Author Topic: help on decoding this Phish  (Read 6141 times)

0 Members and 1 Guest are viewing this topic.

February 08, 2012, 10:28:03 am
Read 6141 times

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
Code: [Select]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1=2E0 Strict//EN"
"http://www=2Ew3=2Eorg/TR/xhtml1/DTD/xhtml1-strict=2Edtd">
<html xmlns=3D"http://www=2Ew3=2Eorg/1999/xhtml">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8" />=

<title>
&uuml; ber MasterCard  | MasterCard in Deutschland&nbsp;| MasterCard in Deu=
tschland
</title>

<meta name=3D"keywords" content=3D"MasterCard in Deutschland, Interchange u=
nd Rahmengeb&uuml; hren, Geb&uuml; hren Kreditkarten, Kreditkarte Kosten, I=
nterchange Geb&uuml; hren, Interbankenentgelt, POS Interchange Geb&uuml; hr=
en" />
<meta name=3D"description" content=3D"Interchange (Interbankenentgelt) ist =
eine Geb&uuml; hr, die eine H&auml;ndlerbank (Acquirer) an die Bank des Kar=
teninhabers (Emissionsbank) im Zuge einer Zahlungstransaktion zahlen muss=
=2E" />
<meta http-equiv=3D"Expires" content=3D"12 31,2020">
<meta http-equiv=3D"Last-Modified" content=3D"Jan 23, 2012">
<script type=3D"text/javascript">
var glbBaseURL =3D '/de/uebermastercard/start=2Ehtml';
</script>
<script type=3D"text/javascript" src=3D"http://mastercard=2Ecom/common/js/c=
ms_lib_US=2Ejs"></script>
<script type=3D"text/javascript" src=3D"http://mastercard=2Ecom/de/js/jquer=
y-1=2E2=2E6=2Emin=2Ejs"></script>
<link href=3D"http://mastercard=2Ecom/common/css/style=2Ecss" rel=3D"styles=
heet" type=3D"text/css" />

<link href=3D"http://mastercard=2Ecom/common/css/custom=2Ecss" rel=3D"style=
sheet" type=3D"text/css" />
<link href=3D"http://mastercard=2Ecom/de/css/image=2Ecss" rel=3D"stylesheet=
" type=3D"text/css" />
<link href=3D"http://mastercard=2Ecom/common/css/print=2Ecss" rel=3D"styles=
heet" type=3D"text/css" media=3D"print" />
<link href=3D"http://mastercard=2Ecom/de/css/sIFR-screen=2Ecss" rel=3D"styl=
esheet" type=3D"text/css" media=3D"screen"/>
<link href=3D"http://mastercard=2Ecom/de/css/sIFR-print=2Ecss" rel=3D"style=
sheet" type=3D"text/css" media=3D"print"/>
<link href=3D"http://mastercard=2Ecom/de/css/sifr=2Ecss" rel=3D"stylesheet"=
 type=3D"text/css" />
<script type=3D"text/javascript" src=3D"http://mastercard=2Ecom/de/js/sifr=
=2Ejs"></script>

</head>
<body onload=3D"determineheight()">

<table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%">
<tr>
<td>
<!-- Header Starts here -->



<!-- begin Header HTML -->
<script type=3D"text/javascript">
var imgBrandMark =3D relative("http://mastercard=2Ecom/common/images/mrk_ma=
stercard=2Egif",glbBaseURL);
var imgBrandMarkAlt =3D 'MasterCard';
var imgBrandMarkURL  =3D relative("http://mastercard=2Ecom/de/gateway=
=2Ehtml",glbBaseURL);
var imgSiteHeader =3D relative("http://mastercard=2Ecom/de/wce/JPG/2780_hea=
der=2Ejpg",glbBaseURL);
var imgSiteHeaderAlt =3D 'MasterCard';
var imgCountryIco =3D relative("http://mastercard=2Ecom/de/images/germany_f=
lag=2Egif",glbBaseURL);
var imgCountryIcoAlt =3D 'Deutschland';
var glbCountryListURL =3D relative("http://mastercard=2Ecom/common/js/count=
ry_list_en=2Ejs", glbBaseURL);
var headerLinkURL =3D "";
var headerLinkText =3D "";
var imgBM =3D '<img  src=3D"http://mastercard=2Ecom/common/images/mrk_maste=
rcard=2Egif"  width=3D"112"  height=3D"87"  border=3D"0"  alt=3D"MasterCard=
"  title=3D"MasterCard" />';
var imgSH =3D '<img  src=3D"http://mastercard=2Ecom/de/wce/JPG/2780_header=
=2Ejpg"  width=3D"459"  height=3D"87"  border=3D"0"  alt=3D"MasterCard"  ti=
tle=3D"MasterCard" />';
var imgCI =3D '<img  src=3D"http://mastercard=2Ecom/de/images/germany_flag=
=2Egif"  width=3D"111"  height=3D"15"  border=3D"0"  alt=3D"Deutschland"  t=
itle=3D"Deutschland" />';
document=2Ewrite("<scr"+"ipt src=3D\""+ glbCountryListURL+"\"></scr"+"ipt>"=
);
</script>
<div id=3D"header">
<table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
<tr>
<td><table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=
=3D"0" bgcolor=3D"black">

