search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.62k stars 1.92k forks source link

Everything Configured Correctly, When Visiting Lure Site, Shows Login Page Then Goes Blank #748

Closed HornyLemur closed 1 year ago

HornyLemur commented 2 years ago

Hey all, I spent many hours of troubleshooting on this to finally get the SSL certs installed and the A records on my DNS are configured correctly. However, when I activate my lure, no matter how I access the URL, I briefly see the Paypal login page and then it will flash to a blank page. Meanwhile in the panel I keep seeing things like this:

[12:33:52] [imp] [0] [paypal] new visitor has arrived: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0 (23.82.142.199) [12:33:52] [inf] [0] [paypal] landing URL: https://www.paypal.mydomain.com/MKMSuFag : 2022/03/21 12:33:54 [008] WARN: Cannot handshake client www.paypal.com EOF 2022/03/21 12:33:54 [007] WARN: Cannot handshake client www.paypal.com EOF

When I go to the site using multiple devices and browsers, the same thing happens. You can briefly see the login page but then it will go blank before u can even interact with it.

Thanks in advance.

sethfaulkner commented 2 years ago

How did you get the ssl certs? I can't resolve letsencrypt for some reason.

HornyLemur commented 2 years ago

I pointed my DNS to cloudflare and they have a TLS/SSL section that tells you how to set it up. You get an RSA from a command on ur server, input it into their system and then install a key file it generates. Cloudflare is free for this basic portion of their services. Also make sure you have an entry of 'nameserver 1.1.1.1' in your hosts file if you cannot resolve the LetsEncrypt portion.

sethfaulkner commented 2 years ago

Hmm, that did not do it. I am using aws ec2 ubuntu and have only ports 443, 80, 53, and 22 open. I followed the instructions using namecheap dns and creating custom dns entries to point back at my server (ns1.domain and ns2.domain). Both of these resolve to my box but I cant resolve anything else (like google). I disabled systemd.resolved because the instructions say to make sure port 53 is clear but that seems to kill my ability to resolve anything. Am I missing something?

HornyLemur commented 2 years ago

If I remember correctly, you need to use the get-url command in phishlets to get the hostnames with your domain's IP. Then you also have to add THAT to your hosts. You also have to add all the domains (i.e. a.stats-paypal.com > [your IP]) as an A record in your DNS.

HornyLemur commented 2 years ago

Can someone help me with my issue now?

HornyLemur commented 2 years ago

Here is what I get when running in debug mode (domain and IP have been replaced with mydomain and [server IP], respectively)

