Hi scanning folks,
The scan site is still offline and only available via: htxp://91.213.203.142/
but cannot be used as the avast! Web Shield alerts on [quote}/…report.php?id=7014494|(gzip) as infested with HTML:Ifame-ZZ[Trj]
[/quote]
What apparently happened there?
Someone tried to log on with superuser rights and exploited /usr/bin/lft: Option ‘-T’ is not implemented in this wrapper
/usr/bin/lft: Option ‘-E’ is not implemented in this wrapper.
This to obtain DEBUG output created by Wget 1.12 on linux-gnu there.
Just because of the excessive response info from that server for:
System Details:
Running on: Apache/2.2.22
System info: (Ubuntu)
Powered by: PHP/5.4.6-1ubuntu1.1I
Furthermore…
It was discovered that PHP did not properly handle certificates with NULL
characters in the Subject Alternative Name field. An attacker could exploit
this to perform a man in the middle attack to view sensitive information or
alter encrypted communications.
References CVE-2013-4248
The website status now:
The Quttera scanner flags
/report.php?id=5918947
Severity: Suspicious
Reason: Detected encoded JavaScript code commonly used to hide suspicious behaviour.
Details: Malicious obfuscated JavaScript threat (failure: nonnumeric por)
Offset: 19350
Threat dump: see: http://jsunpack.jeek.org/?report=888941bf0e286929cd84b071151c2073a4b03c6c (view thesejsunpack results)
File size[byte]: 147666
File type: ASCII
MD5: CC073E10DD540A66A3A61EC487C81937
Scan duration[sec]: 0.487000 my remark in italics, pol
While reported as dead here: http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=91.213.203.%
[i]On quite another line:
I grossly miss the urlquery dot net scanner,
because it presents IDS alert results from Suricata’s and EmergingThreats,
and in this respect is rather unique and these IDS results are/were very helpful.
Is there another online scanner that comes up with such similar IDS threat alerts when uri scanning?[/i]
Damian