Not clear here, but for the download request link I get a HTTP/1.1 301 Moved Permanently
For this the location line in the header above redirects the request to:
htxp://www.securitykiss.com/resources/download/
On that I get a HTTP/1.1 302 Found and PHP cookies set
Set-Cookie: PHPSESSID=^^^^ukhmgo^^^^; path=/
Set-Cookie: PHPSESSID=^^^^8j5fd70rehab74jb4^^; path=/ ^^^ broken by me pol
and again location line in the header above has redirected the request to: /resources/download/windows/
This is a conditional redirect and suspicious,
Well break that link as hxtp will ye?
That would mean an additional bonus for the malcreants if they could have intruded, rendering their malcreation almost indetectable,
but not against website behavior analysis, as you see. Until given as clean I would stay away…as site is also flagged here: http://www.siteadvisor.com/sites/securitykiss.com
Hello Polonus, I am not exactly sure what you meant by: "Well break that link as hxtp will ye? ", but I am guessing that you meant to make that link not click-able, and so I removed that link.
Yeah, I will definitely stay away for now until the experts give us their results, thank you Polonus.
OK, see you are aware of that rule here now. ;D Same is for code, always post as an image because an image of malcode cannot do any harm.
Sometimes the avast shields are triggered by parts of code, even without payload, and that is not what we want. ???
So if you wanna show something take an image of it and rub out the identifiables you do not want to share with a searchbot :D.
We do this all the time you know and are aware the Internet is looking over our shoulder all the time 8)
An example will tell you more than a lot of words, see attached.
If you have captured a screen image you can work on it with a tool like Photo Filtre and rub out parts of the website or just crop out that part you want to show…
Their general website does not seem to be affected, it is just the download link (download).
See: http://chrome.quttera.com/chrome_detailed_report/www.securitykiss.com
Strict transport security on their website does not follow best pratices.
Website transmits full server version number…
Yep, the main website showed up clean with most of the link scanners that I tried, thank you for the Quttera link (I like Zscaler and Quttera ).
By full server version number, do you mean Server IP address or what operating system version their server uses, and where on that report did you see that information?
Also what are the risks of showing the full server version number, let me guess, people will have a better idea of which exploits/security holes/malware to attack with?
With this I mean that they transmit the full server version number to the world, making it a tad more easy for attackers to know about server vulnerabilities.
Those responsible for server security for the server on which that Irish website is run should know about this and it is quite easy to hide that full version number.
The website gives away through “X-Powered-By” HTTP Header, that it is generating dynamical content. It is advisable to remove that particular header…
So you see another website hosted without seeking best practices in website security making the website vulnerable to attacks and also less secure to visitors, but alas this situation is more rule than exemption…
The Avast Team said that they could not reproduce the detection and that the SecurityKiss website is not on their blocklist at this time, so it seems that their website and their installer is clean, and that was probably a false positive.
The SecurityKiss team thanks you for your full server version removal hint Polonus, and they will probably take your advice and adjust that.
If you have any other hints/suggestions/advice for the SecurityKiss Team, Polonus, please do contact them through their contact form: http://www.securitykiss.com/support/, I am confident that they will probably listen/respond to some of your suggestions.
I would like to thank Polonus and the Avast Team for responding to my thread/issue , this issue has now been solved; keep up the good work.