I see this in my UMatrix extension logfile for Avast Online Security: http://uib.ff.avast.com/ (bad zone)
Going there I get a message: URI mismatch / (1 line of source code?)
This issue is when the client ID and secret were issued for a web application.
In Google’s developer console, they should be created for an installed application.
See: http://toolbar.netcraft.com/site_report?url=http://uib.ff.avast.com
Hostname = r-072-045-234-077.ff.avast.com
It is owned by AVAST cloud PoP Frankfurt
On vulnerable nginx 1.5.6 can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct “virtual host confusion” attacks.
For ff.avast.com Nameservers there is a WARNING: Name servers software versions are exposed:
77.234.47.11: “Served by POWERDNS 3.1 $Id: packethandler.cc 2579 2012-04-26 11:28:04Z peter $”
77.234.47.12: “Served by POWERDNS 3.1 $Id: packethandler.cc 2579 2012-04-26 11:28:04Z peter $”
Exposing name server’s versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Learn how to hide version.
polonus (volunteer website security analyst and website error-hunter)
Normally the website should resolve to 77.234.45.71 but it here resolves to 5.153.13.126, (has more, multi-IP addresses)
see: https://www.virustotal.com/nl/ip-address/5.153.13.126/information/
See last detected here: https://www.virustotal.com/nl/domain/ui.ff.avast.com/information/
flagged were: http://ui.ff.avast.com/v5/ruleUpdate & http://ui.ff.avast.com/
Unable to properly scan your site. Site returning error (40x): HTTP/1.1 400 Bad Request
No significant issues detected. For http://67.228.177.236/ also get URI mismatch,
but a 9 out of 10 red risk status: http://toolbar.netcraft.com/site_report?url=http://67.228.177.236
This probably because the site is new to their database. Re: http://anti-hacker-alliance.com/index.php?details=67.228.177.236
Security Header Situation - not Result Category Name Actual Value Our Recommendation
Missing
Framing X-Frame-Options Use ‘sameorigin’ Details
Missing
Transport Strict-Transport-Security Use ‘max-age=31536000; includeSubDomains’
Missing
Content X-Content-Type-Options Use ‘nosniff’
Missing
Content Content-Type Use ‘text/html;charset=utf-8’
Missing
XSS X-XSS-Protection Use ‘1; mode=block’ Details
Missing
Caching Cache-Control Use ‘no-cache, no-store, must-revalidate’
Missing
Caching Pragma Use ‘no-cache’
Missing
Caching Expires Use ‘-1’
Missing
Access Control X-Permitted-Cross-Domain-Policies Use ‘master-only’
Missing
Content Security Policy Content-Security-Policy Try Content-Security-Policy-Report-Only to start. Include default-src ‘self’, avoid ‘unsafe-inline’ and ‘unsafe-eval’
Warning
Server Information Server nginx/1.5.6 Avoid version numbers
Server misconfiguration implemented on purpose?
polonus (volunteer website security analyst and website error-hunter)