Scanned pages/files
Request | Server response | Status |
http://www.archportal.com.ua/ | 200 OK Content-Length: 41457 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: !--Hacked by -- <!--Hacked by -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-ru" lang="ru-ru" > <head> <meta name='yandex-verification' content='618b1dbcb516482e' /> <base href="http://www.archportal.com.ua/" /> <meta ...[49607 bytes skipped]... | ||
http://www.archportal.com.ua/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 31994 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function JCommentsEvents(){}
function JCommentsInput(){} function JCommentsIndicator(){this.init();} function JCommentsForm(id,editor){this.init(id,editor);} function JCommentsEditor(textarea,resizable){this.init(textarea,resizable);} function JComments(oi,og,r){this.init(oi,og,r);} JCommentsEvents.prototype = { add: function(o,e,f){if(o.addEventListener){o.addEventListener(e,f,false);return true;}else if(o.attachEvent){var r=o.attachEvent("on"+e,f);retu Antivirus reports:
| ||
http://www.archportal.com.ua/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 8793 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!window.jtajax) { function jtAJAX() { this.options = {url: '',type: 'post',nocache: true,data: ''}; this.$ = function(id) {if(!id){return null;}var o=document.getElementById(id);if(!o&&document.all){o=document.all[id];}return o;}; this.extend = function(o, e){for(var k in (e||{}))o[k]=e[k];return o;}; this.encode = function(t){return encodeURIComponent(t);}; this.setup = function(options) {this.options = this.extend(this.options, options);}; this Antivirus reports:
| ||
http://www.archportal.com.ua/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://www.archportal.com.ua/includes/js/overlib_mini.js | 200 OK Content-Length: 41645 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var olLoaded=0,pmStart=10000000,pmUpper=10001000,pmCount=pmStart+1,pmt='',pms=new Array(),olInfo=new Info('4.21',1),FREPLACE=0,FBEFORE=1,FAFTER=2,FALTERNATE=3,FCHAIN=4,olHideForm=0,olHautoFlag=0,olVautoFlag=0,hookPts=new Array(),postParse=new Array(),cmdLine=new Array(),runTime=new Array(); registerCommands('donothing,inarray,caparray,sticky,background,noclose,caption,left,right,center,offsetx,offsety,fgcolor,bgcolor,textcolor,capcolor,closecolor,width,border,cellpad,status,autostatus,autost Antivirus reports:
| ||
http://www.archportal.com.ua/components/com_joomgallery/assets/js/joomscript.js | 200 OK Content-Length: 20005 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function joom_getcoordinates(){ document.nameshieldform.xvalue.value=document.getElementById("u1").offsetTop; document.nameshieldform.yvalue.value=document.getElementById("u1").offsetLeft; document.nameshieldform.submit(); } function joom_validatecomment(){ if (document.commentform.cmttext.value==''){ alert(joomgallery_enter_comment); } else if(jg_use_code==1) { if (document.commentform.jgcode != null && document.commentform.jg_code Antivirus reports:
| ||
http://archportal.com.ua/plugins/system/pc_includes/ajax_1.3.js | 200 OK Content-Length: 13854 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Jax() {var loadingTimeout=400;var iframe;this.loadingFunction=function(){};this.doneLoadingFunction=function(){};this.stringify=function(arg){var c,i,l,o,u,v;switch(typeof arg){case'object':if(arg){if(arg.constructor==Array){o='';for(i=0;i<arg.length;++i){v=this.stringify(arg[i]);if(o&&(v!==u)){o+=',';} if(v!==u){o+=v;}} return'['+o+']';}else if(typeof arg.toString!='undefined'){o='';for(i in arg){v=this.stringify(arg[i]);if(v!==u){if(o){o+=',';} o+= Antivirus reports:
| ||
http://counter.rambler.ru/top100.jcn?1963234 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://www.archportal.com.ua/home/aboutportal | 404 Not Found Content-Length: 333 Content-Type: text/html | clean |
http://www.archportal.com.ua/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.archportal.com.ua/contacts/ÐвÑоÑÑ-ÑайÑа/ | 404 Not Found Content-Length: 350 Content-Type: text/html | clean |
http://www.archportal.com.ua/home/for-reclame | 404 Not Found Content-Length: 333 Content-Type: text/html | clean |
http://www.archportal.com.ua/events/ | 404 Not Found Content-Length: 324 Content-Type: text/html | clean |
http://www.archportal.com.ua/events/architectural-contests/ | 404 Not Found Content-Length: 347 Content-Type: text/html | clean |
http://www.archportal.com.ua/events/q-950600q | 404 Not Found Content-Length: 333 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: archportal.com.ua
Result:
GET / HTTP/1.1
Host: archportal.com.ua
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: archportal.com.ua
Referer: http://www.google.com/search?q=archportal.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: archportal.com.ua
Referer: http://www.google.com/search?q=archportal.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=archportal.com.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://archportal.com.ua/
Result: archportal.com.ua is not infected or malware details are not published yet.
Result: archportal.com.ua is not infected or malware details are not published yet.