Any hackers here?
 

This motherfucker is trying to steal people's PayPal login's.

They've done something very clever ... they send out this address:


https://www.paypal.com/wf/f=ra

But the actually href address is:

http://www.paypal.com.wf63GDY3jha8n3...202/login.html

It all appears to be PayPal but in fact you're entering your details at:

66.175.57.202/login.html

I've done a reverse lookup and this is the info for that IP:

16 421 ms 250 ms 291 ms abac-gw.customer.alter.net [157.130.240.102]
17 201 ms 170 ms 180 ms core01.san-diego.abac.net [216.55.138.242]
18 171 ms 190 ms 180 ms milkersoft.com [66.175.57.202]


I did a view source and basically when you submit form it runs http://66.175.57.202/pp.php

But since that's server-side I can't view what it's doing.

Does anyone know how to view this PHP code and see where these motherfuckers are sending the information?

I know someone who got scammed. Let's shut them down.

Cheers

i've seen this type of thing before. there was an article posted here month's ago - maybe someone has it in their bookmarks?

The dam FBI will be knocking there door down... Or some other police Dept. in some fucked up country. Some ones is a real dumb ass to do this... Not smart at all... Stupid... And I might add, you would not want to hack that site... I would NOT even visit the dam thing if I were you...

no way to view the php code itself but my guess would be they are storing all the login/passes in a database, logging in to the accounts, sending the money to another account.

no harm in visiting it ... as long as you don't enter your details!

we can always do loads of autosubmits with fake data to crash their server

or find out if the php script is mailing the information somewhere, and bomb that address (if we can hack the php script that is ... there must be a way)

They're spamming this like fuck ... so I mean this in all sincerity: let's protect the newbies!

Did you atleast forward the email and info to Pay Pal?? that would be a place to start.:2 cents:

I get this

Official name: milkersoft.com
IP address: 66.175.57.202



Registrant:
Commercial top-level domain (COM-DOM)
VeriSign Global Registry Services
21345 Ridgetop Circle
Dulles, VA 20166

Domain Name: COM

Administrative Contact, Technical Contact:
Registry Customer Service (RC4583-ORG) [email protected]
VeriSign Global Registry Services
21345 Ridgetop Circle
Dulles, VA 20166
+1 703-925-6999
Fax- +1 703-421-5828

Record created on 01-Jan-1985.
Database last updated on 3-Aug-2002 19:53:05 EDT.

Domain servers in listed order:

A.GTLD-SERVERS.NET 192.5.6.30
B.GTLD-SERVERS.NET 192.33.14.30
C.GTLD-SERVERS.NET 192.26.92.30
D.GTLD-SERVERS.NET 192.31.80.30
E.GTLD-SERVERS.NET 192.12.94.30
F.GTLD-SERVERS.NET 192.35.51.30
G.GTLD-SERVERS.NET 192.42.93.30
H.GTLD-SERVERS.NET 192.54.112.30
I.GTLD-SERVERS.NET 192.43.172.30
J.GTLD-SERVERS.NET 210.132.100.101
K.GTLD-SERVERS.NET 213.177.194.5
L.GTLD-SERVERS.NET 192.41.162.30
M.GTLD-SERVERS.NET 192.55.83.30

They've been contacted, and the (apparent) hosting company too.

jammyjenkins you start a poll on how long this site will be up, if you contacted the hosting co. and Paypal.. or someone start 1... I've never done 1 and do not want to use that much brain power today.

I don't get that

I did a whois at netsol for milkersoft.com and it says the domain is available??!

they're a piece of piss to do

it just makes me mad that they've scammed people I know (as well as everyone else they scammed too)

at the very least I want these fuckers mail bombed into the next century!!

No match for "MILKERSOFT.COM".

there is no way to 'hack' the php script, give it up.. unless you root the box its on and either fuck up the httpd config or just download the script itself.

okay, let's start with downloading the script to see exactly what they're doing with the information

how is that possible?

The more shit entered at the form the better I would guess.

jesus christ, i said you cant, what else is there to understand?


the script is processes server side, then output is sent to the browser.


:warning YOU CANNOT GET THE SCRIPT. :warning

when i say download the script, i meant after you root the machine.

I bet 90% that the machine itself (66.175.57.202) is hacked. They might be sending the info to some free email and then accessing it with 50 proxies (proxy loop).

You just need to get the uplink provider to null-route that IP or whatever.

That box is hosted at http://www.abac.com/

The hostname of that box is cedant8.abac.com

So you might as well send an email to abac.com for faster response. Maybe the box is indeed owner by that scammer. Then his ass can be nailed really easily.

once they have the guts to do that they knew they'll never get caught. my pp was taken over and i wasn't able to take it back, the fucker even withdrew money from my bank too. I have to call my bank to dispute and blablabla......fuck paypal jackers.