• Guest, before posting your code please take these rules into consideration:
    • It is required to use our BBCode feature to display your code. While within the editor click < / > or >_ and place your code within the BB Code prompt. This helps others with finding a solution by making it easier to read and easier to copy.
    • Don't share a wall of code. All we want is the problem area, the code related to your issue.


    To learn more about how to use our BBCode feature, please click here.

    Thank you, Code Forum.

found a probable scam site, want to know how it works

ceacea123

New Coder
so I found this site, it spread through old people facebook, and got to my grandmother, all i know that it is very rushed and the code is messed up but i cant understand the javascript part of it, and i want to understand what it does (what information its steals or how it messes up a device), of course i didn't dig too deep because i dont want my info stolen, would love some help with this

here's the site: http://7618bb4d.nystreamsly.com.cn/jialef/?l=en#1641155569215

I don't recommend clicking on anything but i think just visiting the side isn't dangerous

it is in a different language but i don think this matters, but it basically says that its an aniversary for a supermarket chain and they are giving out gift cards and other prizes,
there's also some fake facebook messeges

thanks in advance
 

simong1993

King Coder
Staff Team
Guardian
So looking at that i dont see anything wrong, there is no redirects downloading etc although it is poorly built. The java is just fancy rubbish so god knows what there plan is there lol
 

ceacea123

New Coder
So looking at that i dont see anything wrong, there is no redirects downloading etc although it is poorly built. The java is just fancy rubbish so god knows what there plan is there lol
this is weird, why would anybody make this kind of website and not do anything with it? anyways, thanks for the help!
 

Ghost

King Coder
Carrefour is a real company. This site is most likely being sent to people in bulk, so the creator would send to thousands and thousands of people. Out of all those recipients, a good sized group of them will visit the site, and some may think it's the official Carrefour website.

Most likely what is happening is that they are actually going on to a different link first, perhaps to give login information. Then they would be redirected to this page. I am guessing this is something like "hey login to your account to answer our poll for a chance to win ____", which is how a hacker would get account information. The poll essentially is just a fluke, with this page making it *look like* they have logged in and are now taking a real poll, with the damage being done. I think this because the page you linked doesn't have anything to gather account info or hack a user, so it's much more likely to be the final page after a login if this is in fact a phishing page.
 

ceacea123

New Coder
Carrefour is a real company. This site is most likely being sent to people in bulk, so the creator would send to thousands and thousands of people. Out of all those recipients, a good sized group of them will visit the site, and some may think it's the official Carrefour website.

Most likely what is happening is that they are actually going on to a different link first, perhaps to give login information. Then they would be redirected to this page. I am guessing this is something like "hey login to your account to answer our poll for a chance to win ____", which is how a hacker would get account information. The poll essentially is just a fluke, with this page making it *look like* they have logged in and are now taking a real poll, with the damage being done. I think this because the page you linked doesn't have anything to gather account info or hack a user, so it's much more likely to be the final page after a login if this is in fact a phishing page.
that is a possibility, but this link I got(the original one in my post) is probably automatically sent to their facebook friends, because a lot of my grandmothers friends have sent this link without them knowing, so why would this site send the decoy sites link, and not the actual phishing site link?
 
Top