Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Virustotal shows hits on this mediawiki site
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Virustotal shows hits on this mediawiki site (Read 1984 times)
0 Members and 1 Guest are viewing this topic.
REDACTED
Guest
Virustotal shows hits on this mediawiki site
«
on:
March 04, 2016, 03:52:11 AM »
Wiki for anime & manga series called detectiweconanworld.com is seemingly flagged as malicious site by Yandex Safebrowsing.
https://www.virustotal.com/en-gb/url/65ad53db50a220f7b8833214d455bcf2f49e9cb02fcd5100b9d13f99432bcf37/analysis/
https://www.virustotal.com/en-gb/ip-address/198.100.147.64/information/
Shows clean here:
https://sitecheck.sucuri.net/results/www.detectiveconanworld.com/wiki/
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34049
malware fighter
Re: Virustotal shows hits on this mediawiki site
«
Reply #1 on:
March 04, 2016, 06:59:26 PM »
Hi Pernaman,
Outdated: Web application version:
MediaWiki version: MediaWiki 1.20.2
Mediawiki leaking MediaWiki version: MediaWiki 1.20.2"
For vulnerability see:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.detectiveconanworld.com%2Fwiki%2Findex.php%3Ftitle%3DMain_Page%26amp%3Boldid%3D112024%22%3Ehttp%3A%2F%2Fwww.detectiveconanworld.com%2Fwiki%2Findex.php%3Ftitle%3DMain_Page%26amp%3Boldid%3D112024%3C%2Fa
and here:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.detectiveconanworld.com%2Fwiki%2Fload.php%3Fdebug%3Dfalse%26lang%3Den%26modules%3Djquery%252Cmediawiki%26only%3Dscripts%26skin%3Ddcw%26version%3D20130128T211941Z
(also where it lands), which is also jQuery retirable code: -http://www.detectiveconanworld.com/wiki/
Detected libraries:
jquery - 1.8.2 : (active1) -http://www.detectiveconanworld.com/wiki/load.php?debug=false&lang=en&modules=jquery%2Cmediawiki&only=scripts&skin=dcw&version=20130128T211941Z
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
1 vulnerable library detected
->
http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fescolaeuropeia.com%2F
No SRI issues:
https://sritest.io/#report/33634b94-1028-45d0-9489-884b799ebe7c
The original Yandex detection is 870 days old (Hoster: ip-198-100-147.net) and seems cleansed now"
http://killmalware.com/www.detectiveconanworld.com/wiki/index.php?title=Main_Page&oldid=112024%3C/a%3E#
This however could be considered to be attack code, but it does not resolve now:
https://oscarotero.com/embed/demo/index.php?url=http%3A%2F%2Fwww.detectiveconanworld.com%2Fjs%2Fbackground.js+%2Fwiki%2Findex.php%3Ftitle%3DMediaWiki%3AGadget-ReferenceTooltips.js%26amp%3Baction%3Draw%26amp%3Bctype%3Dtext%2Fjavascript%26amp%3B92321&options%5BminImageWidth%5D=0&options%5BminImageHeight%5D=0&options%5BfacebookAccessToken%5D=&options%5BembedlyKey%5D=&options%5BsoundcloudClientId%5D=YOUR_CLIENT_ID&options%5BoembedParameters%5D=
It becomes flagged by Malware Script Detector version 2.
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Virustotal shows hits on this mediawiki site
