API tools faq
paste
Advertisement
DarthInvader

May 16 2018, Russian doll phishing link

DarthInvader
May 18th, 2018
881
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.13 KB | None | 0 0
raw download clone embed print report
  1. An interesting phishing email with a Russian doll base64 encoded link.
  2. Why Russian doll, because it's package encode inside of encode packages.
  3.  
  4. Original URL within phishing email (line wrapped at 80 for readability)
  5.  
  6. http://alpha33.webredirect.org/beklcctmltr7/?r=aHR0cDovL2FscGhhMzMud2VicmVkaXJlY
  7. 3Qub3JnLzMxeDB6ZWhuamI1YWJlMDdlZmYyZDZmLzVhZmMzMDI3MDM4MDMvU205bExsVnpaWEpBYkc5e
  8. lpYSXVZMjl0P2ZvcmNlZD0xJnRnPVYyVnpkQ0JGZFhKdmNHVT0mcz1aWGxLY0dScFNUWkpiVnBRVW5wT
  9. 01rNHlielZOYTBwRFdqRktibGw2YkZkUk1td3dZVVpGT1ZCVFNYTkpibHBvWWtoV2JFbHFiMmxoYTFKR
  10. VdrZG9hMVZ1UmtKWFIxWkZaV3hLVjFkSGNHeGFXRTUwV1RGb2EwOUdkM1pVU0doRllXeFJOV1JVVmpCb
  11. GJGSTFZV3BCTTFSRk9YZFdSbmQyWkZoYU5HUnVjRnBrUld0eVYxUkthazFITUROVGJWVXpUVmRXYTJNe
  12. FpGZFVTRkpQVWpCWk5Vc3lWbEpTVkZKb1RucEtTbVZFVm5oU01IQlZUVlJLTkdWRVFuRk5XR3R5WTFWa
  13. 2JWSnRVa3BqYW1oeVZXcFJlVlpIUmtoVmJrcFNWRzFXUjFkcVRsVmFSR1F6V1cxYU5GTnFaRFJWVkdON
  14. VpFWm9UMDlFU2pCTk1IQkVUVlp3UkU1RmVHbFNNMlIwVTBSS1YxWnFhRXhPV0U1VFRrZG9hMDFITkhkb
  15. GJGVTVTV2wzYVdKWFJtcEphbTlwVFcxV2FWcFhWWGRPUkZKc1RYcGplbGxYVFRCT2FtUnBUV3BhYWsxV
  16. VRURlpWR1JyV1cxTmQwOUViR2xQUkZFMVdsUlNhMDFVV1ROYVZFRTFXVlJWZUU1SFNURlpWRVYzVG5wU
  17. 2EwNHlUWGROUkdzeFRVTktPUT09
  18.  
  19. The section from above after ?r=
  20. aHR0cDovL2FscGhhMzMud2VicmVkaXJlY3Qub3JnLzMxeDB6ZWhuamI1YWJlMDdlZmYyZDZmLzVhZmMz
  21. MDI3MDM4MDMvU205bExsVnpaWEpBYkc5elpYSXVZMjl0P2ZvcmNlZD0xJnRnPVYyVnpkQ0JGZFhKdmNH
  22. VT0mcz1aWGxLY0dScFNUWkpiVnBRVW5wT01rNHlielZOYTBwRFdqRktibGw2YkZkUk1td3dZVVpGT1ZC
  23. VFNYTkpibHBvWWtoV2JFbHFiMmxoYTFKRVdrZG9hMVZ1UmtKWFIxWkZaV3hLVjFkSGNHeGFXRTUwV1RG
  24. b2EwOUdkM1pVU0doRllXeFJOV1JVVmpCbGJGSTFZV3BCTTFSRk9YZFdSbmQyWkZoYU5HUnVjRnBrUld0
  25. eVYxUkthazFITUROVGJWVXpUVmRXYTJNeFpGZFVTRkpQVWpCWk5Vc3lWbEpTVkZKb1RucEtTbVZFVm5o
  26. U01IQlZUVlJLTkdWRVFuRk5XR3R5WTFWa2JWSnRVa3BqYW1oeVZXcFJlVlpIUmtoVmJrcFNWRzFXUjFk
  27. cVRsVmFSR1F6V1cxYU5GTnFaRFJWVkdONVpFWm9UMDlFU2pCTk1IQkVUVlp3UkU1RmVHbFNNMlIwVTBS
  28. S1YxWnFhRXhPV0U1VFRrZG9hMDFITkhkbGJGVTVTV2wzYVdKWFJtcEphbTlwVFcxV2FWcFhWWGRPUkZK
  29. c1RYcGplbGxYVFRCT2FtUnBUV3BhYWsxVVRURlpWR1JyV1cxTmQwOUViR2xQUkZFMVdsUlNhMDFVV1RO
  30. YVZFRTFXVlJWZUU1SFNURlpWRVYzVG5wU2EwNHlUWGROUkdzeFRVTktPUT09
  31.  
