Hidden comes
VT does not flag anything. 3 suspicious pages here: http://killmalware.com/mmosite.com/#
System Details:
Running on: nginx
Cached from: HtmlGroup_UTT_81.com
Sucuri does not flag, neither does Quttera’s - same origin pages.
We have to consider 4 scripts that load:
Script loaded: -http://www.mmosite.com/global/js/config_min.js
Script loaded: -http://www.mmosite.com/js/15v1/mmo.js
Script loaded: -http://stats.g.doubleclick.net/dc.js more than like comes adblocked by ad- & scriptblockers
Script loaded: -http://www.mmosite.com/js/15v1/index_min.js
One of the suspicious pages also loads two scripts:
http://www.mmosite.com/apps/imgamer.shtml
Detected libraries:
No vulnerable libraries found
Scanner output:
Scanning -http://www.mmosite.com/apps/imgamer.shtml …
Script loaded: -http://img3.mmo.mmo4arab.com/global/js/lib/use_min.js *
Script loaded: -http://img2.mmo.mmo4arab.com/global/js/lib/jquery.js **
- See sources and sinks: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fimg3.mmo.mmo4arab.com%2Fglobal%2Fjs%2Flib%2Fuse_min.js
and ** Results from scanning URL: -http://img2.mmo.mmo4arab.com/global/js/lib/jquery.js
Number of sources found: 41
Number of sinks found: 12
Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.mmosite.com%2Fgame%2Ferror.html
landing at: Results from scanning URL: -http://r.co.igameunion.com/cm/v1.js
Number of sources found: 41
Number of sinks found: 12
And then we also meet vulnerable and retirable jQuery libraries for that uri scan:
-http://www.mmosite.com/game/error.html
Detected libraries:
jquery - 1.4.3 : (active1) -http://www.mmosite.com/game/error.html
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
1 vulnerable library detected
Document write on -http://report.help.mmosite.com/js/bug_report.js
but this is kicking up a connection error. err_name not resolved: http://toolbar.netcraft.com/site_report?url=http://report.help.mmosite.com
Kaspersky detects malicious rollback activities for imgamer.
This website is insecure.
12% of the trackers on this site could be protecting you from NSA snooping. Tell mmosite.com to fix it.
At least 21 third parties know you are on this webpage.
-Google
-accounts.mmosite.com
-local.adguard.com
-www.mmosite.com
-img5.mmo.mmo4arab.com
-img3.mmo.mmo4arab.com
-img9.mmo.mmo4arab.com
-img8.mmo.mmo4arab.com
i-mg1.mmo.mmo4arab.com
-img4.mmo.mmo4arab.com
-img2.mmo.mmo4arab.com
-download.pandaapp.com
-img6.mmo.mmo4arab.com
-images.cyberimg.com
-Google
-s.co.igameunion.com
-img7.mmo.mmo4arab.com
-forum.mmosite.com -forum.mmosite.com
-gamelist.mmosite.com
-my.mmosite.com
-www.mustbebuilt.co.uk
polonus (volunteer website security analyst and website error-hunter)