URL:Mal YTS

Hi there,

I keep being alerted that a threat has been secured, and the conenction to wxw.yts.vc have been aborted.
This pop up notification happens various times a day.
I do not try to visit that website.

Threat name: URL:Mal
URL: hxxps://wxw.yts.vc/
Process: C:\ProgramFiles\Google\Chrome\Application\chrome.exe
Detected by: Web Shiled
Status: Connection aborted

Can you help?
Thanks

https://i.postimg.cc/BvFfVRcf/Avast-notification-10-01-24.jpg

Please modify the active/suspect links in your post to avoid accidental exposure, replace https and or www with hxxps or wxw as I have in your quoted text above.

Clear browser cache - Were you intending to visit the site ?
If not start by clearing your browser cache and cookies,including 3rd party cookies and restart your browser.
If that resolves it you should be good to go.
If it doesn’t try running your browser with add-ons disabled.

If that resolves it, have you added or updated any add-ons ?
If so try disabling that add-on - and restart and try again.

Thanks for the reply.

No, I did not try to visit the website. Might have once many months ago.
I have cleared my the entire browing data (except passwords), rebooted my PC but I keep getting that exact same notifications from Avast.

I am only using 1 browser extension from a well established add-blocker. Anyway, I disabled it and issue keeps happening

I ran a full Avas Virus Scan but nothing was found

I also ran a scan with Malwarebytes but nothing either. Interresingly enough, it did blocked this AM a website due to phising, from Firefox this time.
And again, from a website I have never tried to visit.

So wondering if I don’t have some sort of malware installed on my PC trying to reach some websites without my consent

Thank you for your help

https://postimg.cc/VrCcCYq1

I doubt that is a virus as such.
Do you have any common add-ons across your browsers where this is happening ?

Did you follow all of the steps I gave especially about running with add-ons disabled

If not start by clearing your browser cache and cookies,including 3rd party cookies and restart your browser. If that resolves it you should be good to go. [b]If it doesn't try running your browser with add-ons disabled.[/b]

Is this to the same URL or different ones.

Also consider these results: https://quttera.com/detailed_report/www.yts.vc

polonus

There are several external links that could have an impact.

This outgoing link is not being mentioned on the Quttera scan,
which gives us 18 outgoing re-directions and urlscan.io even produces 19 outgoing redirects…

1 Outgoing links
These are links going to different origins than the main page.

URL: hxtps://sedo.com/search/details/?domain=[domainname]

Title: This domain may be for sale. Bad link according to VT Community members (via parked domains) - See: https://www.virustotal.com/gui/url/5db104f361309bea91db86785f67097284b9554d86b8d35a60691558754df6d0/community

Parked sites are open to abuse: htxps://img1.wsimg.com/parking-lander/static/js/main.47d29676.js

OpenResty parked on Amazon. Not clear at once, but we should use DavidR’s caution.

We could do here with a final verdict from Avast’s, as it comes with their definitions.

Also consider: https://urlscan.io/result/fe601cc9-b916-47c5-85bb-6e18ccdb1fa8/#links

Ample links that should be adblocked (wXw.adsensecustomsearchads.com etc., godaddy, various AMAZON & GOOGLE affiliates),
also consider:
https://www.virustotal.com/gui/url/5ee85d53c0d92b77d747d3b7ffd02560f0abad657bedbbd3c38fb6f524b5bb8d/community

polonus

Another example of abuse on an OpenResty system can be found here: -http://nomwcapital.info/

also parking-lander and similar: https://www.google.com/adsense/domains/caf.js?abp=1

-htxps://img1.wsimg.com/parking-lander/static/js/main.47d29676.js

/px.js?ch=1&abp=1

/px.js?ch=2&abp=1

polonus