[16:29:05] [dbg] DNS A: paypal.mydomain.com. = [server IP] [16:29:06] [dbg] isWhitelistIP: 107.115.227.41 [16:29:06] [dbg] triggered lure for path '/MKMSuFag' [16:29:06] [imp] [1] [paypal] new visitor has arrived: Mozilla/5.0 (Linux; Android 12) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/99.0.4844.73 Mobile DuckDuckGo/5 Safari/537.36 (107.115.227.41) [16:29:06] [inf] [1] [paypal] landing URL: https://paypal.mydomain.com/MKMSuFag [16:29:06] [dbg] redirect URL (lure): https://www.paypal.com/ [16:29:06] [dbg] whitelistIP: 107.115.227.41 27e94a191268863550277f6c3473c226943cfdfc07854d97416754ea67607a45 [16:29:06] [dbg] DNS A: www.paypal.mydomain.com. = [server IP] [16:29:06] [dbg] whitelistIP: 107.115.227.41 27e94a191268863550277f6c3473c226943cfdfc07854d97416754ea67607a45 [16:29:06] [dbg] POST: /signin [16:29:06] [dbg] POST body = [16:29:06] [dbg] POST: /signin [16:29:07] [dbg] .paypal.com: enforce_policy = ccpa [16:29:07] [dbg] .paypal.com: LANG = en_US%3BUS [16:29:07] [dbg] www.paypal.com: htdebug = [16:29:07] [dbg] .paypal.com: tsrce = authchallengenodeweb [16:29:07] [dbg] .paypal.com: x-pp-s = eyJ0IjoiMTY0ODA1Mjk0NzAxNyIsImwiOiIwIiwibSI6IjAifQ [16:29:07] [dbg] www.paypal.com: nsid = s%3AMJCLLLa2TD-drYUThXy35al6lzTeyXLd.9nWpRdPVVfLe%2FQAysnBNzrOl293mNBGKJZjJEXG30e0 [16:29:07] [dbg] .paypal.com: l7_az = dcg13.slc [16:29:07] [dbg] .paypal.com: ts = vreXpYrS%3D1742747346%26vteXpYrS%3D1648054746%26vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e%26vtyp%3Dnew [16:29:07] [dbg] .paypal.com: ts_c = vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e [16:29:08] [dbg] whitelistIP: 107.115.227.41 27e94a191268863550277f6c3473c226943cfdfc07854d97416754ea67607a45 [16:29:08] [dbg] POST: /auth/logclientdata [16:29:08] [dbg] POST body = {"fpti":{"pgrp":"main:authchallenge::signin","page":"main:authchallenge::signin","pgst":"1648052946996","calc":"f9722895cb8f1","nsid":"MJCLLLa2TD-drYUThXy35al6lzTeyXLd","rsta":"en_US","pgtf":"Nodejs","env":"live","s":"ci","ccpg":"US","csci":"d2db3be2ddce4edab653d7c934c1d6b4","comp":"authchallengenodeweb","tsrce":"authchallengenodeweb","cu":"0","ef_policy":"ccpa","captchaState":"CLIENT_SIDE_RECAPTCHA_SERVED"},"_csrf":"fCnihjcJH8dZgkvCGef6fhjRhYARu7R6hRxCY=","_sessionID":null} [16:29:08] [dbg] POST: /auth/logclientdata [16:29:08] [dbg] .paypal.com: enforce_policy = ccpa [16:29:08] [dbg] .paypal.com: LANG = en_US%3BUS [16:29:08] [dbg] .paypal.com: x-pp-s = eyJ0IjoiMTY0ODA1Mjk0ODU5NyIsImwiOiIwIiwibSI6IjAifQ [16:29:08] [dbg] .paypal.com: l7_az = dcg13.slc [16:29:08] [dbg] .paypal.com: