http://members.tripod.com/hey_varun0/
Printable View
Hrmm.. interesting. It's a fake site given that the top "Posters" is this:
That said, me thinks it might be attempting to gather information. Thanks for the heads up. I'm going to get the "higher ups" to look into this.Quote:
Top 10 Posters:
» Tedob1
» souleman
» KorpDeath
» Terr
» ac1dsp3ctrum
» s0nIc
» Negative
» Ennis
» valhallen
» MsMittens
I don't know if they can sue but certainly they can put in a request to Tripod for a cease and desist I would think.
Yeah i noticed the outdated lists....then i also though that he might be trying to gather usernames and password when someone tries to log in, it send him the password but it doesn't seem to be the case, i tried logging in with a fake name it redirects me to antionline.com
Still misleading. The code makes me think there is perhaps an attempt to gather info on the local user's machine. When clicking on one of the threads, there is a popup but I'm using Mozilla and I don't think it's working correctly on that. Using IE might generate different results.
I think the kid was playing with wget or some program like that.. because look at the links.. they point to files on the viewer's HD...
No biggy IMO.
Ok i tried it on IE ...
Page cannot be displayed shows up here
C:\Documents and Settings\students.NVDSKOOLAPJEDU\My Documents\My Webs\myweb\showthread.php
and a My Search pop-up appears witht he term "cehawk" in the search box ....strange !
Doesnt seem to big fo a problem to me since probably no one even visits the site.....i was just curious !
Spyware check perhaps? Anything come in?Quote:
and a My Search pop-up appears witht he term "cehawk" in the search box ....strange !
Ad-aware SE Personal is running a full system scan right now, i have to go to work, i'll post if something comes up tonight....
The site is in blatant infringement of every Tripod License out there, so IMO even a mod from AO could report the site as an abuse and say why it is such an abuse... the site should be down in about 24hrs.
And even if the kid was playing with wget or Teleport, he should learn to use those tools and download the files with relative paths... the skiddies, never wanna learn.
Pardon my squirrelly ignorance, but how is using wget to mirror a site skiddie???
Well the way I see it, the aim of that site is largely to phish out some info, possibly some accounts. But the fact that whoever did it had no concern or ability to make the links still work throughout the mirrored site indicates a superficial understanding of whichever program he/she was using.
Not the use of wget is skiddies... otherwise I think most of AO would be a skid? Sorry if I made it sound like that, hope this makes it clearer [just very excited about an assignment I got back marked today in CS :D]
I've contacted them, so it should be down shortly. Thanks for pointing it out!
intmon
If they wanted to learn they wouldn't be skiddies :)Quote:
And even if the kid was playing with wget or Teleport, he should learn to use those tools and download the files with relative paths... the skiddies, never wanna learn
Take a look at the code, specially the form tag
This is not even a scam. It's just a copy of HTML source of AO mainpage copy into tripod in my eyes. The code was left unchange except for link so it look like he use a program to download AO to is hard drive.PHP Code:<!-- login -->
<table border="0" cellspacing="0" cellpadding="1" width="150">
<tr><td bgcolor="#000000">
<table bgcolor="#000000" width="150" border="0" cellspacing="0" cellpadding="2">
<tr><td bgcolor="#ffc700" valign=middle colspan=1 width=20><img src="http://images.antionline.com/aoimages/corner.gif" width=15 height=15 border=0 align=left></td>
<td bgcolor="#ffc700" valign=middle colspan=1 width=130><font size="2" class="nf"><font color="#000000"><b>Your Account</b></font></font></td></tr>
<tr><td bgcolor="#f1f1f1" colspan=2 width=150>
<font class="sf">
<!-- BEGIN TEMPLATE: P_logincode -->
------><form action="http://www.antionline.com/member.php" method="post">
<input type="hidden" name="action" value="login2">
<input type="hidden" name="s" value="a9912147d6dfefb597944e3a208cc236">
<table border="0" cellpadding="0" cellspacing="0" width=150>
<tr><td>
<br>
<font class="sf"><b>Username</b></font><INPUT TYPE="TEXT" NAME="username" SIZE=7><br>
<font class="sf"><b>Password</b></font><INPUT TYPE="PASSWORD" NAME="password" SIZE=7><br>
<center>
<input type="submit" value="Login!">
</center>
</td></tr>
<tr><td nowrap>
<p align="center"><font class="sf"><br>
Don't have an account? <br>
<a href="file:///C:/Documents and Settings/students.NVDSKOOLAPJEDU/My Documents/My Webs/myweb/register.php">Register for one now!</a><br>
<a href="file:///C:/Documents and Settings/students.NVDSKOOLAPJEDU/My Documents/My Webs/myweb/member.php">Lost Your Password?</a>
</font>
</td></tr>
</table>
</form>
<!-- END TEMPLATE: P_logincode -->
</font>
</td>
</tr>
</table>
</td>
</tr>
</table>
<!-- end login -->
Hmm... Not sure where you saw this... but we did have two members here by the name icehawke or 1cehawk or something like that. Do an advanced search in the members page of "cehawk". It turns up two accts. If I remember correctly, a more recent person used this name in the AO CS Clan? Even had the name posted in his signature.Quote:
and a My Search pop-up appears witht he term "cehawk" in the search box ....strange
http://www.antionline.com/showthread...k&pagenumber=9
I agree with SDK... looks just like a copy of the html page saved to his local computer.
