드디어 Apple을 사칭하는 스팸 메일을 받았습니다.

2020-04-03 : Apple ID Unlock

메일

Apple ID 로그인을 몇 번 하고 나서 받은 메일이라 속을 뻔 했습니다.
지난번에 왔던 Apple 사칭 메일과는 달리 메일 내용이 전체적으로 깔끔합니다.

ApGIQDDRZNQZpGIQDDRZNQZlGIQDDRZNQZeAq1PS3Bw IGIQDDRZNQZDAq1PS3Bw LGIQDDRZNQZoAq1PS3BwcGIQDDRZNQZkAq1PS3BweAq1PS3BwdAq1PS3Bw
YGIQDDRZNQZoAq1PS3BwuAq1PS3BwrAq1PS3Bw AAq1PS3BwpGIQDDRZNQZpGIQDDRZNQZIGIQDDRZNQZeAq1PS3Bw IGIQDDRZNQZDAq1PS3Bw hAq1PS3BwaAq1PS3BwsGIQDDRZNQZ bGIQDDRZNQZeAq1PS3BweAq1PS3BwnAq1PS3Bw LGIQDDRZNQZoAq1PS3BwcGIQDDRZNQZkAq1PS3BweAq1PS3BwdAq1PS3Bw

fGIQDDRZNQZoAq1PS3BwrAq1PS3Bw sGIQDDRZNQZeAq1PS3BwcGIQDDRZNQZuAq1PS3BwrAq1PS3BwiGIQDDRZNQZtGIQDDRZNQZyAq1PS3Bw rAq1PS3BweAq1PS3BwaAq1PS3BwsGIQDDRZNQZoAq1PS3BwnAq1PS3BwsGIQDDRZNQZ. 2020/04/03 , TAq1PS3BwoAq1PS3Bw uAq1PS3BwnAq1PS3BwlGIQDDRZNQZoAq1PS3BwcGIQDDRZNQZkAq1PS3Bw iGIQDDRZNQZtGIQDDRZNQZ, yAq1PS3BwoAq1PS3BwuAq1PS3Bw

mGIQDDRZNQZuAq1PS3BwsGIQDDRZNQZtGIQDDRZNQZ vGIQDDRZNQZeAq1PS3BwrAq1PS3BwiGIQDDRZNQZfGIQDDRZNQZyAq1PS3Bw yAq1PS3BwoAq1PS3BwuAq1PS3BwrAq1PS3Bw iGIQDDRZNQZdAq1PS3BweAq1PS3BwnAq1PS3BwtGIQDDRZNQZiGIQDDRZNQZtGIQDDRZNQZyAq1PS3Bw.

YGIQDDRZNQZoAq1PS3BwuAq1PS3Bw cGIQDDRZNQZaAq1PS3BwnAq1PS3BwnAq1PS3BwoAq1PS3BwtGIQDDRZNQZ aAq1PS3BwcGIQDDRZNQZcGIQDDRZNQZeAq1PS3BwsGIQDDRZNQZsGIQDDRZNQZ yAq1PS3BwoAq1PS3BwuAq1PS3BwrAq1PS3Bw aAq1PS3BwcGIQDDRZNQZcGIQDDRZNQZoAq1PS3BwuAq1PS3BwnAq1PS3BwtGIQDDRZNQZ aAq1PS3BwnAq1PS3BwdAq1PS3Bw aAq1PS3BwnAq1PS3BwyAq1PS3Bw AAq1PS3BwpGIQDDRZNQZpGIQDDRZNQZIGIQDDRZNQZeAq1PS3Bw SGIQDDRZNQZeAq1PS3BwrAq1PS3BwvGIQDDRZNQZiGIQDDRZNQZcGIQDDRZNQZeAq1PS3BwsGIQDDRZNQZ, BGIQDDRZNQZeAq1PS3BwfGIQDDRZNQZoAq1PS3BwrAq1PS3BweAq1PS3Bw

cGIQDDRZNQZoAq1PS3BwmGIQDDRZNQZpGIQDDRZNQZlGIQDDRZNQZeAq1PS3BwtGIQDDRZNQZiGIQDDRZNQZnAq1PS3BwgGIQDDRZNQZ vGIQDDRZNQZeAq1PS3BwrAq1PS3BwiGIQDDRZNQZfGIQDDRZNQZiGIQDDRZNQZcGIQDDRZNQZaAq1PS3BwtGIQDDRZNQZiGIQDDRZNQZoAq1PS3BwnAq1PS3Bw, aAq1PS3BwnAq1PS3BwdAq1PS3Bw yAq1PS3BwoAq1PS3BwuAq1PS3Bw hAq1PS3BwaAq1PS3BwvGIQDDRZNQZeAq1PS3Bw tGIQDDRZNQZoAq1PS3Bw cGIQDDRZNQZoAq1PS3BwmGIQDDRZNQZpGIQDDRZNQZlGIQDDRZNQZeAq1PS3BwtGIQDDRZNQZiGIQDDRZNQZnAq1PS3BwgGIQDDRZNQZ vGIQDDRZNQZeAq1PS3BwrAq1PS3BwiGIQDDRZNQZfGIQDDRZNQZiGIQDDRZNQZcGIQDDRZNQZaAq1PS3BwtGIQDDRZNQZiGIQDDRZNQZoAq1PS3BwnAq1PS3Bw

