1

Suspicious conditional redirect. Details: http://sucuri.net/malware/entry/MW:HTA:7
Redirects users to:-http://www.couchtarts.com/media.php
index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to -http://www.couchtarts.com/media.php.
Pharmacy spam: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fdirttraxx.com%2Ftemplates%2Fredmoon%2Fscript.js
Landing at: Results from scanning URL: -http://www.peking-pharmacy.com/js/pptBox.js
Number of sources found: 4
Number of sinks found: 6

Joomla Version
1.5
Found in META Generator Tag Outdated. See: -http://www.domxssscanner.com/scan?
url=http%3A%2F%2Fwww.couchtarts.com

polonus

2

In the redirect we find…

http://www.dnsinspect.com/couchtarts.com/1447798530
http://www.nabber.org/projects/dnscheck/?domain=couchtarts.com

You were correct about cross scripting…
http://push2check.net/couchtarts.com (click on css for further results…not good)

IP has issues http://multirbl.valli.org/lookup/192.64.74.178.html

Privacy concerns http://toolbar.netcraft.com/site_report/?url=couchtarts.com

3

And a many thanks goes to Para-Noid here.
This may conclude our mutual volunteer website security report. :wink:
Thanks, Graig, for the assist and scanning through on that redirect.
See: https://www.virustotal.com/nl/url/e4061b9ee608ed336a8952b8792710ab57de5dbabe3c18cc0c06f7629aa8d419/analysis/
landing at -http://network.yardbarker.com/network/ybn_pixel/9823
And this San Francisco website sponsored and raised by venture capital
also has some jQuery libraries that better could come retired code asap as it is vulnerable:
-http://network.yardbarker.com
Detected libraries:
prototypejs - 1.7_rc2 : -http://www.yardbarker.com/javascripts/prototype.js?stamp=1447797628
Info: Severity: high
http://www.cvedetails.com/cve/CVE-2008-7220/
jquery - 1.8.3 : -http://www.yardbarker.com/javascripts/jquery.js?stamp=1447797628
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery-ui-dialog - 1.11.4 : -http://www.yardbarker.com/javascripts/jquery-ui.js?stamp=1447797628
jquery-ui-autocomplete - 1.11.4 : http://www.yardbarker.com/javascripts/jquery-ui.js?stamp=1447797628
jquery-ui-tooltip - 1.11.4 : -http://www.yardbarker.com/javascripts/jquery-ui.js?stamp=1447797628
2 vulnerable libraries detected

So yes, good you analyzed and IT staff has another job for the day, I guess.

Damian (volunteer website security analyst and website error-hunter)