<tr>
<td valign=3D"top"><table border=3D"0" cellspacing=3D"0" cellpadding=
=3D"0" bgcolor=3D"black">
<tr>
<td valign=3D"top">


<script type=3D"text/javascript">
document=2Ewrite("<a href=3D'" + imgBrandMarkURL + "'>" + getImgSrc(imgBM, =
imgBrandMark) + "</a>");</script>



</td>
<td valign=3D"top"><script type=3D"text/javascript">document=2Ewrite(getImg=
Src(imgSH, imgSiteHeader));</script></td>
<form name=3D"globalNavigation" action=3D"#" method=3D"get">

<td valign=3D"top" align=3D"right" width=3D"220" height=3D"87"><table borde=
r=3D"0" cellspacing=3D"0" cellpadding=3D"0" height=3D"87">
<tr height=3D"15">
<td colspan=3D"3" height=3D"15"></td>
</tr>
<tr>
<td colspan=3D"3">
<table>
<tr>
<td valign=3D"bottom"><!-- Country Drop Down List -->

<script type=3D"text/javascript">
var glbCountryList =3D buildCountryList("DE");
document=2Ewrite(glbCountryList);
</script>
</td><!-- end Country Drop Down List -->
<td align=3D"left" valign=3D"top" width=3D"5"></td>
<td align=3D"left">

<script type=3D"text/javascript">document=2Ewrite(getImgSrc(imgCI, imgCount=
ryIco));</script>


</td>
</tr>
</table>

</td>
</tr>
<tr>
<td align=3D"left" colspan=3D"3" valign=3D"top">
<!-- Alternate Language List -->





<!-- End Alternate Language List -->
<!-- Contact Us/FAQs -->







<script type=3D"text/javascript">
headerLinkURL =3D relative(" ",glbBaseURL);
headerLinkText =3D " ";
document=2Ewrite("<a href=3D'"+ headerLinkURL +"'>" + headerLinkText + "</a=
>");
</script>




<!-- End Contact Us/FAQs -->
</td>
</tr>
</table></td>
</form>
<td valign=3D"top" width=3D"220" height=3D"87"></td>
</tr>
</table></td>
</tr>

</table>
<div id=3D"toptab">
<!-- tabs start here --><style type=3D"text/css">
<--
h1#newrepl {}

p#home {
margin: 0px;
padding: 16px 0 0 0;
overflow: hidden;
background-image: url("/de/images/newtopnavimages/ttl_home_off=2Egif");
background-repeat: no-repeat;
width: 123px;
height: 0px !important; /* for most browsers */
height /**/:16px; /* for IE5=2E5's bad box model */
float: left;
clear: none;
}

p#privatkunden {
margin: 0px;
padding: 16px 0 0 0;
overflow: hidden;
background-image: url("/de/images/newtopnavimages/ttl_privatkunden_off=
=2Egif");
background-repeat: no-repeat;
width: 123px;
height: 0px !important; /* for most browsers */
height /**/:16px; /* for IE5=2E5's bad box model */
float: left;
clear: none;
}

p#geschaftskunden {
margin: 0px;
padding: 16px 0 0 0;
overflow: hidden;
background-image: url("/de/images/newtopnavimages/ttl_geschaftskunden_off=
=2Egif");
background-repeat: no-repeat;
width: 123px;
height: 0px !important; /* for most browsers */
height /**/:16px; /* for IE5=2E5's bad box model */
float: left;
clear: none;
}

p#handler {
margin: 0px;
padding: 16px 0 0 0;
overflow: hidden;
background-image: url("/de/images/newtopnavimages/ttl_handler_off=2Egif");
background-repeat: no-repeat;
width: 123px;
height: 0px !important; /* for most browsers */
height /**/:16px; /* for IE5=2E5's bad box model */
float: left;
clear: none;
}

p#uber_mastercard {
margin: 0px;
padding: 16px 0 0 0;
overflow: hidden;
background-image: url("/de/images/newtopnavimages/ttl_ber_mastercard_on=
=2Egif");
background-repeat: no-repeat;
width: 123px;
height: 0px !important; /* for most browsers */
height /**/:16px; /* for IE5=2E5's bad box model */
float: left;
clear: none;
}

