Author Topic: Saw connections to some http address blocked by https-only in the browser...  (Read 2876 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33871
  • malware fighter
What I saw via my monitor, device connecting out to: -217-67-177-164.in-addr.mastertelecom.ru
See: https://www.abuseipdb.com/check/217.67.177.164

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33871
  • malware fighter
It appears to be the drweb browser extension updater...

Preventing to connect out to http-only connections with a browser is a way to let the user consider
whether a destination address might be really secure.
In this particular case we have dealt with a net risk rating of 8 red out of 10, according to Netcraft's sitereport:
https://sitereport.netcraft.com/?url=http%3A%2F%2F217-67-177-164.in-addr.mastertelecom.ru
Re: https://www.shodan.io/host/217.67.177.164

Openresty server, running there,  also cannot be considered foolproof safe,
see: https://nvd.nist.gov/vuln/detail/CVE-2018-9230
A http connection in such a case even could mean additional risk.

It might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall
(ngx_lua_waf or X-WAF) products. Then the question is: "Is  AvtoTekhSnab there FatRat proof?".

One engine detects - Comodo's Valkyrie: https://www.virustotal.com/gui/url/6221a2d816ed31fcb2c84fe8b74f7d43e85d0a556fec90ab97d44b2be00e55bf/detection

It has one detection for drweb's updater: -http://update.drweb.com/x86/600/av/windows/drweb32.dll
That was flagged on 2019-05-22.  No 3rd party trackers on this site.
Since there are no third party dependencies preventing it, why don‘t we ask drweb.com to adopt SSL?

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: January 27, 2020, 06:15:12 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!