Author Topic: Suspicious ads on this cartoon streaming website? (Read 2696 times)

REDACTED · « **on:** November 12, 2015, 09:22:13 PM »

Hello! I've used website "watchcartoononline.com" for a long time now and I'm aware that the site has it's problems with ads and popups, but I've always used Adblock and Noscript when visiting the site, but just today there were new ad banners that were not blocked by Adblock or Noscript. Banners themselfs seemed to be advertising some MMO online games, preview links shows ads to be hosted by "-www.mmo123.co". I cannot find anything that would prefer to that domain in neither Noscript or any online website scanners I've tried. Only Sucuri shows outdated server software.

https://sitecheck.sucuri.net/results/watchcartoononline.com

I looked up some names of advertised MMO's and they seem to be legit.

polonus · « **Reply #1 on:** November 12, 2015, 11:59:45 PM »

Hi Pernaman,

Vulnerable library code that should be retired asap: htxp://watchcartoononline.com
Detected libraries:
jquery - 1.3.1 : -http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.1 : -http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
1 vulnerable library detected

Script blockers would like to block this: -http://b.scorecardresearch.com/beacon.js?c1=8&c2=18203330&c3=1

Dedicated website badness report: https://www.virustotal.com/nl/ip-address/205.204.66.149/information/

Nothing in particular detected here: http://urlquery.net/report.php?id=1447369033705

WordPress CMS security issue detected: Warning User Enumeration is possible.It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

One could use the Nmap NSE enumeration scripts (use your own Nmap installation or try option 2 below) to discover additional user ID's.

Link to -engine.4dsply.com is flagged by WOT and AOS as insecure.

polonus

REDACTED · « **Reply #2 on:** November 13, 2015, 12:03:31 AM »

Quote from: polonus on November 12, 2015, 11:59:45 PM

Script blockers would like to block this: -http://b.scorecardresearch.com/beacon.js?c1=8&c2=18203330&c3=1

I hope that wasn't any kind malicious link accidentally left clickable $:-\$

polonus · « **Reply #3 on:** November 13, 2015, 12:10:31 AM »

Adblockers would block it and I broke the link now also as DrWeb's link checker would block it also.

No malware an sich, look here: https://www.virustotal.com/nl/file/c7da23dded25ba538127c8ba380a29e10c014dc69450cd7ee8fdef8259499217/analysis/1421494526/

polonus

Author Topic: Suspicious ads on this cartoon streaming website? (Read 2696 times)

REDACTED

Suspicious ads on this cartoon streaming website?

polonus

Re: Suspicious ads on this cartoon streaming website?

REDACTED

Re: Suspicious ads on this cartoon streaming website?

polonus

Re: Suspicious ads on this cartoon streaming website?