cleanmx_generic detection: https://www.virustotal.com/en/url/b2ce348309259500fb8fa4e60978d36c01b387216a013783c44d7ef6a9c9ff33/analysis/1453131622/
100/100 % malicious: http://zulu.zscaler.com/submission/show/c04f975028ba00c39d51d8faca1d7d06-1453131982 Blacklisted in multiple real-time domain blocklists…-> https://mxtoolbox.com/domain/congtyxenang.com/
Vulnerable jQuery library: -http://congtyxenang.com
Detected libraries:
jquery - 1.4.4 : -http://congtyxenang.com/modules/mod_lv_enhanced_image_slider/js/js_compress.php
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
1 vulnerable library detected
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcongtyxenang.com
And plug-in issue: http://www.domxssscanner.com/scan?url=http%3A%2F%2Flive.vnpgroup.net%2Fjs%2Fweb_client_box.php%3Fhash%3D47a072834f4e09b8d37e4e2cdef6dd95%26data%3DeyJoYXNoIjoiMWU3MGE5ZDU0MTk5NzZhNjc2NDU5NGNkYWU0NTMwZGMiLCJzc29faWQiOjMxMDQyNjl9%26pname%3DXe%2520N%25C3%25A2ng%2520TBK%2520-%2520Xe%2520Nang%2C%2520B%25C3%25A1n%2520Xe%2520N%25C3%25A2ng%2520Ch%25C3%25ADnh%2520H%25C3%25A3ng
No flags: https://urlquery.net/report.php?id=1453130903685
IP badness history: https://www.virustotal.com/en/ip-address/112.78.2.77/information/
Sucuri: Anomaly behavior detected (possible malware). Details: http://sucuri.net/malware/malware-entry-mwanomalysp8
CMS Security Issue: Web application details:
Application: Joomla! 1.5 - Open Source Content Management - http://www.joomla.org
Web application version:
Joomla Version 1.5.18 - 1.5.26 for: -http://congtyxenang.com/media/system/js/caption.js
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 3.4.5
Joomla Version
1.5
Found in META Generator Tag
Server: nginx
X-Powered-By: PHP/5.3.29
IP Address: 112.78.2.77
Provider: Cong ty Co phan Dich vu du lieu Truc tuyen
Country: VN
Joomla Modules, Components and Plugins
The following modules were detected from the HTML source of the Joomla front page.
mod_lv_enhanced_image_slider
mod_jflanguageselection
mod_sanpham1
mod_nhuacn
mod_vvisit_counter
mod_banhxecn
mod_productview
mod_imgscrawler
mod_sanpham
mod_hxdmoomenu
mod_menu
The following components were detected from the HTML source of the Joomla front page.
products
com_joomfish
Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/modules/ enabled
/components/ enabled
Directory indexing was tested on the /modules/ and /components/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full Joomla installation either through the web server configuration or .htaccess.
Information Linked Javascript
/media/system/js/mootools.js
/media/system/js/caption.js
/modules/mod_imgscrawler/tmpl/crawler.js
/media/system/js/modal.js
/modules/mod_lv_enhanced_image_slider/js/js_compress.php
Injection Check: Suspicious Text after HTML
Included Scripts:
Suspect - please check list for unknown includes
/modules/mod_lv_enhanced_image_slider/js/js_compress.php
-http://uhchat.net/code.php?f=ba798c * - also as external links check…*
see: https://oscarotero.com/embed/demo/index.php?url=http%3A%2F%2Fuhchat.net%2Fcode.php%3Ff%3Dba798c&options[minImageWidth]=0&options[minImageHeight]=0&options[facebookAccessToken]=&options[embedlyKey]=&options[soundcloudClientId]=YOUR_CLIENT_ID&options[oembedParameters]=
polonus (volunteer website security analyst and website error-hunter)