bGIQDDRZNQZeAq1PS3BwfGIQDDRZNQZoAq1PS3BwrAq1PS3BweAq1PS3Bw 12 hAq1PS3BwoAq1PS3BwuAq1PS3BwrAq1PS3BwsGIQDDRZNQZ oAq1PS3BwrAq1PS3Bw yAq1PS3BwoAq1PS3BwuAq1PS3BwrAq1PS3Bw aAq1PS3BwcGIQDDRZNQZcGIQDDRZNQZoAq1PS3BwuAq1PS3BwnAq1PS3BwtGIQDDRZNQZ wGIQDDRZNQZiGIQDDRZNQZlGIQDDRZNQZlGIQDDRZNQZ bGIQDDRZNQZeAq1PS3Bw pGIQDDRZNQZeAq1PS3BwrAq1PS3BwmGIQDDRZNQZaAq1PS3BwnAq1PS3BweAq1PS3BwnAq1PS3BwtGIQDDRZNQZlGIQDDRZNQZyAq1PS3Bw LGIQDDRZNQZoAq1PS3BwcGIQDDRZNQZkAq1PS3BweAq1PS3BwdAq1PS3Bw.

신기했던건, 메일의 내용을 복사해보니 글자들 사이사이에 안 보이는 문자열이 삽입되어 있었습니다.

메일

메일의 내용은 html 태그들이었고 table 안에 글자들이 배치되어 있었습니다.
그 사이사이에 크기가 0px인 문자열을 삽입했습니다.
삽입된 문자열은 GIQDDRZNQZ, Aq1PS3Bw 두 종류입니다.
이를 제거하면 눈에 보이는 메일의 내용은 아래와 같습니다.

Apple ID Locked

Your AppIe ID has been Locked
for security reasons. 2020/04/03 , To unlock it, you
must verify your identity.

You cannot access your account and any AppIe Services, Before
completing verification, and you have to completing verification
before 12 hours or your account will be permanently Locked.

Unlock Account

Apple ID | Support | Privacy Policy

Copyright 2020 Apple Park California

메일 하단의 Unlock Account 버튼에는 링크가 걸려있습니다.
https://vk.com/away.php?to=(피싱 사이트 url)

vk.com 은 평범한 커뮤니티 사이트 처럼 보였습니다.

vk

어플도 있었구요.
https://apps.apple.com/app/id564177498

vk

앱 소개에 쓰여진 주소와도 일치했습니다.

vk.com의 away.php를 통해 다른 주소로 리다이렉션 됩니다.
어떤 감시(url이 인식 되는 것)를 피하기 위한 리다이렉션 수단으로 쓰였을 수 있습니다.

phising

접속하면 Apple ID로 로그인 하도록 유도합니다.

phising

아무거나 입력해도 로그인이 되고, 계정을 확인해야 한다는 메시지가 뜹니다.

phising

확인 방법은 개인 정보를 입력하는 것 입니다. 입력을 요구하는 정보로는 다음과 같은 것들이 있습니다.

  • 이름
  • 생년월일
  • 전화번호
  • 주소 (도로명, 시/군/구, 시/도, 우편번호)
  • 카드 정보 (소지자 이름, 카드 번호, 만료일, CVV)
  • 보안 질문 (어머니의 처녀 이름(?), 운전면허증 번호, 여권 번호)

phising

다 입력하고 확인 버튼을 누르면 이런 화면이 뜨고 진짜 Apple 홈페이지로 리다이렉션 됩니다.

각각의 페이지는 html 코드가 AES 암호화 되어 있습니다.

<html><head><script src='assets/js/enc.js'></script><script>
var hea2p = 
('0123456789ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvxyz'); 
var hea2t = 'qAAsWy8ah16oHzrl9dO...Iakxjrtggg=';
var output = Aes.Ctr.decrypt(hea2t, hea2p, 256);
document.write(output)</script></head></html>

이 또한 검색되는 것을 피하기 위한 것으로 보입니다.

알아낸 페이지 방문 순서는 아래와 같습니다.

