1

I did a search for some on Yahoo, I then click on the little arrow next to one of the search results and then clicked the Cached button because I wanted to view an older version of the page. It took me to the following URL:

http://98.139.236.92/search/srpcache?p=bath+cheese&ei=UTF-8&hspart=mozilla&hsimp=yhs-001&fr=yhs-mozilla-001&u=http://cc.bingj.com/cache.aspx?q=bath+cheese&d=4563864025038867&mkt=en-US&setlang=en-US&w=sVSPjqG8BYYbZ4DSlYO9uBJj_-F6Hk1P&icp=1&.intl=us&sig=lAvXGeEt7zIwy1nClj6spQ--

Which took me to a page which reportedly (by uMatrix in Firefox) had one script on it which was allowed. My browser told me, or at least I was taken to a page which said, that my browser was unable to connect.

Because this is a rather strange occurrence I scanned the IP using VirusTotal. So far it's not looking good:

VirusTotal report for IP

There are also multiple reports as follows on this either being a phishing site or malicious:

I have an up-to-date 64-bit Arch Linux installation with Firefox 53.0.3 and GNOME 3.24.2. Is this anything to worry about? Have Yahoo been compromised or is there a perfectly innocent explanation for all this?

I think a possible reason that my browser couldn't reach the site is because it doesn't appear to support HTTPS and thus HTTPS Everywhere would have blocked it from loading since it only allows HTTPS and automatically redirects to it.

1 Answers1

1

I don't think yahoo has been comprised. Not that I would expect them to tell us if they discover they were!

I agree with the https everywhere scenario. Plus it could be that the IP is marked by these services as phishing because

  • It's and IP rather than domain name
  • on this IP is returning 'fake' copies of sites. Which is correct as they are cached but this might trigger some phishing protection services
  • the lack of HTTPS could also influence the above possibly
ISMSDEV
  • 3,272
  • 12
  • 22