New scan:

Malware Scanner report for forums.babypips.com

Malicious/Suspicious/Total urls checked
5/0/16
5 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://forums.babypips.com/content/
404 Not Found
Content-Length: 20274
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="http://fls.doubleclick.net/activityi;src=3106981;type=babyp645;cat=babyp910;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframer.AU
Sophos
Mal/Iframe-V
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

http://forums.babypips.com/forumrunner/detect.js
200 OK
Content-Length: 3837
Content-Type: application/x-javascript
clean
http://yui.yahooapis.com/combo?2.9.0/build/yuiloader-dom-event/yuiloader-dom-event.js&2.9.0/build/connection/connection-min.js
200 OK
Content-Length: 74876
Content-Type: application/javascript
clean
http://forums.babypips.com/clientscript/vbulletin-core.js?v=4111
200 OK
Content-Length: 51741
Content-Type: application/x-javascript
clean
http://ajax.googleapis.com/ajax/libs/jquery/1.8/jquery.min.js
200 OK
Content-Length: 93637
Content-Type: text/javascript
clean
http://babypips.cachefly.net/js/global.js
200 OK
Content-Length: 11856
Content-Type: application/x-javascript
clean
http://forums.babypips.com/clientscript/vbulletin_md5.js?v=4111
200 OK
Content-Length: 5464
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<<
... 4758 bytes are skipped ...
".charAt(E%10)+B;E=E/10}if(B==""){B="0"}B="#"+B;B="&"+B;B=B+";";A+=B}else{A+=D.charAt(C)}}return A}function trim(A){while(A.substring(0,1)==" "){A=A.substring(1,A.length)}while(A.substring(A.length-1,A.length)==" "){A=A.substring(0,A.length-1)}return A}function md5hash(B,A,E,C){if(navigator.userAgent.indexOf("Mozilla/")==0&&parseInt(navigator.appVersion)>=4){var D=hex_md5(str_to_ent(trim(B.value)));A.value=D;if(E){D=hex_md5(trim(B.value));E.value=D}if(!C){B.value=""}}return true};

Antivirus reports:

eSafe
Win32.Trojan

http://tags.crwdcntrl.net/c/3101/cc.js?ns=_cc3101
200 OK
Content-Length: 29729
Content-Type: application/x-javascript
clean
http://static.crowdscience.com/start.js?id=672ca1aab7
200 OK
Content-Length: 7645
Content-Type: application/javascript
clean
http://static.getclicky.com/31313.js
200 OK
Content-Length: 17530
Content-Type: text/javascript
clean
http://forums.babypips.com/
200 OK
Content-Length: 133479
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="http://fls.doubleclick.net/activityi;src=3106981;type=babyp645;cat=babyp910;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframer.AU
Sophos
Mal/Iframe-V
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

http://forums.babypips.com/clientscript/vbulletin_read_marker.js?v=4111
200 OK
Content-Length: 4461
Content-Type: application/x-javascript
clean
http://forums.babypips.com/clientscript/vbulletin-sidebar.js?v=4111
200 OK
Content-Length: 4245
Content-Type: application/x-javascript
clean
http://forums.babypips.com/search.php?do=getdaily&contenttype=vBForum_Post
HTTP/1.1 303 See Other
Cache-Control: private, max-age=0
Connection: close
Date: Tue, 13 May 2014 16:25:39 GMT
Pragma: private
Location: http://forums.babypips.com/search.php?s=cd680425f3d4a3daf0bc70bdf6f95577&searchid=3789575
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Tue, 13 May 2014 16:25:39 GMT
Set-Cookie: bb_lastvisit=1399998339; expires=Wed, 13-May-2015 16:25:39 GMT; path=/; domain=.babypips.com
Set-Cookie: bb_lastactivity=0; expires=Wed, 13-May-2015 16:25:39 GMT; path=/; domain=.babypips.com
Set-Cookie: redirect=http%3A%2F%2Fforums.babypips.com%2Fsearch.php%3Fdo%3Dgetdaily%26contenttype%3DvBForum_Post; expires=Tue, 13-May-2014 17:25:39 GMT; path=/; domain=.babypips.com
X-Powered-By: PHP/5.3.25
clean
http://forums.babypips.com/search.php?s=cd680425f3d4a3daf0bc70bdf6f95577&searchid=3789575
200 OK
Content-Length: 97255
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="http://fls.doubleclick.net/activityi;src=3106981;type=babyp645;cat=babyp910;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframer.AU
Sophos
Mal/Iframe-V
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

http://forums.babypips.com/search.php?do=getdaily&contenttype=vBForum_SocialGroupMessage
200 OK
Content-Length: 25094
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="http://fls.doubleclick.net/activityi;src=3106981;type=babyp645;cat=babyp910;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframer.AU
Sophos
Mal/Iframe-V
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: forums.babypips.com

Result:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Connection: close
Date: Tue, 13 May 2014 16:25:35 GMT
Pragma: private
Server: Apache
Vary: Accept-Encoding
Content-Length: 133479
Content-Type: text/html; charset=utf-8
Expires: Tue, 13 May 2014 16:25:35 GMT
Set-Cookie: bb_lastvisit=1399998335; expires=Wed, 13-May-2015 16:25:35 GMT; path=/; domain=.babypips.com
Set-Cookie: bb_lastactivity=0; expires=Wed, 13-May-2015 16:25:35 GMT; path=/; domain=.babypips.com
Set-Cookie: redirect=http%3A%2F%2Fforums.babypips.com%2Findex.php; expires=Tue, 13-May-2014 17:25:35 GMT; path=/; domain=.babypips.com
Set-Cookie: vbseo_loggedin=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: PHP/5.3.25

...133479 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: forums.babypips.com
Referer: http://www.google.com/search?q=forums.babypips.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=forums.babypips.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://forums.babypips.com/

Result: forums.babypips.com is not infected or malware details are not published yet.