  1. Login.php : id 입력이 가능한 첫 화면 (코드 암호화 적용)
  2. assets/signin.php : id 입력 후 pw 입력이 가능한 화면
  3. assets/locked.php : 계정 확인이 필요하다고 뜨는 화면
  4. assets/includes/ProcessLogin.php : 계정 정보를 form의 hidden input으로 저장한 후 리다이렉션
  5. Verify.php : 개인정보 입력 화면 (코드 암호화 적용), 화면이 작으면 Step1.php, Step2.php, Step3.php로 나눠서 개인정보 입력 받음 (모두 코드 암호화 적용)
  6. Finish.php : Apple 홈페이지로 리다이렉션 (코드 암호화 적용), 사용자의 ip와 user-agent 정보도 수집함

html 코드 암호화에 사용된 enc.js와 decrypt 과정의 전체 코드입니다.

var hea2p = 
('0123456789ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvxyz'); 
var hea2t = 
'2QHfauMhh167f2xV2jLezxLEqhz/2XZDN1+7q9GkURmFSsJDlcoXmO5OVDF96zcLDhQdfA988naEelBwaeTISEOWSddahlxKsU+IsG0Ve3xGDCg7v1712EL72F63gv7+DNYVhOEfNRmccS1SbVPCxvsjMrqOS9ndCQTvAZwtyUN4MbZxmZcVWBvajrd2hFkXTh5Mz0BU/InCHuBKJIHoseTjzIW4CZUfjI5hyLY7Cgw5G+M/N6c0nQfsyah2xlMglXBpqvHJjY0GEQB0tqCXQsxItqOZBX1tT8lL69nXLV076nVkWA4uZP1IS0Vf/i8FqR7dYhKp5F7QT4clbTufSyqB+nssipHlmWLxKRAjUyhZ/DDrl+QVlMwRJiVJrTzGbPVYD2ZsmtHi0rqjJTWzDIwz4CqCG2oUMbdPU96W6tP5eXBsoszQ+WjxNd6wT+Hu96Y+DMRXM/ma3FmqqUkk3hp84kbPppGLUVvLXH54GcXc19pxyCdCr8pW4apdTWxdCOlQkRCbcW1VQ7TREH8Fh3qcanTdr/0GhPecCiEpeJMc4gvlEWrys7nR1EtLex3/ok73hwvpGnsNpjb3YgMVHnZhI+YGTqnCujH3k2+KM+aVOXRyvVh5E7tnjvtp5lbO0iJZpyyTVwd83fJ7x5jUIEdswTPFNNXqH+I+f579S8SlSlm3gMEwJzL8vh+g+gBEHDm7IxS4F3r+Z3EtFykp3rcgAOnFRtLU4EII5j6kCXzfOWeQDoLj/+uuuvGezeoHzkUOxdDgDj8GK6ItstyrirQunGLnE1SN+wRtJyCBOq6XVCZxER3c1hSw/I6iOOAYVReYlsjt5m2u/2vg/Kx2tPdvV8JAaaxwYkWggZbUmiAACPyEeAZ5fWyBHJN4CzRM32ZsbP15d0hU234HUz2vQqG4n6QnFMnaN26Bc1ENO8GjuDnfxbPiZ0wy4yznf4M3vqeuGlqzY9A8VkZfIBA6HKLWxn9diws9joL9ZzpF2UMb9MdbYVcsdutWrleVHS43zSB1ZjuZRj1qqhDC1qKi43oIKevAOf9QoHAS6nRfZP6wNKpEUISHDa7NL6znVtMBq3RkpfLTv48G23GO9IZ7jydjS0MFkK8Qk5NrBTdTm1EthzaSPsx/QGd9ZdF3sI+yGl/F6WPeC1DQiJAbbrVzdhu0XdJb28Bb9OyUCv6fyTADRmhMdArRniymGkU+DvLj8fnhWWzoQVPQqyrcGVizHsAz9LbCZd5bemWGvKE0ef0+ocFxZKiaWW+JUINUu7ltgnT2mhkyYGmZA91uKjHYGKz6KkM1i46ueIzkc07KrZnO5a6ilGKvl3kIn4SwKXRZf8nNqVlc1wn8GzKTlUfro+9U70YD+VTGC5dPuWCIubVRkwueeJQb09O2A5vZzIu/U4YFykF0A9lYnA3DPz0Q8xc3WnbXvJFVxxhv4