Jump to content

Search the Community

Showing results for tags 'javascript'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 1 result

  1. Long story short, there is a massive phishing campaign going on assisted by fake news and the email contains some links such as these. I am here to report these, VirusTotal is unable to detect anything but the behavior is suspicious already. Save this Javascript, might be dangerous and relevant for the analysis, its obfuscated (came from the source code of one of the following links): https://api.b2c.com/api/init-607fc50a7q9gbqtx6p6.js The hyperlinked text in the email redirects to several URLs like these: http://service.comms.yahoo.net/T/v40000016d4bd6ef6d8f2bd6f4bbc782e8/d851160d7f5b444c0000021ef3a0bcc4/d851160d-7f5b-444c-9bac-3f9f9003f12a?__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQFyuCvepFzO6Gi_7mTyxpEHBeobYfYuMKxKF30_nRv5kdBS5o8DWw7zWwaKHPicgJEbi2mIcO09HMayTwoan5hE1cmytgCJaAhI-l7ev-4o3mj7drBut5GMaWk_bdZMloV8tbO0p0IuS3g9LFpxs-MrZZXFvv1IUW9mIDinWMAisyKO0YxWWoDaYakLM-WjT6-28_oIzktSoIRFnqNi6mzOj05IBTsE4voYqZwAj-6-kW3WL2ZdHK1elojTfMIXhkIQ== http://service.comms.yahoo.net/T/v40000016d4bd6ef6d8f2bd6f4bbc782e8/d851160d7f5b444c0000021ef3a0bcc5/d851160d-7f5b-444c-9bac-3f9f9003f12a?__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQFzPG-zH7Z8Axr6nl0B3NK8Oe7rrqH8l-9KF30_nRv5kdIFdJ4JByjkh0LDjb0_vYeMF5FrNsmjk0yCxHOQEea5D71LZ16xxHfU-jLNCm8kZ2NWSpuVhwfSZWa1u0svKt6VG3qmegcJmKUTqBQwYa1FGa-jt3plckiARUTd_iNt21hpVWCd3eWlnbNU1oow4p0wVzMEaYF6wgVH6Io0XoMus8whCpPOrU82IAxf9c_Kl7FxRBMDLJOe1zYKSDKyTEiq7jrk9JUCdWt9YwW13jtHo= Which come from a realistic phishing email, as shown: The final URL is: www.YahooDataBreachSettlement.com Notice yahoo.net rather than yahoo.com
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.