ts = vreXpYrS%3D1742747348%26vteXpYrS%3D1648054748%26vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e%26vtyp%3Dnew [16:29:08] [dbg] .paypal.com: ts_c = vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e [16:29:11] [dbg] DNS A: t.paypal.mydomain.com. = [server IP] [16:29:12] [dbg] whitelistIP: 107.115.227.41 27e94a191268863550277f6c3473c226943cfdfc07854d97416754ea67607a45 [16:29:12] [dbg] POST: /auth/logclientdata [16:29:12] [dbg] POST body = {"fpti":{"pgrp":"main:authchallenge::signin","page":"main:authchallenge::signin","pgst":"1648052946996","calc":"f9722895cb8f1","nsid":"MJCLLLa2TD-drYUThXy35al6lzTeyXLd","rsta":"en_US","pgtf":"Nodejs","env":"live","s":"ci","ccpg":"US","csci":"d2db3be2ddce4edab653d7c934c1d6b4","comp":"authchallengenodeweb","tsrce":"authchallengenodeweb","cu":"0","ef_policy":"ccpa","captchaState":"CLIENT_SIDE_RECAPTCHA_ENTERPRISE_API_JS_LOADED","message":""},"_csrf":"fCnihjcJH8dZgkvCGef6fhjRhYARu7R6hRxCY=","_sessionID":null} [16:29:12] [dbg] POST: /auth/logclientdata [16:29:12] [dbg] .paypal.com: enforce_policy = ccpa [16:29:12] [dbg] .paypal.com: LANG = en_US%3BUS [16:29:12] [dbg] .paypal.com: x-pp-s = eyJ0IjoiMTY0ODA1Mjk1MjIxMCIsImwiOiIwIiwibSI6IjAifQ [16:29:12] [dbg] .paypal.com: l7_az = dcg13.slc [16:29:12] [dbg] .paypal.com: ts = vreXpYrS%3D1742747352%26vteXpYrS%3D1648054752%26vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e%26vtyp%3Dnew [16:29:12] [dbg] .paypal.com: ts_c = vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e [16:29:13] [dbg] isWhitelistIP: 107.115.227.41 [16:29:13] [dbg] POST: /apple-touch-icon.png [16:29:13] [dbg] POST body = [16:29:13] [dbg] POST: /apple-touch-icon.png [16:29:14] [dbg] .paypal.com: l7_az = dcg01.phx [16:29:14] [dbg] .paypal.com: ts = vreXpYrS%3D1742747353%26vteXpYrS%3D1648054753%26vr%3Db79c637717f0ad046fe4c884ff2e14df%26vt%3Db79c637717f0ad046fe4c884ff2e14de%26vtyp%3Dnew [16:29:14] [dbg] .paypal.com: ts_c = vr%3Db79c637717f0ad046fe4c884ff2e14df%26vt%3Db79c637717f0ad046fe4c884ff2e14de [16:29:15] [dbg] isWhitelistIP: 107.115.227.41 [16:29:15] [dbg] POST: /favicon.ico [16:29:15] [dbg] POST body = [16:29:15] [dbg] POST: /favicon.ico [16:29:15] [dbg] .paypal.com: l7_az = dcg01.phx [16:29:15] [dbg] .paypal.com: ts = vreXpYrS%3D1742747355%26vteXpYrS%3D1648054755%26vr%3Db79c6a0b17f0ad047dfd493eff2e1bb5%26vt%3Db79c6a0b17f0ad047dfd493eff2e1bb4%26vtyp%3Dnew [16:29:15] [dbg] .paypal.com: ts_c = vr%3Db79c6a0b17f0ad047dfd493eff2e1bb5%26vt%3Db79c6a0b17f0ad047dfd493eff2e1bb4 [16:29:22] [dbg] whitelistIP: 107.115.227.41 