geDyrtA0EjHjoHBox5Jx3ZUhUCgLKfnS4t/No/EwpjFDF9I3KGspUCPQ8Lz8lttAYQ7ZaabE40hmBliMPsjlq//YaTgpTpOGFhU1iD3oS6Nla0orCTurReiNtai8TIZdsc1nUrFaq4cnrGpJyiasj071z6LzNnDLJErLpcC/OooIqJeJMKkpbaML7YSy3ilSoV2vwdIyZchFaiXSm02E7938wseMjM+KqlxsbALOHFLBQFyeE6D01dXK17Zj8qiSz5Tpvv+fNd6YCgKq9MjyjGPFrmzlnynp9TmdCoqLPf+AFTn7JDeDM0wZBVGr5CK3HDNryQrfJf8W9amlrpdJGuG7rDG6GsqvEQOanBa9GGNvpr0jIffytmYChJ4IIeJRo5kFRJngVDl5om/Vr7mY+KGbakKQC+WSSSdD+0lEVk+Z+r7k75ZFCVkHW17F+Lo1Qu38ULIIthzaA415UDHvCxZhmoDr2b+9sgsUqmTZT3V4sAXF72CiHP8tXSFMoC8SUn2uYAi+3FzDLa0u8m3fcg+KfLHBxgyLGBceZpTcPHMQmBYAWSeSYeF14yOy6fk0seWDWcgLs/xIwpHr0KiWIg3VFNlBBC+nGNie5aCO3UgpNpaq+mfxmkBwehTZlfX69O8zNJLIIxBDMQecyN50hWkHcajPM062ysBhZiJVVtYrEfi4/IPDL2334z1gfNTuHZ+kFEh+XxpTt3PDjbOnIJ2uvnfP9vC09GfKrO28VSG2JPekD8efqtJctOaoQ+P/nuSZjKyO455+93v+cR9HOYFO6w00C4605ag5AcAKihWXMo+ywOf+Pz/ycy+qtN/7eSmKpW8e878CFwEJ2w/gEt7Dz77V/TCSKc03rofFATL2P+4B6Q0yRmFAaJORlY5mZyvD/d63V3HgDVb9XXhs2inMBIfmPHXMgMAoNpi3JBhtKpbxo3kqnSO6/uDcUpBmOjXUKAlcJSvI7D8zWEQgG5IszlgvKWDrKTH0jBPrx/jStNSaLFnk91w+NvlOYyaKs8EqelRHFtahDXBSZ0fKfm734eF9nzGXJycY7IOGesUMNlBJwU47j04YMPjxHSwNvq7pmztH23E9SOmTYyOc32tvmNX4niLiVFDevYGoofxWGg/tKONgnGjZ+IiMqimhty59NS5Dt6Tyah93gCGUBw+w7yTvV9Lv5RjJ1LiX5+nIzFbLELM3RcK9jsRrkkzJP1jP/L0DPEhRCvnoRo9DcQBT0RvKkv21Vp0iTL7DLYrLEYb73/i0I7j3i9IdKjtHvGeqbzmbQq6aXE3TAYXdAr8O0LfbjiaoJmZsxNU105Y+Me/YAwyhITx0a10t1wXHZWwJq3JW+1vjSLze5qvZ9wTlABUzrorpZZ+unImVZKHAZsWUNd9L9nenp0odqXN1TztmKCczj2q4o8fWgFMJ6LxniOEq6xNA25Y/cVW/Mq2y0p5Kjy7Svmt4Hnfy0xwfiH3NUymKtJ/uk7qgWaKe27jss7JH3lfolfgXGCo6Ezo71wIp769JhcAPqkNw4JrD5/XTFO7EzUXhD3bpaBFFKSSJcDA1+Mclion05UJ7NCotTCNh80McY9yPZhVFPQEVPlIl5wsstLpYZFFveOfKzPuOiWoEnnFeUSjwDKofVnRY6R9fI2CnByuRm+IWSHCUXFOkN9xB2VInBhUNQLDTkSDd5IQC+1Y8yxbGqBOfWi3Go+SIUcF5frQN9CXA5qoEKa/69VHx58eC+B3kMEMWdbhvyl/yQQswDfadMRqMXAY+9YY+8mItgfncDOVko/soPHhN1M4W9QaN+PNRWmRFkJ9jWtywqT6/uakXJCEYA6JR8Rwk4sFeaFZ51XMZSHxVTkrfEDZTiu9A2crpTVrtIJ4O5lmhDItJ9gH0F/ouWckuI45LHeKWX0HapMNgr8VSJfa+cIJC2B457HijhXsZX3IHRUFFnDhfXjYhRv0VWfNa3E3/MCTB3CPWufU2LshASAuCTF1V5z9RIsJ0BqAj9Pop1MiF8X/J71lSD4C6iQuQ44G2TZS+YVyyIA/ZWcpMiAKM/fpNqblk4UkOD/BUWAZF8DCKXDuCQFio+5adishourAumrQ2pBuyayNa65HvlwH+XNL9kVQHuuzR0OpkGqype+I4LGhRQq5yMsUW2dNEUMZw42P7yT0ZuIPY8z+E/4+7GsjGlQqNhEzRnmmBPof6RC8KAcFBnBHSsag9DFs6QbcYF1+H683l/SVDCP3jqjQcM3cauhQQPsdPy8aZev8DNA4h3GTcUFGIxxxji5ijhRJ3/iqTnPWaW7ywecDKr47Hgt7RR/JYHIiVPrFl7ErsabJgNM2lbBQzNkKmgqUTJ32Zfw7mAfH9YV48NdDHWn8+an6SUiHMFtPmq9H2+EzZ2a+hPM6GCwQjPeRcOtc9WSTqfzhk6hO4SUiba/+rpYL57c+3y10n+X/SFF6onU7bbZ0OZPLlzIQxme0QSPX5zdtTg2FfHyYwoqikSvJVaOiqgLK/sluzPi4HLoClDeWYbKMOIc/H56gC0Yj0Ql8Xr8ztam0OOZVe+PbKIW7gf0a9Krprbvvtf3WJjFW56EffwCgdY8yQqQxLJHI0jidRPXMKZIb1hekFPMll6auflXNRsm6+ZitbwnQ8NSaRqtkmM/EByFk1P1yOhCVSATxPnF7q3rdj4RGQxJBb9nQDYWzhr++o58Zz5quiwsGT+TJGWnFtO0jFktrG27hv/qhPwRB7yWHBqzF2IRJ2BaLW6rQQ1yY2r3sX4Z/eB31uiifq5LqbgyVT9zu+juToiR9rX0oqlVL0G2R886NLsaUUcucsgMKdGrXari7SXFrG8SM2AxjL2iZFXmGc6Un497EZ0M+tLs5sqdCc0rP0VHcqrmvIkPBRzSDL0mLBSrZpTcIvpM0R4ib7Ck1/ia3w/dukmqKvstC60mNqjDBEp47mTpSFZUQgQCx329Z3X1qhL7vn+IIzbb++p8/j9CMknk6K+I9w3kzfHqmpCAFJc2ZaQLfAOAjrlkdyLid9LYMYAvze0UGJWu/Tm8fmy/4S65mhvpXDfKeGUHPD7y8HAAMR6imafXb+8G71M9UVPQlU4KOyqYHYJOCxlvDz/5zvXXmZx/1wpFwLr1LWqys3gtDnBO5XiJztHe512ZTes2hSnFE8qkrVVYyG6mK1Ch8JjrWI+M/ga21/X8Sz6B4hbhvWLi4OcZpRlbo76TZsepIMlBMc4qpGlkKNNtqzReyTxTTORUbySh3728HQvyBZBnl/+yF0hXWkO85+WfdYAQB5CY1+vLTedT/c7GVmiEJEE5Gbu4tCz0m/eKBAIuB70ueXbDptVh1A1CIfCTzwFjuHh/mO9RWIqQc1TKQnNDUHWipskmCpESdbRg/IxJGRbdcbrHOocGdsf0GWz7OhLDErgjV7l/ZAZ91HSem78YUUlTpGXJWynX89CEedG5Je2LA0nroJmmHat9UhApjJN1ZMZv5bo0PvH29ZT+47GzwckO4Bg/AtmhzArL+fkggRloDnykD69EIBAoHKi94Uqjag512yTnJQ04jRDRMX6eih5PYzVSLzSbUys8MEXJ+QOu4bG6y+3p5ZTQqlcxadFUSUAZVDMw74EbBZIFNRWpfDpzGZaFqsydqjwiyLVBE2nnm7bskcGOJF0WkOsZuPiROw1pRgYNn6IbsoM2cT2+5qwJL8vps9fBG0PBtW/ldNrW4bUU8w9Jh8UqJz3AvmKqJtRWTjY+32oeCxeYC/z3rSdWa2uR0PVcH14YdAZ4sP9gNJYlEAynXnZS84kuqsO9edVwUzS7EX8+jMdy9cS7JBjWeHh25rviXBLymxg5WRGSgle4laiT0p5ZDzxmAn8mcMUdwKfn/6XWpR6WnBga6H3WKgaTt2UptljrH/b8PYdDTj162NyPIl1fQ5wHOwPrdiDpwwTvkNo7YrwjHxjdt0iLe4uTUbCgJ/NExdEKJbDcPVJdjWxpCUGo6AoPZ3T702oq3xhWm7FMS3putS3AYifQi6WGGc2C8U/lOeQ66kHbs8AT2ncEIPQhSFpewgeqyOfY4WXb5PlxzFw4pv0rKJ8CwdMNSrtShTurPW3gpe/jaoJHPilCqxz1UIR+KWXyCK2wWvbXVgLojjzSaNxgVYSeClcIAQEmMhDpe9f175+vtxgrOKzZcOfcqmbTYjmXeUOu8rNALflHj369/axtALcO+ZxvplesA3BWAvYCoMfoKzhAYaebymJBbAdO4lol0fwhNpkV5zLyq0TIGL6LakhJ7WliNmyaqa2KO9wAGhORAfZF4X9MRM2MNR9UQIZy7smCiykyKDyX9nkzDe/Zs7bS2v/GGrqBXquCkL3YGxq92odRCETMYOnBgd4wWYNui4g8Cu87EW8qjxEs+RJdwBLpjMEtTjjFoJZv1BKg++9MpgtOiCVDjj2V9N11Pru9EKN7ddgVrfWjjU0zOQdIrNn/DwKw3WqjMm4/uSzWEK3/q+M6FlCFuJcqfY9PgaW9zbaKgKoUumPiid7ymmPf4crdUoB1CgKmR1/LnonbVCs+gyIHjuLYXRLFZkoFNOK44cH0Tzy0KxXT194CELDqZ8Acdmu8nhhSPRRq/NbZdT1ln/rCc6GHT3HaZA7+nDD9HFCht6m08sGvge+wSe9s+cCMRetA/NiAHqJekTEFcOhGc4hOrH0u7Wm4qnGGRfewz0U9mAnb1k7SuGUK7uMp+PcMYZO3npkgnjY4ry4EKCObfcKEK1Ecp6pjnGppLs5eft1nyuqsuPbhGJ9pUCA1gxnXihN6oQXeVYevkWdy96VOnlLO/wt20F6CB1JPc8eDeecDA+4TDUB8larjDJuqD38YZwzoWIghlWu18nHxjOnRDVC6zv1o+n4qbU46G7obTpwnOjnJx6WMGjw9vHTL4CmKKnOnRqvJygZF/LNT5GgS8htJTPJeuhkZctqTq6il9SVTRF2H8dWrH7f/p0srpwNlDX9eUJHS/PIMTgUO+vo0jru14JKFoWElUSRgimR2wXa2W8kfpO68d+kswElmFMckxORZj8M6IG1TmJO1XQgq+19iEi5ThFg1dYaGIZY31GySxZvmggLDmJu5sBmnoxHe+zX6j12wvzdch57SnQjmMFoRw+XEt/BFi6Co6KWbFjm3ZuTmPHhEdHD3ejGyKwAE4CyWl4cb3lMn3Q/xClueuUgtKilxts9hKYQ6z/uBJBewndTha+5XJ06LnUfFmEjju6KGHs0gKJQcyb+x2kyTMjLpwDuYzUNgh/bO5go780rDBeu5VHc0lSsN4348xXuQxXAwjov1t3s718j+8YdF4O7LIBvJD60TN92FdeHvEvSe6ce8byG8Czxl/RoYY81gKOXfsTZkpoudKATIQRdTsrTW4EN0ix+Zd6PZpfVjY6k6lNHI5ppeX+XGcUTylO7XYz1gKwXXqOr3nfgWpN47DxHRpfjucHqKR6ZqOltMEwQc9Ntvhr/3ZtNDJI0xlI0fu7u9IhjvN1PRF3p1GhvolOO6K2kwnVjN8rPTHXdx2aWO5VYgSEi1xG7kGrSTjkgvfmR9u0iFWeP3HWz80SFU293+vsSP62O3a743qPf5afHmp775xu7veV/ZDaKIeg4Ycku9p9v6Ll2CoTT9/2ILaoD/WcM28w+0Wz1ysZ1HYCkWIIKuB3b1cOt4T4ki2cPaOwifbVg+ExmueOsKkRUuGoYv9v1ldo7u8c4VWYX6hH66poGnmsWp2xvXhwR/rLHbiMymt/A9VGyikrNGQZXQGBaNZ1ofP9LXa2k47PhQSv6aol8RjGPun+YaPKnBEI3Hxo24i+AELgbGe2Cn0w7xPOazUjiZR+Hr6m1Q/MNcvxTqecjsNZuRlnfy9ysPNplaaytL1kDZMcKgGlsmSvWq/Ch0b1B9Yd+RYaOws4k5yT4TFk/0smo7lR2DrTb9qag+1WGqORi/rS1etpZiBVnw=';
var output = Aes.Ctr.decrypt(hea2t, hea2p, 256);

