Malware scanner report for -pttrs.net
SE visitors redirects
Visitors from search engines are redirected
to: htxp://www.caribsoft-online.biz/templates/rhuk_solarflare_ii/images/index.php
1282 sites infected with redirects to this URL
Missed: https://www.virustotal.com/en/url/55ad3a14196158cb27a267f8ce2374bebea0e958a5a18c538187497986076747/analysis/#additional-info
Website blacklisted because unsafe: http://yandex.com/infected?l10n=en&url=pttrs.net

CMS issues: Web application version:
Joomla Version 1.6 or 1.7 for: htxp://pttrs.net/media/system/js/caption.js
Joomla Version 1.6.x for: htxp://pttrs.net/language/en-GB/en-GB.ini
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5
Outdated Web Server Apache Found: Apache/2.2.23

No response here: http://urlquery.net/report.php?id=1426605926098

text/javascript" src=“//tinyurl dot com/qf34onn” → source = https://www.mywot.com/en/scorecard/go.onclasrv.com?utm_source=addon&utm_content=popup
Blocked by HTTP Switchboard extension for me.

Code detected also by Avast https://www.virustotal.com/en/file/b6cd01715d78888114906365662ecdb531b60f2b70a852923f43d9629c311af2/analysis/1390140636/ detected = JS:Agent-CPV [Trj]

polonus

Update -> similar malware found here: http://urlquery.net/report.php?id=1430839792095
and http://searchdns.netcraft.com/?host=*.onclasrv.com (blocked for me by uMatrix extension).
Consider: https://www.virustotal.com/nl/domain/go.onclasrv.com/information/
and https://www.mywot.com/en/scorecard/go.onclasrv.com?utm_source=addon&utm_content=popup
On hoster: https://www.mywot.com/en/scorecard/webzilla.com?utm_source=addon&utm_content=popup
On malcode detected: http://www.pandasecurity.com/homeusers/security-info/65837/remove/Agent.KP

polonus