-->
</style>

<div>
<script type=3D"text/javascript">
var tabLinkUrl=3D relative("/de/gateway=2Ehtml",glbBaseURL);
document=2Ewrite("<a style=3D'cursor:pointer;' href=3D'"+tabLinkUrl+"'><p i=
d=3D'home'>home</p></a>");
var tabLinkUrl=3D relative("/de/privatkunden/start=2Ehtml",glbBaseURL);
document=2Ewrite("<a style=3D'cursor:pointer;' href=3D'"+tabLinkUrl+"'><p i=
d=3D'privatkunden'>privatkunden</p></a>");
var tabLinkUrl=3D relative("/de/geschaeftskunden/start=2Ehtml",glbBaseURL);=

document=2Ewrite("<a style=3D'cursor:pointer;' href=3D'"+tabLinkUrl+"'><p i=
d=3D'geschaftskunden'>geschaftskunden</p></a>");
var tabLinkUrl=3D relative("/de/haendler/start=2Ehtml",glbBaseURL);
document=2Ewrite("<a style=3D'cursor:pointer;' href=3D'"+tabLinkUrl+"'><p i=
d=3D'handler'>handler</p></a>");
var tabLinkUrl=3D relative("/de/uebermastercard/start=2Ehtml",glbBaseURL);
document=2Ewrite("<a style=3D'cursor:pointer;' href=3D'"+tabLinkUrl+"'><p i=
d=3D'uber_mastercard'>uber_mastercard</p></a>");
</script>
</div>
<!-- tabs end here --></div>
<script type=3D"text/javascript">
var urlvalue =3D location=2Ehref;
var cms_val =3D new RegExp("mbe2stl108=2Emastercard=2Enet");
if (urlvalue=2Ematch(cms_val))
{document=2Ewrite('<style type=3D"text/css">');
document=2Ewrite('p#home {');
document=2Ewrite('margin: 0px;');
document=2Ewrite('padding: 16px 0 0 0;');
document=2Ewrite('overflow: hidden;');
document=2Ewrite('background-image: url('+relative("/de/images/newtopnavima=
ges/ttl_home_off=2Egif",glbBaseURL)+');');
document=2Ewrite('background-repeat: no-repeat;');
document=2Ewrite('width: 123px;');
document=2Ewrite('height: 0px !important;');
document=2Ewrite('height:16px;');
document=2Ewrite('float: left;');
document=2Ewrite('clear: none;');
document=2Ewrite('}');

document=2Ewrite('p#privatkunden {');
document=2Ewrite('margin: 0px;');
document=2Ewrite('padding: 16px 0 0 0;');
document=2Ewrite('overflow: hidden;');
document=2Ewrite('background-image: url('+relative("/de/images/newtopnavima=
ges/ttl_privatkunden_off=2Egif",glbBaseURL)+');');
document=2Ewrite('background-repeat: no-repeat;');
document=2Ewrite('width: 123px;');
document=2Ewrite('height: 0px !important;');
document=2Ewrite('height:16px;');
document=2Ewrite('float: left;');
document=2Ewrite('clear: none;');
document=2Ewrite('}');

document=2Ewrite('p#geschaftskunden {');
document=2Ewrite('margin: 0px;');
document=2Ewrite('padding: 16px 0 0 0;');
document=2Ewrite('overflow: hidden;');
document=2Ewrite('background-image: url('+relative("/de/images/newtopnavima=
ges/ttl_geschaftskunden_off=2Egif",glbBaseURL)+');');
document=2Ewrite('background-repeat: no-repeat;');
document=2Ewrite('width: 123px;');
document=2Ewrite('height: 0px !important;');
document=2Ewrite('height:16px;');
document=2Ewrite('float: left;');
document=2Ewrite('clear: none;');
document=2Ewrite('}');

