Spam Alert
Full Report:  /Botnet_Geocities_redirect_spam191531.html
Changed status to confirmed spam.Obfuscated script decodes to <script language="JavaScript">window.top.location.href = 'http://chicktrade.com';</script>ACTION FOR YAHOO GEOCITIES
Using the obfuscation code as a "fingerprint" remove all Geocities pages containing the same style of obfuscated Java Script redirection. This can be as simple as a page fetch followed by a Unix grep "pattern" where pattern looks for the the genralized redirection. Here is a sample search pattern for your technical consideration:
grep "var [a-z]*='[a-z]*';var [a-z]*=0;var [a-z]*, [a-z]*, [a-z]*='[0-9A-F]*';[a-z]*='';var [a-z]*;for( [a-z]*=0;"
Each time there is a pattern matching this search criterion, you can safely remove the offending site.
REDIRECTION TARGET - chicktrade.com CRIMINAL EVIDENCE
Criminal Evidence
See the Spam Wiki entry at http://www.spamtrackers.eu/wiki/index.php?title=Canadian_Pharmacy
or from China: http://www.spamtrackers.hk/wiki/index.php?title=Canadian_Pharmacy
See the McAfee Site Advisor information at http://siteadvisor.com/sites/chicktrade.com
> XIN NET TECHNOLOGY / SINO-I.COM
REGISTRATION OF THE WEB SITE: chicktrade.com
ACTION: To suspend this criminal site which breaks your terms of service, set the domain status to clientHold
> XIN NET TECHNOLOGY / SINO-I.COM
REGISTRATION OF THE NAME SERVERS
These name servers are registered by criminals to resolve only illegal web sites. This breaks your terms of service. You can safely suspend them:
NS0.OKAREYOU123.COM NS0.RENTHANKS7895.COM NS0.WE-CARECEDD.COM NS0.WMZEGO245ER.COM
ACTION: To suspend these name servers successfully, follow these steps.
1. set the ns Address records to a non-routable address, such as 127.0.0.1 or 61.61.61.61.
2. Set the domain status to clientUpdateProhibited, clientTransferProhibited, clientDeleteProhibited, and clientHold
These instructions are available in Chinese at http://wiki.castlecops.com/Suspending_an_EPP_name_server_domain_Chinese
BOTNET
chicktrade.com runs on an illegally hijacked bptnet, 14 IPs at a time, with a round-robin refresh rate of 2 minutes
chicktrade.com has address 87.70.3.177
chicktrade.com has address 89.0.42.25
chicktrade.com has address 89.0.47.10
chicktrade.com has address 89.0.171.115
chicktrade.com has address 89.109.47.98
chicktrade.com has address 91.97.77.231
chicktrade.com has address 122.100.139.174
chicktrade.com has address 218.255.249.238
chicktrade.com has address 59.149.226.10
chicktrade.com has address 77.127.25.32
chicktrade.com has address 79.180.134.126
chicktrade.com has address 79.182.101.87
chicktrade.com has address 82.166.189.219
chicktrade.com has address 84.110.201.153
| Quote: | | http://geocities.com/edusngbfnu |
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
