possible malicious site appeared in whitelist

[eradic8]

Just checked my No-Script Whitelist this morning, and I found this URL in it: "adinterax.com" Know as far as I am aware I have not allowed this, if so it was an accident. Anyway I'm not really sure how it got in my Whitelist, but on doing a google search I got the following Windows popup message: Secure connection failed: adinterax.com: 443 uses an invalid security certificate. The certificate is only valid for "http://www.adinterax.com" (Error code: ssl_error_bad_cert_domain) This could be a problem with the server's configuration or it could be someone trying to impersonate the server. If you have connected to this server successfully in the past the error may be temporary and you can try again later. The site appears at the top of the google search list. I suspect this may be a SEO posioning attack site.

[Giorgio Maone]

This site belongs to Yahoo!, and it's one of its ad networks.
You likely allowed inadvertently by "Allow all on this page", but it's seemingly not malicious.

[eradic8]

This site belongs to Yahoo!, and it's one of its ad networks.
You likely allowed inadvertently by "Allow all on this page", but it's seemingly not malicious.

Thanks for the quick reply, but I don't understand why I'm getting the popup saying the certificate is invalid.

[Giorgio Maone]

I don't understand why I'm getting the popup saying the certificate is invalid.

Because of a server-side misconfiguration.

1. They've got a SSL cert for www.adinterax.com
2. You opened http://adinterax.com
3. They've got a server-wide directive to redirect any HTTP traffic to HTTPS
4. You're redirected to https://adinterax.com. Since the certificate is only for www.adinterax.com, Firefox warns you about the mismatch

The correct way for them to handle the HTTP->HTTPS redirection should be changing both the protocol (http:->https:) and the host (adinterax.com->www.adinterax.com), rather than the protocol alone.
Anyway, no malice there, just incompetence.

[eradic8]

I don't understand why I'm getting the popup saying the certificate is invalid.

Because of a server-side misconfiguration.

1. They've got a SSL cert for www.adinterax.com
2. You opened http://adinterax.com
3. They've got a server-wide directive to redirect any HTTP traffic to HTTPS
4. You're redirected to https://adinterax.com. Since the certificate is only for www.adinterax.com, Firefox warns you about the mismatch

The correct way for them to handle the HTTP->HTTPS redirection should be changing both the protocol (http:->https:) and the host (adinterax.com->www.adinterax.com), rather than the protocol alone.
Anyway, no malice there, just incompetence.

O.K thanks for the explanation Giorgio, I understand now.

[danialpaul1]

hey Giorgio thanks for detail description, I appreciate it !

[Tom T.]

FWIW, this site has a very poor reputation at mywot.com, where it is accused by some users of loading spyware. My HOSTS file blocks it, with the explanation, "Tracking Cookie".

I'll add this to the 'SOME SITES YOU MIGHT NOT WANT TO ALLOW" list.
Thanks for the report.