Author Topic: Threat ww25.agedporntube.com  (Read 166 times)

0 Members and 2 Guests are viewing this topic.

Offline Ahnaf

  • Newbie
  • *
  • Posts: 1
Threat ww25.agedporntube.com
« on: January 25, 2021, 03:33:01 AM »
Hi please help me, how to stop this threat from popping up in my screen and how to remove it in my PC. Thanks

Online polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32909
  • malware fighter
Re: Threat ww25.agedporntube.com
« Reply #1 on: January 26, 2021, 06:29:14 PM »
This is known as a typosquatter IP: https://www.virustotal.com/gui/ip-address/199.59.242.153/relations

See various executable malware launched from deomains using this IP, but need not the IP domain you reported.

Is this Bodis in Tampa abuse? read: https://www.virustotal.com/gui/ip-address/199.59.242.153/details

Open Resty Server there-> disputed: In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products.

Page furthermore has ->
html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSXXXXXXXXXX7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TD46Hm8XXXXXXXXXXXXXVgvB2DGUD3cGwo+JYzorEyrPRbkFwfbSD4MCEEqhWY/A7HEG4ctnhIGFvBeixx3KOw==" (X inserted by me, pol for obvious reasons).

Furthermore this runs on this website, see: https://any.run/report/914372134020cf942a61c2053cffc46dad14aca46e5a4220f17b170f18a5b951/50864cbd-dd62-4d86-a16f-cc94613a6e91   but is being whitelisted there and no malicious alerts were given, so possibly an FP (false positive detection).

Wait for a final verdict from avast team, to see whether this is a False Positive detection,
else wait for a qualified removal report (analysis),

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!