document=2Ewrite('p#handler {');
document=2Ewrite('margin: 0px;');
document=2Ewrite('padding: 16px 0 0 0;');
document=2Ewrite('overflow: hidden;');
document=2Ewrite('background-image: url('+relative("/de/images/newtopnavima=
ges/ttl_handler_off=2Egif",glbBaseURL)+');');
document=2Ewrite('background-repeat: no-repeat;');
document=2Ewrite('width: 123px;');
document=2Ewrite('height: 0px !important;');
document=2Ewrite('height:16px;');
document=2Ewrite('float: left;');
document=2Ewrite('clear: none;');
document=2Ewrite('}');

document=2Ewrite('p#uber_mastercard {');
document=2Ewrite('margin: 0px;');
document=2Ewrite('padding: 16px 0 0 0;');
document=2Ewrite('overflow: hidden;');
document=2Ewrite('background-image: url('+relative("/de/images/newtopnavima=
ges/ttl_ber_mastercard_on=2Egif",glbBaseURL)+');');
document=2Ewrite('background-repeat: no-repeat;');
document=2Ewrite('width: 123px;');
document=2Ewrite('height: 0px !important;');
document=2Ewrite('height:16px;');
document=2Ewrite('float: left;');
document=2Ewrite('clear: none;');
document=2Ewrite('}');
document=2Ewrite('</style>');

document=2Ewrite('<div>');
var tabLinkUrl=3D relative("/de/gateway=2Ehtml",glbBaseURL);
document=2Ewrite("<a style=3D'cursor:pointer;');' href=3D'"+tabLinkUrl+"'><=
p id=3D'home'>home</p></a>");
var tabLinkUrl=3D relative("/de/personal/de/privatkunden/index=2Ehtml",glbB=
aseURL);
document=2Ewrite("<a style=3D'cursor:pointer;');' href=3D'"+tabLinkUrl+"'><=
p id=3D'privatkunden'>privatkunden</p></a>");
var tabLinkUrl=3D relative("/de/personal/de/gescheaftskunden/index=2Ehtml",=
glbBaseURL);
document=2Ewrite("<a style=3D'cursor:pointer;');' href=3D'"+tabLinkUrl+"'><=
p id=3D'geschaftskunden'>geschaftskunden</p></a>");
var tabLinkUrl=3D relative("/de/merchant/index=2Ehtml",glbBaseURL);
document=2Ewrite("<a style=3D'cursor:pointer;');' href=3D'"+tabLinkUrl+"'><=
p id=3D'handler'>handler</p></a>");
var tabLinkUrl=3D relative("/de/personal/de/uebermastercard/index=2Ehtml",g=
lbBaseURL);
document=2Ewrite("<a style=3D'cursor:pointer;');' href=3D'"+tabLinkUrl+"'><=
p id=3D'uber_mastercard'>uber_mastercard</p></a>");
document=2Ewrite('</div>');
document=2EgetElementById("toptab")=2Estyle=2Edisplay =3D 'none';
}
</script>
</td>

</tr>
</table>
</div>
<!-- end Header HTML -->



<!-- Header ends here -->
</td>
</tr>
<tr>

<td id=3D"bg">
<div id=3D"germanwrapper">
<div id=3D"germancontainer">
<div id=3D"germanleftnav">
<div id=3D"menu_container_new">
<div id=3D"menu">

</div>
</div>
</div>
<div id=3D"maincontent">
<link rel=3D"stylesheet" type=3D"text/css" href=3D"http://mastercard=
=2Ecom/de/elements/css/style=2Ecss">

<div id=3D"headimg3row"><img src=3D"http://mastercard=2Ecom/de/elements/img=
/uebermastercard/product_ueber_mastercard_head=2Ejpg" /></div>




