1. Rapidgator has been added to our approved mandatory hosts while Uploaded as been removed. These hosts are not to be used in combination with each other unless a second approved mandatory is used. See our file host rules for more information.
    Dismiss Notice
  2. Guest - Remember that Thread Prefixes are a search tool! Click on a Thread Prefix and all threads with the same Prefix in that forum will be offered to you. To dismiss click on X >>>
    Dismiss Notice
  3. Our gif only content threads have a rule where all thumbs must be posted as a static thumbnail that does not play. Currently imagebam made a change where they no longer produce static thumbs. Therefore, please do not use imagebam, or any host, that provides live playing gifs in those specific threads. If you see your gif playing once you post, try to use a smaller thumbnail and if that does not work use a different approved host.
    Dismiss Notice
  4. Can't Log-in?. If your password is no longer accepted but the email address registered in your profile is working, use the "Forgot Your Password?" routine. However, if your registered email address is unusable, create a new temporary phun account and contact S-type.
    Dismiss Notice
  5. ATTN: Imagehost picpie is infected with the "internet security warning" redirect that tries to take users hostage with an inescapable redirect. Avoid using picpie as an imagehost.
    Dismiss Notice
  6. Too many Alerts? Why not adjust your "Alert Preferences" in your Profile Page?
    Dismiss Notice

Strange Extra tab?

Discussion in 'About phun.org' started by Big Bamboo!, May 11, 2014.

  1. Big Bamboo!

    Big Bamboo! ... Staff Member ★ ★ ★ ★ ☆ 15 Year Member Phun HERO

    Joined:
    Sep 15, 2008
    Messages:
    31,179
    Likes Received:
    72,284
    When I open phun in my browser a extra tab opens at the same time.

    http://yzus09by.com/d/a/698.php

    Is the Address and McAfee covers it with a warning page ...

    [​IMG]

    I done a search of the Addy it comes back on Virus total IP 190.93.246.152


    IP Information for : 190.93.246.152
    Updated : 2014-04-29
    IP-based Geolocation : Costa Rica | San Jose | San José
    IP-based Coordinate : latitude : 9.93 | longitude : -84.08


    Carrying all sorts of stuff....

    AVG PSW.Generic9.AFMZ 20140511
    Ad-Aware Trojan.Generic.KDV.385267 20140511
    AntiVir TR/Agent.24064.143 20140510
    Avast Win32:Malware-gen 20140511
    Baidu-International Trojan.Win32.Malintent.gen 20140510
    BitDefender Trojan.Generic.KDV.385267 20140511
    Commtouch W32/Trojan.VTPJ-2676 20140511
    Comodo UnclassifiedMalware 20140511
    Emsisoft Trojan.Generic.KDV.385267 (B) 20140511
    F-Secure Trojan.Generic.KDV.385267 20140511
    GData Trojan.Generic.KDV.385267 20140511
    Ikarus Trojan-Spy.Win32.Malintent 20140511
    Kingsoft Win32.Troj.Generic.(kcloud) 20140511
    Malwarebytes Backdoor.MSIL 20140511
    McAfee Artemis!1C2CD2F3E862 20140511
    McAfee-GW-Edition Artemis!1C2CD2F3E862 20140510
    MicroWorld-eScan Trojan.Generic.KDV.385267 20140511
    Microsoft TrojanSpy:Win32/Malintent 20140511
    Norman Suspicious_Gen2.RSLUA 20140511
    Rising PE:Trojan.Win32.Generic.129D85AB!312313259 20140507
    Sophos Mal/Generic-S 20140511
    Symantec WS.Reputation.1 20140511
    TrendMicro TROJ_GEN.R02LC0DG413 20140511
    TrendMicro-HouseCall TROJ_GEN.R02LC0DG413 20140511
    VIPRE Trojan.Win32.Generic!BT 20140511
    nProtect Trojan.Generic.KDV.385267

    https://www.virustotal.com/en/ip-address/190.93.246.152/information/

    https://www.virustotal.com/en/file/...85162eeb81c2907c5e4eaf692e5689716be/analysis/
     
    1 person likes this.
  2. S-type

    S-type Cogito, ergo sum Staff Member ★ ★ ★ ★ ★ 15 Year Member

    Joined:
    Jun 2, 2007
    Messages:
    44,257
    Likes Received:
    135,901
    You're not being ignored, BB, but this looks like Green Bastard territory, and he's not around at the moment!

    PS I just realise I recognise the http://yzus09by.com/d/a/698.php address as something that my NoScript has been blocking for some time?
    It's probably something to do with one of cayne's adverts, but GB will have to explain why it's suddenly appeared as an extra tab for you!
     
    1 person likes this.
  3. cayne

    cayne Guest

    That sucks indeed. Never seen it, or got something like that. I'll forward it immediately to the ad company...
    But you didn't click on anything, the 2nd window just appeared like a pop-under?
     
    2 people like this.
  4. Big Bamboo!

    Big Bamboo! ... Staff Member ★ ★ ★ ★ ☆ 15 Year Member Phun HERO

    Joined:
    Sep 15, 2008
    Messages:
    31,179
    Likes Received:
    72,284
    The First couple of times it was in a different window under the phun window however the reason I reported it was the last time it opened a tab in my browser (Latest ver Firefox) :tup:
     
  5. Green Bastard

    Green Bastard feels good man

    Joined:
    May 12, 2012
    Messages:
    2,884
    Likes Received:
    4,730
    I was going to wait and talk to cayne about the ad situation before chiming in, but it looks I missed him and was signing in as he was leaving. So, here are a couple thoughts for now.

    Keep in mind that the Virustotal results you posted are for the IP address (190.93.246.152) and not the specific url (http://yzus09by.com/d/a/698.php). This is somewhat significant because, as far as I can see, that IP hosts a few domains that likely serve ads from all kinds of different advertisers to more sites than just Phun. It doesn't mean that any of the detections in those results were ever served to Phun.

    All that specific url (http://yzus09by.com/d/a/698.php) does is hit the ad network's server so they can count it and then redirect you to that Live Jasmin site. That's always been there as far as I'm aware. As for why it opened in a tab rather than a pop-under window like usual, I'm not sure.
     
    1 person likes this.
  6. Big Bamboo!

    Big Bamboo! ... Staff Member ★ ★ ★ ★ ☆ 15 Year Member Phun HERO

    Joined:
    Sep 15, 2008
    Messages:
    31,179
    Likes Received:
    72,284
    OK! Thanks GB...
     

Share This Page