[SIRT#195917] Geocities redirect - coatyes.com/justliketoday

 CastleCops -> SIRT Reports
Author: tembow PostPosted: Fri Jul 04, 2008 4:47 am    Post subject: [SIRT#195917] Geocities redirect - coatyes.com/justliketoday
Spam Alert
 
 Full Report: CastleCops Link/Geocities_redirect_spam195917.html
 
 Changed status to confirmed spam.Yahoo Geocities redirections abuse, containing obfuscated Jave Script at http://geocities.com/ynpauhquzw :
var xxhixzy='sogfvrbdehrwnvonqnpdi';var iquxtwi=0;var ulfhyl, odgqs, wnnzp='4F1C04141F02164409091C101B17080B4C4C3A051F123C04141F0216465B1F1B190A1918400501004A051C0C06121F1D0C4A0D1A1711 4E4B4F49191A0414535C40040917061B0116461118035154525E1D131600031B59';odgqs='';var lfxlsx;for( ulfhyl=0;ulfhyl < wnnzp.length;ulfhyl+=2){lfxlsx = unescape( '%' + wnnzp.substr( ulfhyl,2));odgqs += String.fromCharCode( lfxlsx.charCodeAt(0) ^ xxhixzy.charCodeAt(iquxtwi++) );if ( iquxtwi >= xxhixzy.length ) iquxtwi = 0;}document.write(odgqs);

This decodes to:
<script language="JavaScript">window.top.location.href = 'http://coatyes.com';</script>

ACTION YAHOO!
Scan every Geocities site for the trademark obfuscated redirection script format, and delete them all. Repeat regularly.



REDIRECTION TARGET : coatyes.com

Criminal Evidence
See the Spam Wiki entry at http://www.spamtrackers.eu/wiki/index.php?title=Canadian_Pharmacy
or from China: http://www.spamtrackers.hk/wiki/index.php?title=Canadian_Pharmacy
See the McAfee Site Advisor information at http://siteadvisor.com/sites/coatyes.com

> Registrar: HICHINA WEB SOLUTIONS (HONG KONG) LIMITED
REGISTRATION OF THE WEB SITE: coatyes.com
ACTION: To suspend this criminal site which breaks your terms of service, set the domain status to clientHold

> BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
REGISTRATION OF THE NAME SERVERS
These name servers are registered by criminals to resolve only illegal web sites. This breaks your terms of service. You can safely suspend them:
NS1.JUSTLIKETODAY.COM NS2.JUSTLIKETODAY.COM NS3.JUSTLIKETODAY.COM NS4.JUSTLIKETODAY.COM
> ISTANBUL-TELEKOM noc@istanbultelecom.net
IP ADDRESS OF HOST: coatyes.com has address 79.135.167.69
The IP address of this criminal site is within your allocated address space.
ACTION: Black-hole the route to this address to prevent further criminal activity
Quote:
http://geocities.com/ynpauhquzw
CastleCops -> SIRT Reports

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group