var Aes={};Aes.cipher=function(input,w){var Nb=4;var Nr=w.length/Nb-1;var state=[[],[],[],[]];for(var i=0;i<4*Nb;i++)state[i%4][Math.floor(i/4)]=input[i];state=Aes.addRoundKey(state,w,0,Nb);for(var round=1;round<Nr;round++){state=Aes.subBytes(state,Nb);state=Aes.shiftRows(state,Nb);state=Aes.mixColumns(state,Nb);state=Aes.addRoundKey(state,w,round,Nb);}
state=Aes.subBytes(state,Nb);state=Aes.shiftRows(state,Nb);state=Aes.addRoundKey(state,w,Nr,Nb);var output=new Array(4*Nb);for(var i=0;i<4*Nb;i++)output[i]=state[i%4][Math.floor(i/4)];return output;}
Aes.keyExpansion=function(key){var Nb=4;var Nk=key.length/4
var Nr=Nk+6;var w=new Array(Nb*(Nr+1));var temp=new Array(4);for(var i=0;i<Nk;i++){var r=[key[4*i],key[4*i+1],key[4*i+2],key[4*i+3]];w[i]=r;}
for(var i=Nk;i<(Nb*(Nr+1));i++){w[i]=new Array(4);for(var t=0;t<4;t++)temp[t]=w[i-1][t];if(i%Nk==0){temp=Aes.subWord(Aes.rotWord(temp));for(var t=0;t<4;t++)temp[t]^=Aes.rCon[i/Nk][t];}else if(Nk>6&&i%Nk==4){temp=Aes.subWord(temp);}
for(var t=0;t<4;t++)w[i][t]=w[i-Nk][t]^temp[t];}
return w;}
Aes.subBytes=function(s,Nb){for(var r=0;r<4;r++){for(var c=0;c<Nb;c++)s[r][c]=Aes.sBox[s[r][c]];}
return s;}
Aes.shiftRows=function(s,Nb){var t=new Array(4);for(var r=1;r<4;r++){for(var c=0;c<4;c++)t[c]=s[r][(c+r)%Nb];for(var c=0;c<4;c++)s[r][c]=t[c];}
return s;}
Aes.mixColumns=function(s,Nb){for(var c=0;c<4;c++){var a=new Array(4);var b=new Array(4);for(var i=0;i<4;i++){a[i]=s[i][c];b[i]=s[i][c]&0x80?s[i][c]<<1^0x011b:s[i][c]<<1;}
s[0][c]=b[0]^a[1]^b[1]^a[2]^a[3];s[1][c]=a[0]^b[1]^a[2]^b[2]^a[3];s[2][c]=a[0]^a[1]^b[2]^a[3]^b[3];s[3][c]=a[0]^b[0]^a[1]^a[2]^b[3];}
return s;}
Aes.addRoundKey=function(state,w,rnd,Nb){for(var r=0;r<4;r++){for(var c=0;c<Nb;c++)state[r][c]^=w[rnd*4+c][r];}
return state;}
Aes.subWord=function(w){for(var i=0;i<4;i++)w[i]=Aes.sBox[w[i]];return w;}
Aes.rotWord=function(w){var tmp=w[0];for(var i=0;i<3;i++)w[i]=w[i+1];w[3]=tmp;return w;}
Aes.sBox=[0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0,0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15,0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75,0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84,0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf,0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8,0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2,0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73,0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb,0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79,0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08,0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a,0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e,0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf,0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16];Aes.rCon=[[0x00,0x00,0x00,0x00],[0x01,0x00,0x00,0x00],[0x02,0x00,0x00,0x00],[0x04,0x00,0x00,0x00],[0x08,0x00,0x00,0x00],[0x10,0x00,0x00,0x00],[0x20,0x00,0x00,0x00],[0x40,0x00,0x00,0x00],[0x80,0x00,0x00,0x00],[0x1b,0x00,0x00,0x00],[0x36,0x00,0x00,0x00]];Aes.Ctr={};Aes.Ctr.encrypt=function(plaintext,password,nBits){var blockSize=16;if(!(nBits==128||nBits==192||nBits==256))return'';plaintext=Utf8.encode(plaintext);password=Utf8.encode(password);var nBytes=nBits/8;var pwBytes=new Array(nBytes);for(var i=0;i<nBytes;i++){pwBytes[i]=isNaN(password.charCodeAt(i))?0:password.charCodeAt(i);}
var key=Aes.cipher(pwBytes,Aes.keyExpansion(pwBytes));key=key.concat(key.slice(0,nBytes-16));var counterBlock=new Array(blockSize);var nonce=(new Date()).getTime();var nonceMs=nonce%1000;var nonceSec=Math.floor(nonce/1000);var nonceRnd=Math.floor(Math.random()*0xffff);for(var i=0;i<2;i++)counterBlock[i]=(nonceMs>>>i*8)&0xff;for(var i=0;i<2;i++)counterBlock[i+2]=(nonceRnd>>>i*8)&0xff;for(var i=0;i<4;i++)counterBlock[i+4]=(nonceSec>>>i*8)&0xff;var ctrTxt='';for(var i=0;i<8;i++)ctrTxt+=String.fromCharCode(counterBlock[i]);var keySchedule=Aes.keyExpansion(key);var blockCount=Math.ceil(plaintext.length/blockSize);var ciphertxt=new Array(blockCount);for(var b=0;b<blockCount;b++){for(var c=0;c<4;c++)counterBlock[15-c]=(b>>>c*8)&0xff;for(var c=0;c<4;c++)counterBlock[15-c-4]=(b/0x100000000>>>c*8)
