Author Topic: "Upload tmp is share"-threat on website?  (Read 996 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33937
  • malware fighter
"Upload tmp is share"-threat on website?
« on: November 01, 2015, 02:04:51 PM »
See this website in Jiangsu, mainland China: https://www.virustotal.com/nl/url/67c1526522a66134b13bcc01eb07d844fb5df946c32d562e389b18fe286897a7/analysis/1446381676/ 
Site Potentially Harmful. Outdated server software detected: System Details:
Running on: nginx/1.4.4 
Via proxy: 1.1 this despite the use of kerberos-security via port 88.
Outdated Web Server Nginx Found: nginx/1.4.4 x-via   1.1 xxxz58:8108 (Cdn Cache Server V2.0), 1.1 wenzhou153:10 (Cdn Cache Server V2.0) ? -> Port80-TCP:V=6.49BETA4%I=7%D=11/1%Time=56360C20%P=x86_64-unknown-linux
ssl-cert: Subject: commonName=-kyfw.12306.cn/organizationName=Sinorail Certification Authority/countryName=CN
Quttera has nothing on website: http://quttera.com/detailed_report/xy-pic.qiniudn.com
IP badness history: https://www.virustotal.com/nl/ip-address/115.231.158.70/information/
Unwanted programs, PUPs, clicker-trojans, etc from IP, see: https://www.threatcrowd.org/ip.php?ip=115.231.158.70
Abuse on Chinanet-Backbone.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!