Ed.....so maybe you'd be able to help me this time?

  7. #7
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    If you Google the IP address, you'll find some similar reports on other forums.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  8. #8
    ABW Ambassador Bob Lawrence's Avatar
    Join Date
    July 2nd, 2007
    Posts
    1,090
    Just found this new feature at this site,
    I really don't know how new this is but I like the feature.
    http: // cqcounter dot com / rbl_check
    Where's the Great Life of Affiliate Marketing Hiding?

  9. #9
    ABW Founder Haiko de Poel, Jr.'s Avatar
    Join Date
    January 18th, 2005
    Location
    New York
    Posts
    21,609
    Bob,

    What does a Real-time Blackhole List have to do with this situation? Nothing was mailed / spammed.
    Continued Success,

    Haiko
    The secret of success is constancy of purpose ~ Disraeli

  10. #10
    ABW Ambassador Bob Lawrence's Avatar
    Join Date
    July 2nd, 2007
    Posts
    1,090
    Sorry it was a new feature I found and thought I'd share that. Feel free to delete.
    Where's the Great Life of Affiliate Marketing Hiding?

  11. #11
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    Don't know if this is related but I've also been getting a cookie when opening this thread the last couple days. Don't remember the details, but seems like the cookie was called webchef1 and the URL had pro in it.



    X

  12. #12
    ...and a Pirate's heart. Convergence's Avatar
    Join Date
    June 24th, 2005
    Posts
    6,918
    Would / Should anyone consider blocking this IP? 76.74.239.143

  13. #13
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    I can't get it to do it myself, it is most likely a rogue ad. The only thing I can see that it might be is a Doubleclick ad, perhaps a Flash one with some malicious code in it?
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  14. #14
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    I believe H took the offending ads off.



    X

  15. #15
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Presumably they were going through an ad network.. any ideas which one?
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  16. #16
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    Now that's just weird. I didn't realize until just now that the IP I typed in the text of the OP was different than the ones in the image. I suspect that the IP address changed between the first time I tested and the second time. The IP address pictured in the image came up as not having been tested in Site Advisor.



    X

  17. #17
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Quote Originally Posted by Ed Byerly
    Now that's just weird. I didn't realize until just now that the IP I typed in the text of the OP was different than the ones in the image. I suspect that the IP address changed between the first time I tested and the second time. The IP address pictured in the image came up as not having been tested in Site Advisor.
    But definitely related:
    76.74.239.143 = server1.valuepromo.net
    76.74.154.110 = server2.valuepromo.net
    Oddly valuepromo.net appears to be deleted, although the domain contact details used to be:

    Registrant:
    Luca Mueller
    Feringastr. 6
    85774 Unterfoehring
    Germany
    +49 (0) 89 99216 476 (v)
    +49 (0) 89 99216 170 (f)

    Domain Name: valuepromo.net
    Created on: 2008-10-05 15:05:19
    Expires on: 2009-10-05 15:05:19

    Administrative Contact:
    Mueller, Luca luca.mueller1@gmail.com
    Feringastr. 6
    85774 Unterfoehring
    Germany
    +49 (0) 89 99216 476 (v)
    +49 (0) 89 99216 170 (f)

    Technical Contact:
    Mueller, Luca luca.mueller1@gmail.com
    Feringastr. 6
    85774 Unterfoehring
    Germany
    +49 (0) 89 99216 476 (v)
    +49 (0) 89 99216 170 (f)

    Domain servers in listed order:
    NS1.DSREDIRECTION.COM
    NS2.DSREDIRECTION.COM


    Domains hosted on those two servers = Qiweroqw.com and Owiaeruwerpoe.com both hidden by DomainsByProxy.

    Googling luca.mueller1@gmail.com comes up with some interesting results.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  18. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Replies: 0
    Last Post: October 1st, 2013, 02:04 PM
  2. PDF Printer
    By Doug247 in forum Midnight Cafe'
    Replies: 3
    Last Post: November 30th, 2010, 12:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •