This early morning when i would like to login into my webmail on Yahoo Mail, then accidentally i make a miss typing for yahoo mail address and redirect to : hxxps://login.yahoo.com/config/login_verify2?&.src=ym&.intl=us
After that Avast warn me that this link is phising site and according to virustotal there are 2 URL Scanner detected as phising site :
Confirned here: http://support.clean-mx.de/clean-mx/phishing.php?id=1257489 but given now as dead!
Came from torrent shares!
See potentially suspicious: http://quttera.com/detailed_report/login.yahoo.com
s.yimg dot com/rq/darla/2-4-4/js/darla-secure-pre-min.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method unescape __tmpvar753393073 = unescape;
Blacklisted by Phishtank -See ODS alerts here: https://urlquery.net/report.php?id=208844 → ssp_ssl: Invalid Client HELLO after Server HELLO Detected
and ssp_ssl: Invalid Client HELLO after Server HELLO Detected
Check the DB connection variables in base_conf.php
= $alert_dbname : MySQL database name where the alerts are stored
= $alert_host : host where the database is stored
= $alert_port : port where the database is stored
= $alert_user : username into the database
= $alert_password : password for the username
I just was investigating, while I was at “the other side of your screen” so to say ;D.
Basically we have arrived all three now at the same conclusion,
that this here is a"valid phish detection".
Users always have to check their links before clicking them.
I always do a link pre-scan when venturing out where I have not been before.
I do not want to be clubbed over the head with malcode in a dark website alley, well on a dark site URI rather 8)
How are you doing, tuan basar? Long time not been out here. Yes the link is dangerous and rightly blocked by the avast av solution!
The avast! Shields protection is advanced and a first line of protection because it blocks access to the malcode, so your machine won’t even see this.
Stay safe and secure is the wish of,
In the code this is reported by Quttera as potentially suspicious: s.yimg.com/rq/darla/2-4-4/js/darla-secure-pre-min.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method unescape <code> __tmpvar1618404809 = unescape; <code/>
see: http://jsunpack.jeek.org/?report=c2f9ddca817ad2650e0c1afe5a5a87f9a421448f (go to link with NoScript and RequestPolicy extensions active in browser and in a VM or sandbox): and an undefined here:[coe] <p> Error Code: 404 </p> <p> Error Message: ObjectNotFoundException: thrown from MetaDB.cc,209: Could not get object</p>
and this is a CSS issue in the loading of the Gallery component for the Yahoo! CDN
The 404 is valid because the file does not exist.
The docs are incorrect, looks like the version number is not in the uri’s: