Domain > gembeauty.net

More information on this domain is in AlienVault OTX

Property	Value
Email	neilsferg@gmail.com
NameServer	NS2.GEMBEAUTY.NET
Created	2014-01-15 00:00:00
Changed	2016-01-08 00:00:00
Expires	2018-01-15 00:00:00
Registrar	123-REG LIMITED

DNS Resolutions

Date	IP Address
2026-02-17	198.185.159.144 (ClassC)
2026-03-06	198.49.23.145 (ClassC)

Port 80

HTTP/1.1 403 ForbiddenConnection: closeServer: SquarespaceX-Contextid: oyE5gSnX/OWA8B199X-Sqsp-Edge: trueDate: Tue, 17 Feb 2026 04:06:47 GMTContent-Length: 1434Content-Type: text/html; charsetutf-8

!DOCTYPE html>head>  title>403 Forbidden/title>  meta nameviewport contentwidthdevice-width, initial-scale1>  style typetext/css>  body {    background: white;  }  main {    position: absolute;    top: 50%;    left: 50%;    transform: translate(-50%, -50%);    text-align: center;    min-width: 95vw;  }  main h1 {    font-weight: 400;    font-size: 4.6em;    color: #191919;    margin: 0 0 11px 0;  }  main p {    font-size: 1.4em;    color: #3a3a3a;    font-weight: 400;    line-height: 2em;    margin: 0;  }  main p a {    color: #3a3a3a;    text-decoration: none;    border-bottom: solid 1px #3a3a3a;  }  body {    font-family: Helvetica Neue, Helvetica, Arial, sans-serif;    font-size: 12px;  }  footer {    position: absolute;    bottom: 22px;    left: 0;    width: 100%;    text-align: center;    line-height: 2em;  }  footer span {    margin: 0 11px;    font-size: 1em;    font-weight: 400;    color: #a9a9a9;    white-space: nowrap;  }  footer span strong {    font-weight: 400;    color: #191919;  }  @media (max-width: 600px) {    body {      font-family: Helvetica Neue, Helvetica, Arial, Sans-Serif;    }  }  /style>/head>body>  main>    h1>403 Forbidden/h1>      /main>  footer>    span>strong>oyE5gSnX/OWA8B199 @ Tue, 17 Feb 2026 04:06:47 UTC/strong>/span>    span>/span>  /footer>/body>/html>

Port 443

HTTP/1.1 403 ForbiddenConnection: closeServer: SquarespaceX-Contextid: mx0ULfsY/jN7YIG7aX-Sqsp-Edge: trueDate: Tue, 17 Feb 2026 04:06:47 GMTContent-Length: 1434Content-Type: text/html; charsetutf-8

!DOCTYPE html>head>  title>403 Forbidden/title>  meta nameviewport contentwidthdevice-width, initial-scale1>  style typetext/css>  body {    background: white;  }  main {    position: absolute;    top: 50%;    left: 50%;    transform: translate(-50%, -50%);    text-align: center;    min-width: 95vw;  }  main h1 {    font-weight: 400;    font-size: 4.6em;    color: #191919;    margin: 0 0 11px 0;  }  main p {    font-size: 1.4em;    color: #3a3a3a;    font-weight: 400;    line-height: 2em;    margin: 0;  }  main p a {    color: #3a3a3a;    text-decoration: none;    border-bottom: solid 1px #3a3a3a;  }  body {    font-family: Helvetica Neue, Helvetica, Arial, sans-serif;    font-size: 12px;  }  footer {    position: absolute;    bottom: 22px;    left: 0;    width: 100%;    text-align: center;    line-height: 2em;  }  footer span {    margin: 0 11px;    font-size: 1em;    font-weight: 400;    color: #a9a9a9;    white-space: nowrap;  }  footer span strong {    font-weight: 400;    color: #191919;  }  @media (max-width: 600px) {    body {      font-family: Helvetica Neue, Helvetica, Arial, Sans-Serif;    }  }  /style>/head>body>  main>    h1>403 Forbidden/h1>      /main>  footer>    span>strong>mx0ULfsY/jN7YIG7a @ Tue, 17 Feb 2026 04:06:47 UTC/strong>/span>    span>/span>  /footer>/body>/html>

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

MD5	A/V
7ef4d2d9b987eb73a9a0ccd8bc62ec77	[O97M.Dropper.JP] [W97M/Downloader.amr] [W97M/Downloader.amr] [HEUR.VBA.Trojan]
f06fe9086194e5952973009a65899338	[HW32.Packed.97AA]
f78b3293a828421db9c8d66579dd5379
c3e5aeb73a9381893a0aedd5a20121cf	[Ransom.Crowti.A4] [Ransom-CWall.a] [Trojan.Injector] [Trojan.Win32.Cryptodef.dwqdnf] [Trojan.Cryptodefense] [Trojan.Cryptodef!] [BackDoor.Andromeda.614] [BehavesLike.Win32.Injector.fh] [Mal/Wonton-BB] [TR/Crypt.Xpack.252397] [Trojan[Ransom]/Win32.Cryptodef] [VirTool:Win32/CeeInject.GM] [Trojan.Symmi.DDE0B] [Trojan/Win32.MDA] [Malware-Cryptor.Limpopo] [Trojan.Win32.Crypt] [W32/Cryptodef.YIV!tr] [Crypt_r.OS]
f8a47e2f47de9f50ac8f926b63d0f523

Domain > gembeauty.net

Is this malicious?

Files that talk to gembeauty.net

Whois

DNS Resolutions

Port 80

Port 443