Avast WEBforum

Other => Viruses and worms => Topic started by: Ahnaf on January 25, 2021, 03:33:01 AM

Title: Threat ww25.agedporntube.com
Post by: Ahnaf on January 25, 2021, 03:33:01 AM

Hi please help me, how to stop this threat from popping up in my screen and how to remove it in my PC. Thanks

Title: Re: Threat ww25.agedporntube.com
Post by: polonus on January 26, 2021, 06:29:14 PM

This is known as a typosquatter IP: https://www.virustotal.com/gui/ip-address/199.59.242.153/relations

See various executable malware launched from deomains using this IP, but need not the IP domain you reported.

Is this Bodis in Tampa abuse? read: https://www.virustotal.com/gui/ip-address/199.59.242.153/details

Open Resty Server there-> disputed: In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products.

Page furthermore has ->
html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSXXXXXXXXXX7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TD46Hm8XXXXXXXXXXXXXVgvB2DGUD3cGwo+JYzorEyrPRbkFwfbSD4MCEEqhWY/A7HEG4ctnhIGFvBeixx3KOw==" (X inserted by me, pol for obvious reasons).

Furthermore this runs on this website, see: https://any.run/report/914372134020cf942a61c2053cffc46dad14aca46e5a4220f17b170f18a5b951/50864cbd-dd62-4d86-a16f-cc94613a6e91   but is being whitelisted there and no malicious alerts were given, so possibly an FP (false positive detection).

Wait for a final verdict from avast team, to see whether this is a False Positive detection,
else wait for a qualified removal report (analysis),

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)