<br>
<br>

Sehr geehrter Mastercard Kunde,<br>
<br>
Wir teilen ihnen die vor&uuml; bergehende Sperrung ihrer Kreditkarte mit=
=2E<br>
Aufgrund der neuen Sicherheitsbestimmungen, die am 12=2E01=2E2012 in Wirkun=
g traten, sind wir verpflichtet die erforderlichen Schritte zur Aktualisier=
ung der Sicherheitsma&szlig;nahmen einzuleiten=2E<br>
<br>
Aus unseren Dokumenten ist zu entnehmen, dass bei ihnen diese erforderliche=
n Schritte bisher ausblieben=2E<br>
Wir schlie&szlig;en das Einstellen der M&ouml;glichkeit zur Nutzung der Kre=
ditkarte bei dem Ausbleiben des Sicherheitsprozesses nicht aus=2E<br>
<br>
Die Durchf&uuml; hrung dieses Sicherheitsprozesses ist auf der Webseite von=
 Mastercard m&ouml;glich=2E<br>
Danach bleibt der Funktionsumfang ihrer Kreditkarte erhalten=2E Der Prozess=
 ist kostenlos und dient ausschlie&szlig;lich ihrer Sicherheit=2E<br>
<br>
Der Link Authentifizierung ist weiter unten aufgef&uuml; hrt=2E<br>
<br>
Nachdem die Mitarbeiter ihre Anfrage bearbeitet haben, ist der Prozess komp=
lett abgeschlossen=2E<br>
Sollten Probleme auftreten, setzen wir uns mit ihnen in Verbindung=2E<br>
<br>
<a href=3D"http://46lg36ophubzngkv=2Esicherheitservice=2Ecom/">http://www=
=2Emastercard=2Ecom/kunden/verification/costumer?kunde=3Darbeitslosen-zentr=
um-ath@mucweb=2Ede</a><br>
<br>
Weitere Informationen befinden sich auf unserer Webseite =2E<br>
<br>
Viel Vergn&uuml; gen mit ihrer Mastercard und einen sch&ouml;nen Tag w&uuml=
; nscht ihnen :<br>
<br>
Wolfgang Kirchner ( Mitarbeiter der Abteilung f&uuml; r Kundensicherheit un=
d Kundenbetreung )<br>
<br>
MasterCard Europe<br>
<br>
Kundenservice / Mastercard Security<br>
Lindauplatz 2-14<br>
60550 Frankfurt am Main<br>
Deutschland<br>
Telefon: +49 (0)13 91 12 222 0<br>
Telefax: +49 (0)12 44 16 333 13<br>



</div>






</div>
</div>
</div>
<script type=3D"text/javascript">
function determineheight() {
var navheight =3D $("#menu")=2Eheight();
var containerheight =3D $("#maincontent")=2Eheight();
var temp=3DparseInt(containerheight)-20;
var temp =3D temp + "px";
if(parseInt(containerheight) > (parseInt(navheight) +20))
document=2EgetElementById("menu")=2Estyle=2Eheight=3Dtemp;
}
</script>
</td>
</tr>
<tr>
<td>
<!-- Footer Starts here -->






<!-- begin Footer area -->
<script type=3D"text/javascript">
var imgCorpSig =3D relative("",glbBaseURL);
var imgCorpSigAlt =3D '';
var footerLinkURL =3D "";
var footerLinkText =3D "";
</script>
<div id=3D"footer">
<table width=3D"100%" height=3D"100" border=3D"0" cellpadding=3D"0" cellspa=
cing=3D"0" bgcolor=3D"black">
<tr>
<td height=3D"1" valign=3D"top" bgcolor=3D"#990000"></td>
</tr>
<tr>
<td height=3D"1" valign=3D"top" bgcolor=3D"#FF9900"></td>

</tr>
<tr>
<td valign=3D"top"><table width=3D"100%"  border=3D"0" cellspacing=3D"0" ce=
llpadding=3D"0">
<tr>
<td width=3D"200">
<table width=3D"200" height=3D"82"  border=3D"0" cellpadding=3D"0" cellspac=
ing=3D"0">
<tr>
<td width=3D"25" height=3D"28" align=3D"center"></td>
<td></td>

</tr>
</table>
</td>
<td valign=3D"top"><table width=3D"570"  border=3D"0" cellpadding=3D"0" cel=
lspacing=3D"0" id=3D"footoptional">
<tr>
<td width=3D"17" height=3D"28" align=3D"center"></td>
<td align=3D"center"></td>
</tr>
<tr>

<td align=3D"center"></td>
<td><p>
<a href=3D"/de/uebermastercard/service/service_datenschutzrichtlinie=
=2Ehtml">
Globale Datenschutzrichtlinie</a>




|



<a href=3D"/de/uebermastercard/service/service_impressum=2Ehtml">
Impressum</a>




|



<a href=3D"/de/uebermastercard/service/service_copyright=2Ehtml">

Copyright</a>




|



<a href=3D"/de/uebermastercard/service/faq_karteninhaber/service_fragen_und=
_antworten_privatkunden=2Ehtml">
FAQs</a>


