Author Topic: Threat  (Read 166 times)

0 Members and 2 Guests are viewing this topic.

Offline Ahnaf

  • Newbie
  • *
  • Posts: 1
« on: January 25, 2021, 03:33:01 AM »
Hi please help me, how to stop this threat from popping up in my screen and how to remove it in my PC. Thanks

Online polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32909
  • malware fighter
Re: Threat
« Reply #1 on: January 26, 2021, 06:29:14 PM »
This is known as a typosquatter IP:

See various executable malware launched from deomains using this IP, but need not the IP domain you reported.

Is this Bodis in Tampa abuse? read:

Open Resty Server there-> disputed: In OpenResty through, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products.

Page furthermore has ->
html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSXXXXXXXXXX7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TD46Hm8XXXXXXXXXXXXXVgvB2DGUD3cGwo+JYzorEyrPRbkFwfbSD4MCEEqhWY/A7HEG4ctnhIGFvBeixx3KOw==" (X inserted by me, pol for obvious reasons).

Furthermore this runs on this website, see:   but is being whitelisted there and no malicious alerts were given, so possibly an FP (false positive detection).

Wait for a final verdict from avast team, to see whether this is a False Positive detection,
else wait for a qualified removal report (analysis),

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!