1

📧Compromised Email

Sent from a compromised Hotmail account to appear trustworthy

2

📎Malicious Attachment

"Open sex 8062.shtml" with obfuscated JavaScript

3

⚡Automatic Redirect

Using video onerror event to trigger redirect

4

🌐Tracking Domain

Redirect to o15zd[.]bemobtrcks[.]com to evade detection

5

🔍Fingerprinting

Zepto.js + FingerprintJS2 collect browser data

6

📡Data Exfiltration

Collected fingerprint sent via POST to server

7

🤖Server-Side Decision

Server analyzes fingerprint to determine payload

8

🎯Final Payload Delivery

Redirect to tailored final payload(scam, phishing, or exploit)