27e94a191268863550277f6c3473c226943cfdfc07854d97416754ea67607a45 [16:29:22] [dbg] POST: /auth/validatecaptcha [16:29:22] [dbg] POST body = _recaptchaEnterpriseEnabled=true&_adsRecaptchaSiteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&_csrf=fCnihjcJH8dZgkvCGef6fhjRhYARu7R6hRxCY%3D&_requestId=rnMKbof-I3c4LLZaz1biOMNd6W8H21Ueuf28C30Xq1uUVYM4InGtBzGD4n8CCifnOW86Zxg1uc1rx_m4l2efVL6fQqQaXigrldZS-lTC5ix67YKi-GTqu0ZvMGKPsO73&_hash=Tox%2FlluiEzpOkZdEFSj5x95gXEfQ7LOVQ4UCe3Pe9Rc%3D&grc_eval_start_time_utc=1648052947008&_sessionID=MJCLLLa2TD-drYUThXy35al6lzTeyXLd&jse=ff825be2f1cdf664ceb6a9599d4f2a60&recaptcha=03AGdBq27RTuZ6xbcT_p1YrgEo0qefgSF2n9EDsELunj0tGsxByjrXR7_GFihbEouMk3nz69Eo3qRG43DohNgaV0plaz7Hh3mF7MYAdmKViZu1wCsWnAxx5mYSXRhyhjXr-zriGEmqQT9W5T2QIRBX33PVOQMqOpKPueQsPj25kWr0MUMvRwcUMJNurDCJXr-J2PD07p6mnlqLsjsxadUVVJ4a5HgmkIr49HLOWfvALaEf49cgaz-pnztQKRKgi9thh51KNuQXJPi1KijxGgb4sbDp_es3ApmcnP3uHdyLDK8IT9hqUz_i-JhVJY0Qnj3kDpBngUAEw8wsbLedtMpqwog7nlsnBgcipcUzsdHsR_8XvyvOPGKcTCEr4bz-5dryg039VmQ_IC2j51zih9I7NVJwpiQpe28qiY0kQT1s6MJJB4w-Bng4TeoWjiOV_UoS1WshtgMVm3HSGVEjDoB4x3KhSvsNK5bGdWy34C3jPW7XrhADf4Se1LdQiRbkz6cjIsq0cIzaB1WppVNfL4FGoNtsW7-O7PCFC9fpO_XAgzITGVRi8DFq0JKBqELN51JeHvMYqyBIW0yTD2Me9HJVm92DYwJ0_4-0jftRa-GfP-LxsyFX-IQ3HMkeQrVXgUXFkqf4wYBlmnhwG80C2spqkokP0wbwkF20egZQeMwhptOV7ZEd9VwMeD34CHakBOLyWxKHpEREo40Wzxs2ko43V5xHRB2PSq1BGGs_bM-5Tl5yU9eEhGul7JSPKmdfq41rJEZNnA-iidkxpnwJmWh0wMhrUGWrz8-WhdxNj2BygA1ftuKd6Rqqa1ich9GipxAD4r4qPZFk2DSZbZyHWgFSvZYMUwDLisFGe_UTlruXBvRu3l4NUeBRabrkxf_aWr4kyxTcyvLUJ_Y7X5o99AjQVtrH2vNzdTKdM7tvXJwJ6b9Tb4i_uGQWbph6G0DVDkQHCPdzOyPjAxZtAl05K08bmaSYCkOgRuWvEtwEllviog6mcH_VneowWXFuyY9w7eu2tAYee2QpgZr5Tvwh49nxUg7yUXmr0wUVCS5vQ2G_74f2L09Gbt8GyxOoz95uksX2fBmkY6_31_4ixR7CKX0p6JraBA7ScdjFMAwcl3-oDTQeOCUQ_DbfBXObic1QHhkiuf7g4LFB_YSjfspuDnVCeVAJOCDYICygI_rGrazXfnoeXubCo8hp1hFSjk2Ne-ZHJUGgsYGE3vzlwd7_cgL-ZzZEiFgYud88ZE-t4HLbVUswuCb7VXk8tlN5y1Z93Pko0qQCw-7RfNk8&grc_render_start_time_utc=1648052948061&grc_render_end_time_utc=1648052951737&grc_verification_time_utc=1648052962543 [16:29:22] [dbg] POST: /auth/validatecaptcha [16:29:22] [dbg] POST recaptcha = 03AGdBq27RTuZ6xbcT_p1YrgEo0qefgSF2n9EDsELunj0tGsxByjrXR7_GFihbEouMk3nz69Eo3qRG43DohNgaV0plaz7Hh3mF7MYAdmKViZu1wCsWnAxx5mYSXRhyhjXr-zriGEmqQT9W5T2QIRBX33PVOQMqOpKPueQsPj25kWr0MUMvRwcUMJNurDCJXr-J2PD07p6mnlqLsjsxadUVVJ4a5HgmkIr49HLOWfvALaEf49cgaz-pnztQKRKgi9thh51KNuQXJPi1KijxGgb4sbDp_es3ApmcnP3uHdyLDK8IT9hqUz_i-JhVJY0Qnj3kDpBngUAEw8wsbLedtMpqwog7nlsnBgcipcUzsdHsR_8XvyvOPGKcTCEr4bz-5dryg039VmQ_IC2j51zih9I7NVJwpiQpe28qiY0kQT1s6MJJB4w-Bng4TeoWjiOV_UoS1