Help
RSS
API
Feed
Maltego
Contact
Domain > http-evader.semantic-gap.de
×
Welcome!
Right click nodes and scroll the mouse to navigate the graph.
×
More information on this domain is in
AlienVault OTX
Is this malicious?
Yes
No
Whois
Property
Value
Email
hostmaster@netcup.de
NameServer
second-dns.netcup.net
Changed
2017-02-06 19:31:04
DNS Resolutions
Date
IP Address
2025-01-28
37.221.199.196
(
ClassC
)
Port 80
HTTP/1.0 200 okContent-type: text/htmlContent-length: 8999 !doctype html>html>body>link relstylesheet href/-BDQo6mlHXJMFUVuCDFFcxApHWw>link relstylesheet href/-BDQo6mlHXJMFUVuCDFFcxApHWw>link relicon href/-BDQo6mlSSZwAV0eER11LhQ typeimage/vnd.microsoft.icon>h1>HTTP standard conformance tests - HTTP evader/h1>p>While HTTP seems to be a simple protocol it is in reality complex enough thatdifferent implementations of the protocol vary how the behave in case of HTTPresponses which are either slightly invalid or valid but uncommon.These interpretation differences is critical if a firewall behavesdifferently then the browser it should protect because it can be abused tobypass the protection of the firewall./p>p>The following tests are intended to test the behavior of browsers regardinginvalid or uncommon HTTP responses. And if there is a firewall or proxy betweenthe test server and the browser then it can be seen how this affects the resultsand if a bypass of the protection would be possible.More information about bypassing firewalls using interpretation differences canbe found a hrefhttp://noxxi.de/research/semantic-gap.html>here/a>./p>ul>li>a href#xhr_eicar>Firewall evasion test - Bulk test with virus payload using XMLHttpRequest/a>/li>li>a href#xhr_novirus>Bulk test with innocent payload using XMLHttpRequest/a>/li>li>a href#js>Bulk test with innocent payload using script tag/a>/li>li>a href#img>Bulk test with innocent payload using img tag/a>/li>li>a href#iframe>Bulk test with innocent payload using iframe tag/a>/li>li>a href#other>Various non-bulk tests/a>/li>/ul>hr>a namexhr_eicar>h2>Firewall evasion test - Bulk test with virus payload (XHR)/h2>/a>p>This bulk test tries to transfer the ahrefhttp://www.eicar.org/86-0-Intended-use.html>EICAR test virus/a> from theserver to the client. This test virus is commonly used for basic tests ofantivirus and should be detected by every firewall which does deepinspection to filter out malware. Since this virus itself is not malicious it issafe to run this test./p>p>But, the transfer is done with various kinds of uncommon or even inval
Port 443
HTTP/1.0 200 okContent-type: text/htmlContent-length: 8999 !doctype html>html>body>link relstylesheet href/-BDQo6mlHXJMFUVuCDFFcxApHWw>link relstylesheet href/-BDQo6mlHXJMFUVuCDFFcxApHWw>link relicon href/-BDQo6mlSSZwAV0eER11LhQ typeimage/vnd.microsoft.icon>h1>HTTP standard conformance tests - HTTP evader/h1>p>While HTTP seems to be a simple protocol it is in reality complex enough thatdifferent implementations of the protocol vary how the behave in case of HTTPresponses which are either slightly invalid or valid but uncommon.These interpretation differences is critical if a firewall behavesdifferently then the browser it should protect because it can be abused tobypass the protection of the firewall./p>p>The following tests are intended to test the behavior of browsers regardinginvalid or uncommon HTTP responses. And if there is a firewall or proxy betweenthe test server and the browser then it can be seen how this affects the resultsand if a bypass of the protection would be possible.More information about bypassing firewalls using interpretation differences canbe found a hrefhttp://noxxi.de/research/semantic-gap.html>here/a>./p>ul>li>a href#xhr_eicar>Firewall evasion test - Bulk test with virus payload using XMLHttpRequest/a>/li>li>a href#xhr_novirus>Bulk test with innocent payload using XMLHttpRequest/a>/li>li>a href#js>Bulk test with innocent payload using script tag/a>/li>li>a href#img>Bulk test with innocent payload using img tag/a>/li>li>a href#iframe>Bulk test with innocent payload using iframe tag/a>/li>li>a href#other>Various non-bulk tests/a>/li>/ul>hr>a namexhr_eicar>h2>Firewall evasion test - Bulk test with virus payload (XHR)/h2>/a>p>This bulk test tries to transfer the ahrefhttp://www.eicar.org/86-0-Intended-use.html>EICAR test virus/a> from theserver to the client. This test virus is commonly used for basic tests ofantivirus and should be detected by every firewall which does deepinspection to filter out malware. Since this virus itself is not malicious it issafe to run this test./p>p>But, the transfer is done with various kinds of uncommon or even inval
View on OTX
|
View on ThreatMiner
Please enable JavaScript to view the
comments powered by Disqus.
Data with thanks to
AlienVault OTX
,
VirusTotal
,
Malwr
and
others
. [
Sitemap
]