  32. The section above ran through Base64 decode = the URL below
  33.  
  34. http://alpha33.webredirect.org/31x0zehnjb5abe07eff2d6f/5afc302703803/Sm9lLlVzZXJ
  35. AbG9zZXIuY29t?forced=1&tg=V2VzdCBFdXJvcGU=&s=ZXlKcGRpSTZJbVpQUnpOMk4ybzVNa0pDWjF
  36. Kbll6bFdRMmwwYUZFOVBTSXNJblpoYkhWbElqb2lha1JEWkdoa1VuRkJXR1ZFZWxKV1dHcGxaWE50WTF
  37. oa09Gd3ZUSGhFYWxRNWRUVjBlbFI1YWpBM1RFOXdWRnd2ZFhaNGRucFpkRWtyV1RKak1HMDNTbVUzTVd
  38. Wa2MxZFdUSFJPUjBZNUsyVlJSVFJoTnpKSmVEVnhSMHBVTVRKNGVEQnFNWGtyY1VkbVJtUkpjamhyVWp
  39. ReVZHRkhVbkpSVG1WR1dqTlVaRGQzWW1aNFNqZDRVVGN5ZEZoT09ESjBNMHBETVZwRE5FeGlSM2R0U0R
  40. KV1ZqaExOWE5TTkdoa01HNHdlbFU5SWl3aWJXRmpJam9pTW1WaVpXVXdORFJsTXpjellXTTBOamRpTWp
  41. aak1UTTFZVGRrWW1Nd09EbGlPRFE1WlRSa01UWTNaVEE1WVRVeE5HSTFZVEV3TnpSa04yTXdNRGsxTUN
  42. KOQ==
  43.  
  44. Sm9lLlVzZXJAbG9zZXIuY29t Base64 decode = [email protected]
  45. V2VzdCBFdXJvcGU Base64 decode = West Europe
  46.  
  47. The section above after &s=
  48. ZXlKcGRpSTZJbVpQUnpOMk4ybzVNa0pDWjFKbll6bFdRMmwwYUZFOVBTSXNJblpoYkhWbElqb2lha1JE
  49. Wkdoa1VuRkJXR1ZFZWxKV1dHcGxaWE50WTFoa09Gd3ZUSGhFYWxRNWRUVjBlbFI1YWpBM1RFOXdWRnd2
  50. ZFhaNGRucFpkRWtyV1RKak1HMDNTbVUzTVdWa2MxZFdUSFJPUjBZNUsyVlJSVFJoTnpKSmVEVnhSMHBV
  51. TVRKNGVEQnFNWGtyY1VkbVJtUkpjamhyVWpReVZHRkhVbkpSVG1WR1dqTlVaRGQzWW1aNFNqZDRVVGN5
  52. ZEZoT09ESjBNMHBETVZwRE5FeGlSM2R0U0RKV1ZqaExOWE5TTkdoa01HNHdlbFU5SWl3aWJXRmpJam9p
  53. TW1WaVpXVXdORFJsTXpjellXTTBOamRpTWpaak1UTTFZVGRrWW1Nd09EbGlPRFE1WlRSa01UWTNaVEE1
  54. WVRVeE5HSTFZVEV3TnpSa04yTXdNRGsxTUNKOQ==
  55.  
  56. Base64 decode = below
  57. eyJpdiI6ImZPRzN2N2o5MkJCZ1JnYzlWQ2l0aFE9PSIsInZhbHVlIjoiakRDZGhkUnFBWGVEelJWWGpl
  58. ZXNtY1hkOFwvTHhEalQ5dTV0elR5ajA3TE9wVFwvdXZ4dnpZdEkrWTJjMG03SmU3MWVkc1dWTHROR0Y5
  59. K2VRRTRhNzJJeDVxR0pUMTJ4eDBqMXkrcUdmRmRJcjhrUjQyVGFHUnJRTmVGWjNUZDd3YmZ4Sjd4UTcy
  60. dFhOODJ0M0pDMVpDNExiR3dtSDJWVjhLNXNSNGhkMG4welU9IiwibWFjIjoiMmViZWUwNDRlMzczYWM0
  61. NjdiMjZjMTM1YTdkYmMwODliODQ5ZTRkMTY3ZTA5YTUxNGI1YTEwNzRkN2MwMDk1MCJ9
  62.  
  63. Base64 decode = below
  64. {"iv":"fOG3v7j92BBgRgc9VCithQ==","value":"jDCdhdRqAXeDzRVXjeesmcXd8\/LxDjT9u5tzT
  65. yj07LOpT\/uvxvzYtI+Y2c0m7Je71edsWVLtNGF9+eQE4a72Ix5qGJT12xx0j1y+qGfFdIr8kR42TaGR
  66. rQNeFZ3Td7wbfxJ7xQ72tXN82t3JC1ZC4LbGwmH2VV8K5sR4hd0n0zU=","mac":"2ebee044e373ac4
  67. 67b26c135a7dbc089b849e4d167e09a514b5a1074d7c00950"}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!