jammyjenkins

This motherfucker is trying to steal people's PayPal login's.

They've done something very clever ... they send out this address:


https://www.paypal.com/wf/f=ra

But the actually href address is:

http://www.paypal.com.wf63GDY3jha8n3...202/login.html

It all appears to be PayPal but in fact you're entering your details at:

66.175.57.202/login.html

I've done a reverse lookup and this is the info for that IP:

16 421 ms 250 ms 291 ms abac-gw.customer.alter.net [157.130.240.102]
17 201 ms 170 ms 180 ms core01.san-diego.abac.net [216.55.138.242]
18 171 ms 190 ms 180 ms milkersoft.com [66.175.57.202]


I did a view source and basically when you submit form it runs http://66.175.57.202/pp.php

But since that's server-side I can't view what it's doing.

Does anyone know how to view this PHP code and see where these motherfuckers are sending the information?

I know someone who got scammed. Let's shut them down.

Cheers

quiet

i've seen this type of thing before. there was an article posted here month's ago - maybe someone has it in their bookmarks?

__________________
we'll miss you our friend. RIP

jimmyf

The dam FBI will be knocking there door down... Or some other police Dept. in some fucked up country. Some ones is a real dumb ass to do this... Not smart at all... Stupid... And I might add, you would not want to hack that site... I would NOT even visit the dam thing if I were you...

__________________
Epic CashEpic Cash works for me
Solar Cash Paysite Plugin
Gallery of the day freesites,POTD,Gallery generator with free hosting

Alky

no way to view the php code itself but my guess would be they are storing all the login/passes in a database, logging in to the accounts, sending the money to another account.

jammyjenkins

no harm in visiting it ... as long as you don't enter your details!

we can always do loads of autosubmits with fake data to crash their server

or find out if the php script is mailing the information somewhere, and bomb that address (if we can hack the php script that is ... there must be a way)

They're spamming this like fuck ... so I mean this in all sincerity: let's protect the newbies!

Wiredoctor

Did you atleast forward the email and info to Pay Pal?? that would be a place to start.

__________________
Search For Everything In One Easy Portal
Big Juicy Nipples.com

Dopy

I get this

Official name: milkersoft.com
IP address: 66.175.57.202



Registrant:
Commercial top-level domain (COM-DOM)
VeriSign Global Registry Services
21345 Ridgetop Circle
Dulles, VA 20166

Domain Name: COM

Administrative Contact, Technical Contact:
Registry Customer Service (RC4583-ORG) [email protected]
VeriSign Global Registry Services
21345 Ridgetop Circle
Dulles, VA 20166
+1 703-925-6999
Fax- +1 703-421-5828

Record created on 01-Jan-1985.
Database last updated on 3-Aug-2002 19:53:05 EDT.

Domain servers in listed order:

A.GTLD-SERVERS.NET 192.5.6.30
B.GTLD-SERVERS.NET 192.33.14.30
C.GTLD-SERVERS.NET 192.26.92.30
D.GTLD-SERVERS.NET 192.31.80.30
E.GTLD-SERVERS.NET 192.12.94.30
F.GTLD-SERVERS.NET 192.35.51.30
G.GTLD-SERVERS.NET 192.42.93.30
H.GTLD-SERVERS.NET 192.54.112.30
I.GTLD-SERVERS.NET 192.43.172.30
J.GTLD-SERVERS.NET 210.132.100.101
K.GTLD-SERVERS.NET 213.177.194.5
L.GTLD-SERVERS.NET 192.41.162.30
M.GTLD-SERVERS.NET 192.55.83.30

jammyjenkins

They've been contacted, and the (apparent) hosting company too.

jimmyf

jammyjenkins you start a poll on how long this site will be up, if you contacted the hosting co. and Paypal.. or someone start 1... I've never done 1 and do not want to use that much brain power today.

__________________
Epic CashEpic Cash works for me
Solar Cash Paysite Plugin
Gallery of the day freesites,POTD,Gallery generator with free hosting

jammyjenkins

I don't get that

I did a whois at netsol for milkersoft.com and it says the domain is available??!

jammyjenkins

they're a piece of piss to do

it just makes me mad that they've scammed people I know (as well as everyone else they scammed too)

at the very least I want these fuckers mail bombed into the next century!!

Alky

No match for "MILKERSOFT.COM".

Alky

there is no way to 'hack' the php script, give it up.. unless you root the box its on and either fuck up the httpd config or just download the script itself.

jammyjenkins

okay, let's start with downloading the script to see exactly what they're doing with the information

how is that possible?

Dopy

The more shit entered at the form the better I would guess.

Alky

jesus christ, i said you cant, what else is there to understand?


the script is processes server side, then output is sent to the browser.


YOU CANNOT GET THE SCRIPT.

Alky

when i say download the script, i meant after you root the machine.

Dreamman010

I bet 90% that the machine itself (66.175.57.202) is hacked. They might be sending the info to some free email and then accessing it with 50 proxies (proxy loop).

You just need to get the uplink provider to null-route that IP or whatever.

__________________
<a href="http://www2.famoushost.com/home.php" target="_blank"><b><FONT COLOR="FFFF00">www.FamousHost.com</font></b></a><br>Free Hosting With No Headers, Real FTP, <u>Get listed on the biggest TGP's with us!</u>

Dreamman010

That box is hosted at http://www.abac.com/

The hostname of that box is cedant8.abac.com

So you might as well send an email to abac.com for faster response. Maybe the box is indeed owner by that scammer. Then his ass can be nailed really easily.

__________________
<a href="http://www2.famoushost.com/home.php" target="_blank"><b><FONT COLOR="FFFF00">www.FamousHost.com</font></b></a><br>Free Hosting With No Headers, Real FTP, <u>Get listed on the biggest TGP's with us!</u>

sexygoat

once they have the guts to do that they knew they'll never get caught. my pp was taken over and i wasn't able to take it back, the fucker even withdrew money from my bank too. I have to call my bank to dispute and blablabla......fuck paypal jackers.