var cipherCntr=Aes.cipher(counterBlock,keySchedule);var blockLength=b<blockCount-1?blockSize:(plaintext.length-1)%blockSize+1;var cipherChar=new Array(blockLength);for(var i=0;i<blockLength;i++){cipherChar[i]=cipherCntr[i]^plaintext.charCodeAt(b*blockSize+i);cipherChar[i]=String.fromCharCode(cipherChar[i]);}
ciphertxt[b]=cipherChar.join('');}
var ciphertext=ctrTxt+ciphertxt.join('');ciphertext=Base64.encode(ciphertext);return ciphertext;}
Aes.Ctr.decrypt=function(ciphertext,password,nBits){var blockSize=16;if(!(nBits==128||nBits==192||nBits==256))return'';ciphertext=Base64.decode(ciphertext);password=Utf8.encode(password);var nBytes=nBits/8;var pwBytes=new Array(nBytes);for(var i=0;i<nBytes;i++){pwBytes[i]=isNaN(password.charCodeAt(i))?0:password.charCodeAt(i);}
var key=Aes.cipher(pwBytes,Aes.keyExpansion(pwBytes));key=key.concat(key.slice(0,nBytes-16));var counterBlock=new Array(8);ctrTxt=ciphertext.slice(0,8);for(var i=0;i<8;i++)counterBlock[i]=ctrTxt.charCodeAt(i);var keySchedule=Aes.keyExpansion(key);var nBlocks=Math.ceil((ciphertext.length-8)/ blockSize);var ct=new Array(nBlocks);for(var b=0;b<nBlocks;b++)ct[b]=ciphertext.slice(8+b*blockSize,8+b*blockSize+blockSize);ciphertext=ct;var plaintxt=new Array(ciphertext.length);for(var b=0;b<nBlocks;b++){for(var c=0;c<4;c++)counterBlock[15-c]=((b)>>>c*8)&0xff;for(var c=0;c<4;c++)counterBlock[15-c-4]=(((b+1)/0x100000000-1)>>>c*8)&0xff;var cipherCntr=Aes.cipher(counterBlock,keySchedule);var plaintxtByte=new Array(ciphertext[b].length);for(var i=0;i<ciphertext[b].length;i++){plaintxtByte[i]=cipherCntr[i]^ciphertext[b].charCodeAt(i);plaintxtByte[i]=String.fromCharCode(plaintxtByte[i]);}
plaintxt[b]=plaintxtByte.join('');}
var plaintext=plaintxt.join('');plaintext=Utf8.decode(plaintext);return plaintext;}
var Base64={};Base64.code="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";Base64.encode=function(str,utf8encode){utf8encode=(typeof utf8encode=='undefined')?false:utf8encode;var o1,o2,o3,bits,h1,h2,h3,h4,e=[],pad='',c,plain,coded;var b64=Base64.code;plain=utf8encode?str.encodeUTF8():str;c=plain.length%3;if(c>0){while(c++<3){pad+='=';plain+='\0';}}
for(c=0;c<plain.length;c+=3){o1=plain.charCodeAt(c);o2=plain.charCodeAt(c+1);o3=plain.charCodeAt(c+2);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;e[c/3]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}
coded=e.join('');coded=coded.slice(0,coded.length-pad.length)+pad;return coded;}
Base64.decode=function(str,utf8decode){utf8decode=(typeof utf8decode=='undefined')?false:utf8decode;var o1,o2,o3,h1,h2,h3,h4,bits,d=[],plain,coded;var b64=Base64.code;coded=utf8decode?str.decodeUTF8():str;for(var c=0;c<coded.length;c+=4){h1=b64.indexOf(coded.charAt(c));h2=b64.indexOf(coded.charAt(c+1));h3=b64.indexOf(coded.charAt(c+2));h4=b64.indexOf(coded.charAt(c+3));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>>16&0xff;o2=bits>>>8&0xff;o3=bits&0xff;d[c/4]=String.fromCharCode(o1,o2,o3);if(h4==0x40)d[c/4]=String.fromCharCode(o1,o2);if(h3==0x40)d[c/4]=String.fromCharCode(o1);}
plain=d.join('');return utf8decode?plain.decodeUTF8():plain;}
var Utf8={};Utf8.encode=function(strUni){var strUtf=strUni.replace(/[\u0080-\u07ff]/g,function(c){var cc=c.charCodeAt(0);return String.fromCharCode(0xc0|cc>>6,0x80|cc&0x3f);});strUtf=strUtf.replace(/[\u0800-\uffff]/g,function(c){var cc=c.charCodeAt(0);return String.fromCharCode(0xe0|cc>>12,0x80|cc>>6&0x3F,0x80|cc&0x3f);});return strUtf;}
Utf8.decode=function(strUtf){var strUni=strUtf.replace(/[\u00e0-\u00ef][\u0080-\u00bf][\u0080-\u00bf]/g,function(c){var cc=((c.charCodeAt(0)&0x0f)<<12)|((c.charCodeAt(1)&0x3f)<<6)|(c.charCodeAt(2)&0x3f);return String.fromCharCode(cc);});strUni=strUni.replace(/[\u00c0-\u00df][\u0080-\u00bf]/g,function(c){var cc=(c.charCodeAt(0)&0x1f)<<6|c.charCodeAt(1)&0x3f;return String.fromCharCode(cc);});return strUni;}

+) 2020-03-22 : ID 계정이 곧 삭제되었습니다

mail

메일을 늦게 확인해서 사이트는 닫혔습니다.
하지만 이름, 주소, 핸드폰 기종 등 모든 정보가 잘못 되었기에 스팸임을 금방 알 수 있었습니다.

이 외에도 몇 개의 스팸 메일을 받았지만 이전 게시물의 방식과 같기 때문에 생략합니다.

다들 스팸 조심하세요.