The page served when the link is clicked will attempt to gather information about the browser version, operative system and browser plugins. Additionally an NTLM handshake will be attempted if the parameter Request NTLM auth is set to yes. Finally the victim will be redirected to the URL specified by Redirect to URL parameter.

The page served impersonates the given URL web page and its web forms. It will retrieve the information entered by the user in the web forms when it's submitted and redirect the user to the original web page. This information will be stored into the target's email entity. It also attempts to gather information about the browser version, operating system and browser plugins.