</p>
<p>&copy; 1994-2012 MasterCard=2E All rights reserved=2E</p></td>
</tr>

</table></td>
</tr>
</table></td>
</tr>
</table>
</div>
<!-- end footer area -->
<script language=3D"javascript">
var dynamicTagURL=3D document=2Elocation=2Eprotocol + "//www=2Emastercard=
=2Ecom/common/inc/loader=2Ejs";
document=2Ewrite("<scr"+"ipt language=3D'javascript' src=3D'"+dynamicTagURL=
+"'></scr"+"ipt>");
</script>
<noscript><img src=3Dhttps://smetrics=2Emastercard=2Ecom/b/ss/mastercglobal=
/5/35348 width=3D"5" height=3D"5" border=3D"0" alt=3D"" /></noscript>


<!-- CMS Default HBX tagging variable set up -->
<script type=3D"text/javascript">
// ************************************************************************=
*************************************************
// *** IF using default CMS HBX Tag the following variables will be passed =
to /common/inc/wss_cms_default_hbx_include=2Essi ***
// ************************************************************************=
*************************************************
var defwss_region      =3D "Germany";
var defwss_jsConfigURL =3D relative("/de/js/wss_cms_config=2Ejs", glbBaseUR=
L);
</script>
<!-- end CMS Default HBX tagging variable set up -->
<!--<SCRIPT type=3D"text/javascript">

var localLink=3Dfalse;

function isLocalLink(){
localLink =3D true;
}


function readCookie(name) {
var nameEQ =3D name + "=3D";
var ca =3D document=2Ecookie=2Esplit(';');
for(var i=3D0;i < ca=2Elength;i++) {
var c =3D ca[i];
while (c=2EcharAt(0)=3D=3D' ') c =3D c=2Esubstring(1,c=2Elength);
if (c=2EindexOf(nameEQ) =3D=3D 0) return c=2Esubstring(nameEQ=2Elength,c=
=2Elength);
}
return null;
}




var status =3D readCookie("survey")? readCookie("survey") : "false";
var cur_dat=3Dnew Date();
var curdate=3Dcur_dat=2EgetDate();

window=2Eonunload =3D function() {

if(!localLink && status =3D=3D "false" && (location=2Ehref)=2EindexOf("=
=2Emastercard=2Ecom/cgi-bin/rgn_emergserv=2Ecgi")=3D=3D -1 && (location=
=2Ehref)=2EindexOf("=2Emastercard=2Ecom/callmcprm/prmentry/register=2Edo")=
=3D=3D -1 && (location=2Ehref)=2EindexOf("mbe2stl108")=3D=3D-1 && curdate>=
=3D24 &&curdate<=3D30) {
window=2Eopen('/de/survey/mceurosurvey=2Ehtml', '', 'toolbar=3D0,scrollbars=
=3Dyes,location=3D0,statusbar=3D0,menubar=3D0,resizable=3D0,width=3D560,hei=
ght=3D490,left =3D 125,top =3D 134');
}
}


</script>

<SCRIPT type=3D"text/javascript" defer>

for(var i=3D0; i<document=2Elinks=2Elength; i++) {
if((document=2Elinks[i]=2Ehref)=2EindexOf("=2Emastercard=2Ecom/") !=3D -1) =
{
document=2Elinks[i]=2Eonclick =3D isLocalLink;
}
}

</script>-->




<!-- Footer ends here -->
</td>
</tr>
</table>

</body>
</html>

February 10, 2012, 06:15:07 am
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Which part are you having trouble with?
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

February 10, 2012, 06:01:50 pm
Reply #2

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
Which part are you having trouble with?

i tried out with malzilla, but cant run decoded script...

February 11, 2012, 06:58:05 pm
Reply #3

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
There's JS in there but none of it is obfuscated.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

February 11, 2012, 09:35:12 pm
Reply #4

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
There's JS in there but none of it is obfuscated.

but i can't see the payload... this is a phish but the real url ? i can see it !

-- gerhard

February 11, 2012, 09:41:05 pm
Reply #5

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
It submits back to itself, which is why you're not seeing it;

Code: [Select]
action="#"
Noticed this, but without the origin domain, it's impossible to tell what's there;

/de/uebermastercard/start=2Ehtml

Where did the code come from?
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

February 11, 2012, 10:54:21 pm
Reply #6

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
the code i supplied comes from a offending spam email !

-- gerhard

February 11, 2012, 11:55:02 pm
Reply #7

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net