Thats why most of the links didn't change... they were referenceing files that were also downloaded to the computer. At some point, the page was uploaded to the tripod page. Not a big deal IMO.
But maybe someone caught something more than I did... not just speculating...
©opy®ight... Just How did you get linked to the page?
how the site is being advertised would tell more about the intentions of the persons than us making assumtions of their attitude and intentions..
Well, it was copied on 25th July 2003 so it is rather old.
My guess is you have caught someone cheating on their homework or something? Plagiarism rather than phishing. Particularly as the login part seems unaltered and takes you to AO.
I am no malware author, but I would have thought the first thing you would want to alter would be that? otherwise anything else you do would be a waste of effort.
just a thought
Quote:
Originally posted here by phishphreek80
I agree with SDK... looks just like a copy of the html page saved to his local computer.
Thats why most of the links didn't change... they were referenceing files that were also downloaded to the computer. At some point, the page was uploaded to the tripod page. Not a big deal IMO.
But maybe someone caught something more than I did... not just speculating... [/B]
Ok, college student laptop user name JEDU common name or sir name in a certain part of the world. Or J EDUcation Google tells me that much.Quote:
C:/Documents and Settings/students.NVDSKOOLAP JEDU /My Documents/
I was bored and was browsing google for the terms "antionline "MemorY"" i was trying to get a direct link to a members profile with google, without success by the way, i may have used different terms, cant remember right now, but on the 3rd or 4th page i saw the link and clicked on it.....Quote:
©opy®ight... Just How did you get linked to the page?
What even stanger is that he is on the Recently Banned list on the fake page..Quote:
Hmm... Not sure where you saw this... but we did have two members here by the name icehawke or 1cehawk or something like that.
Most Recently Banned:
» haquer
» stink
» lntmon
» swifty4real
» vaibhav22
» chronicon
» uberhackerMAN
» 1cehawk
» diabolicblood
» dud_dude
maybe he got pissed off cyz he got banned and experimented with AO !
btw: the ad-aware scan returned 9 tracking cookies !
I know who the member is that used be be 1cehawk and that isnt his page. He and i found the page in question before while chatting one night. I was going to post about it then but it was like 2:30am and decided to do it the next day. Then i forgot all about it.
MemorY you act like its a big deal that someone got banned then came back under a diff name. Havent you done it like 20 times? Do you have snapshots of everytime you were banned mirrored out there some where? The sad part is that the member who used to be 1cehawk sticks up for you and considers you a friend.
Oh and BTW its froma tripod site of course there are tracking cookies.
1cehawk is my friend, i didnt say he wasn't, isn't he a co-founder of the ao-cs clan site ? that where i know him from...i didnt say he was a bad guy i just though he got pissed off cuz he got banned and created a ao clone or something,
Where did i say that, i started this thread because i found a AO clone, then phishphreek mentioned it was strange that chawk appeared in the pop-up i got from the site...i didn't say anything against 1cehawk ...Quote:
MemorY you act like its a big deal that someone got banned then came back under a diff name.
btw: no i dont have screenshops of my banned acccounts...they wouldn't fit on a server :)
I know Icehawk as well and this is not his site. He does admit that he was a little self rightous with his first account, but he has made up for that.Quote:
1cehawk is my friend, i didnt say he wasn't, isn't he a co-founder of the ao-cs clan site ? that where i know him from...i didnt say he was a bad guy i just though he got pissed off cuz he got banned and created a ao clone or something,
My login won't work there...
O well at least tripod is going to do something about it.