Hi,
My mom clicked on a link in an email she had received, which said that someone logged in to her account (even though it was marked as spam by her email service). The link was "quareme (dot) com/redirect (dot) html?od= (long string of numbers and letters, with another 2 dots somewhere in the middle of the string and an underscore)".
Entering the URL into VirusTotal displays the following results:
Forcepoint ThreatSeeker - Malicious (Suspicious content)
alpha mountain.ai - Spam
Sophos - Spam (spam URLs)
Xcitium Verdict Cloud (media sharing)
Serving IP address: 91.143.93.97
Status code: 200
X-Powered by: PHP/5.4.16
Content-type: text/HTML; charset=UTF-8
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
The link was opened on Vanadium with JavaScript and JavaScript JIT both enabled and probably cookies enabled too.
The email came from:
"yeskwa (dot) assuceopuberst (dot) com"
marked as "spam" by Fortinet and "media sharing" by Xcitium Verdict Cloud, again on VirusTotal.
Nothing visible happened on opening the link in Vanadium - it was just a blank page, no markings, no writings, nothing - completely blank.
So what are the risks she faces and what can be done to deal with those risks? Do I need to paste here the complete URL of the link she clicked on? Graphene OS was already updated to latest version as was Vanadium.
Regards