GoFuckYourself.com - Adult Webmaster Forum - View Single Post

jammyjenkins · 08-03-2002, 04:43 PM

This motherfucker is trying to steal people's PayPal login's.

They've done something very clever ... they send out this address:

https://www.paypal.com/wf/f=ra

But the actually href address is:

http://www.paypal.com.wf63GDY3jha8n3...202/login.html

It all appears to be PayPal but in fact you're entering your details at:

66.175.57.202/login.html

I've done a reverse lookup and this is the info for that IP:

16 421 ms 250 ms 291 ms abac-gw.customer.alter.net [157.130.240.102]
17 201 ms 170 ms 180 ms core01.san-diego.abac.net [216.55.138.242]
18 171 ms 190 ms 180 ms milkersoft.com [66.175.57.202]

I did a view source and basically when you submit form it runs http://66.175.57.202/pp.php

But since that's server-side I can't view what it's doing.

Does anyone know how to view this PHP code and see where these motherfuckers are sending the information?

I know someone who got scammed. Let's shut them down.

Cheers

08-03-2002, 04:43 PM
jammyjenkins So Fucking Banned Join Date: Feb 2002 Posts: 1,371	Any hackers here? This motherfucker is trying to steal people's PayPal login's. They've done something very clever ... they send out this address: https://www.paypal.com/wf/f=ra But the actually href address is: http://www.paypal.com.wf63GDY3jha8n3...202/login.html It all appears to be PayPal but in fact you're entering your details at: 66.175.57.202/login.html I've done a reverse lookup and this is the info for that IP: 16 421 ms 250 ms 291 ms abac-gw.customer.alter.net [157.130.240.102] 17 201 ms 170 ms 180 ms core01.san-diego.abac.net [216.55.138.242] 18 171 ms 190 ms 180 ms milkersoft.com [66.175.57.202] I did a view source and basically when you submit form it runs http://66.175.57.202/pp.php But since that's server-side I can't view what it's doing. Does anyone know how to view this PHP code and see where these motherfuckers are sending the information? I know someone who got scammed. Let's shut them down. Cheers