Phishing Attack

Hello, my dad was a victim of a phishing attack from someone using your service. The website imitates a facebook login and takes users’ email and password. The website is: http://curious-intelligent-jackal.glitch.me/#0.2585748876852967

3 Likes

Hello, you should report this to support@glitch.com.

2 Likes

i just literally put fake credentials
ha
(a little suggestion to everyone
put fake credentials before logging in)

1 Like

Don’t worry, I’m sending them a few hundred fake passwords.

1 Like

Did some looking it, it sends the data this a .ml site. You should also report this to Freenom.

lemme try this


I hope they don’t have xss protection on

while [ true ]
do
curl 'https://facebook2929.ml/klksan/save.php?api=1&lan=facebooknew&ht=1' -H 'User-Agent: you are dumb lol' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Origin: https://curious-intelligent-jackal.glitch.me' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Referer: https://c
urious-intelligent-jackal.glitch.me/' -H 'Cookie: PHPSESSID=4d2435fdht855e9c1' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers' --data-raw 'ua=&state=Conn
ecticut&username=lluviaco_klksan&email=sdjkfhjsdfhksdjfkdsfhkjhsdjkfhdsjkfsdkjfhdjskfhsdkjfhsdkjfhksdjfhkjsdhfkjsdh&pass=sdef&login=Log+In&country=United+States&Country=United+States&pais=United+States&Pais=United+States'
echo another
done

niceeeeeeeee
i just realized something
i gave them my email
WHOOPS
i dont have facebook

1 Like

Probably nearing 1000

I reported the glitch.me website to support[at]glitch[dot]com and reported the facebook2929.ml website (with context of the phishing operation on the glitch.me website) to abuse[at]freenom[dot]com. Thanks for the help

1 Like

Nice! If you want to go even further you can always contact the host of the facebook ml website:

1 Like

Reported to soporte@sered.net, in English though, lol

1 Like

Just want to give an update, the host seems to have banned the facebook ml website:

(thanks for letting me know @EddiesTech)

3 Likes

good
now no one gets scammed on this website

This is against the law to phish.
I reported it to glitch using the “Report abuse” feature.
They’re also leaking IPs in the source.

That actually depends on what you are phishing.

could you describe that

could you explain that

Hi @wh0 and @MCPE2019Github
I think @chessebuilderman meant that there is no particular law that covers phishing in the US but others can apply to it

2 Likes

How does one think that ‘facebook.com’ is a glitch link?