Update:
http://killmalware.com/tttravelbrasil.com/#SE visitors redirects
Visitors from search engines are redirected
to: htxp://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php
wXw.cibonline.org is reported by Google as suspicious
4241 sites infected with redirects to this URL
See VT result:
https://www.virustotal.com/nl/url/d28da482c8ea2bfbd01d63b4120089a7e21aec6d8b37646a25bf7583823d6fab/analysis/Web application version:
Joomla Version 1.5.18 to 1.5.26 for: htxp://tttravelbrasil.com/language/en-GB/en-GB.ini
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5
Joomla Version
1.5
Found in META Generator Tag
Joomla Modules, Components and Plugins
The following modules were detected from the HTML source of the Joomla front page.
mod_roknewspager
mod_jflanguageselection
mod_yoo_login
css
The following components were detected from the HTML source of the Joomla front page.
com_jnews
com_joomfish
The following plugins were detected from the HTML source of the Joomla front page.
mtupgrade
rokbox
Adding Modules, Components and Plugins to a Joomla site expands your attack surface. These addons are a source of many security vulnerabilities, it is important to always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes. Using the Joomscan scanner you are able to test more aggressively for plugins and modules installed within a Joomla installation. (source open source vuln. scan )
Linked Javascript
/plugins/system/mtupgrade/mootools.js
/media/system/js/caption.js
/plugins/system/rokbox/rokbox-mt1.2.js
/plugins/system/rokbox/themes/light/rokbox-config.js
/modules/mod_roknewspager/tmpl/js/roknewspager-mt1.2.js
/templates/hot_wellness/js/jquery.min.js
/templates/hot_wellness/js/jquery-ui-1.8.5.custom.min.js
/templates/hot_wellness/js/jquery.hjt.megamenu.js
/templates/hot_wellness/js/reflection.js
/templates/hot_wellness/js/fontresize.js
polonus (volunteer website security analyst and website error-hunter)
P.S. Added a tracker tracker report - do not open links inside a browser, results for security research purposes only.
D