What I saw via my monitor, device connecting out to: -217-67-177-164.in-addr.mastertelecom.ru
See: https://www.abuseipdb.com/check/217.67.177.164

polonus

It appears to be the drweb browser extension updater…

Preventing to connect out to http-only connections with a browser is a way to let the user consider
whether a destination address might be really secure.
In this particular case we have dealt with a net risk rating of 8 red out of 10, according to Netcraft’s sitereport:
https://sitereport.netcraft.com/?url=http%3A%2F%2F217-67-177-164.in-addr.mastertelecom.ru
Re: https://www.shodan.io/host/217.67.177.164

Openresty server, running there, also cannot be considered foolproof safe,
see: https://nvd.nist.gov/vuln/detail/CVE-2018-9230
A http connection in such a case even could mean additional risk.

It might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall
(ngx_lua_waf or X-WAF) products. Then the question is: “Is AvtoTekhSnab there FatRat proof?”.

One engine detects - Comodo’s Valkyrie: https://www.virustotal.com/gui/url/6221a2d816ed31fcb2c84fe8b74f7d43e85d0a556fec90ab97d44b2be00e55bf/detection

It has one detection for drweb’s updater: -http://update.drweb.com/x86/600/av/windows/drweb32.dll
That was flagged on 2019-05-22. No 3rd party trackers on this site.
Since there are no third party dependencies preventing it, why don‘t we ask drweb.com to adopt SSL?

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)