polonus
1
Some solutions have SSL-Certificate Protection.
Does avast! flag SSL-Certificate errors? Comments, please?
See this site not being flagged here: http://scanurl.net/?u=https%3A%2F%2Fsmtp1.alramzsecurities.ae%2F%2520index%2520page%3F&uesb=Check+This+URL#results
Nor being flagged here: http://urlquery.net/report.php?id=6604465
Our good forum friend Eddy taught us lately to pay attention to these inssues, because of the security implications thereof,
that is why I bring this issue up here in this thread.
Here it is correctly being flagged: http://app.webinspector.com/public/reports/17740749
&
The Project Honey Pot system has detected behavior from the IP address 83.111.55.82 that is consistent with that of a Dictionary Attacker.
Google Safebrowsing also brings up an alert for this SSL error.
Website:
-smtp1.alramzsecurities dot ae
IP-address :
-83.111.55.82
-94.56.136.147
Location:
United Arab Emirates, Abu Dhabi, Abu Dhabi
Host:
smtp1.alramz dot ae
Hosting/Owner:
Al Ramz Shares & Bonds Center
Name-servers:
auhans1.ecompany dot ae (-194.170.1.99)
auhans2.ecompany dot ae (-195.229.237.52)
dxbans1.ecompany dot ae (-194.170.1.6)
dxbans2.ecompany dot ae (-194.170.1.7)
E-mail:
send.mail.2.dns.at.iesATetisalat dot ae
Andere sites op IP:
Country: AE Site rank: NA
First seen: August 2013 Host: Al Ramz Shares & Bon…
PFS:
Ping stops at 9 94.56.218.22 (94.56.218.22) 212.766 ms 216.413 ms 206.565 ms
Also consider that the AS was flagged for having blacoleRef & other exploits: http://www.malwareurl.com/ns_listing.php?as=AS5384
polonus
I think they should be flagged, not Blocked but marked as potentially harmful.
Maybe they should also block sites like babylon.com which are hosting adware and other garbage like that. Detection of adware must get better nowerdays, adware is almost everywhere.
That’s an understatement. It is everywhere. It will be rare you do not see an ad somewhere
polonus
5
Yes, Steven Winderlich, I agree with you here.
They need not precise what risks the blocked registrar site may have,
but users should be alerted in cases where for instance:
sslv2: server still supports SSLv2 or
possibly risky http-methods are being used,
or redirecting re-directs come from an open proxy.
All insecure methods that attackers could abuse.
Avast should not allow their users to arrive at without an alert,
same as GoogleSafebrowsing, but that also can miss issues and detection.
I think this is something for a new Shield because avast does not for instance scan https.
That is why users here are not using "https: only"because that is a blind angle where the avast detection is concerned.
Avast does not scan https sites…
It ought to be brought in, but when will this be?
With all the coming DNS spoofing and hijacking coming in the foreseeable future,
it sure is a must to pre-check this possible malcode arena and their possible threats,
polonus
Many programs are installing adware and pups i think avast should warn the user cause many are using quick install and are clicking next next next…