WshtgMVm3HSGVEjDoB4x3KhSvsNK5bGdWy34C3jPW7XrhADf4Se1LdQiRbkz6cjIsq0cIzaB1WppVNfL4FGoNtsW7-O7PCFC9fpO_XAgzITGVRi8DFq0JKBqELN51JeHvMYqyBIW0yTD2Me9HJVm92DYwJ0_4-0jftRa-GfP-LxsyFX-IQ3HMkeQrVXgUXFkqf4wYBlmnhwG80C2spqkokP0wbwkF20egZQeMwhptOV7ZEd9VwMeD34CHakBOLyWxKHpEREo40Wzxs2ko43V5xHRB2PSq1BGGs_bM-5Tl5yU9eEhGul7JSPKmdfq41rJEZNnA-iidkxpnwJmWh0wMhrUGWrz8-WhdxNj2BygA1ftuKd6Rqqa1ich9GipxAD4r4qPZFk2DSZbZyHWgFSvZYMUwDLisFGe_UTlruXBvRu3l4NUeBRabrkxf_aWr4kyxTcyvLUJ_Y7X5o99AjQVtrH2vNzdTKdM7tvXJwJ6b9Tb4i_uGQWbph6G0DVDkQHCPdzOyPjAxZtAl05K08bmaSYCkOgRuWvEtwEllviog6mcH_VneowWXFuyY9w7eu2tAYee2QpgZr5Tvwh49nxUg7yUXmr0wUVCS5vQ2G_74f2L09Gbt8GyxOoz95uksX2fBmkY6_31_4ixR7CKX0p6JraBA7ScdjFMAwcl3-oDTQeOCUQ_DbfBXObic1QHhkiuf7g4LFB_YSjfspuDnVCeVAJOCDYICygI_rGrazXfnoeXubCo8hp1hFSjk2Ne-ZHJUGgsYGE3vzlwd7_cgL-ZzZEiFgYud88ZE-t4HLbVUswuCb7VXk8tlN5y1Z93Pko0qQCw-7RfNk8 [16:29:22] [dbg] POST _recaptchaEnterpriseEnabled = true [16:29:22] [dbg] POST _csrf = fCnihjcJH8dZgkvCGef6fhjRhYARu7R6hRxCY= [16:29:22] [dbg] POST grc_eval_start_time_utc = 1648052947008 [16:29:22] [dbg] POST jse = ff825be2f1cdf664ceb6a9599d4f2a60 [16:29:22] [dbg] POST grc_render_start_time_utc = 1648052948061 [16:29:22] [dbg] POST grc_render_end_time_utc = 1648052951737 [16:29:22] [dbg] POST grc_verification_time_utc = 1648052962543 [16:29:22] [dbg] POST _adsRecaptchaSiteKey = 6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG [16:29:22] [dbg] POST _requestId = rnMKbof-I3c4LLZaz1biOMNd6W8H21Ueuf28C30Xq1uUVYM4InGtBzGD4n8CCifnOW86Zxg1uc1rx_m4l2efVL6fQqQaXigrldZS-lTC5ix67YKi-GTqu0ZvMGKPsO73 [16:29:22] [dbg] POST _hash = Tox/lluiEzpOkZdEFSj5x95gXEfQ7LOVQ4UCe3Pe9Rc= [16:29:22] [dbg] POST _sessionID = MJCLLLa2TD-drYUThXy35al6lzTeyXLd [16:29:23] [dbg] .paypal.com: enforce_policy = ccpa [16:29:23] [dbg] .paypal.com: LANG = en_US%3BUS [16:29:23] [dbg] .paypal.com: x-pp-s = eyJ0IjoiMTY0ODA1Mjk2MzE2MSIsImwiOiIwIiwibSI6IjAifQ [16:29:23] [dbg] .paypal.com: l7_az = dcg13.slc [16:29:23] [dbg] .paypal.com: ts = vreXpYrS%3D1742747363%26vteXpYrS%3D1648054763%26vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e%26vtyp%3Dnew [16:29:23] [dbg] .paypal.com: ts_c = vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e [16:29:23] [dbg] whitelistIP: 107.115.227.41 27e94a191268863550277f6c3473c226943cfdfc07854d97416754ea67607a45 [16:29:23] [dbg] POST: /auth/logclientdata [16:29:23] [dbg] POST body = {"fpti":{"pgrp":"main:authchallenge::signin","page":"main:authchallenge::signin","pgst":"1648052946996","calc":"f9722895cb8f1","nsid":"MJCLLLa2TD-drYUThXy35al6lzTeyXLd","rsta":"en_US","pgtf":"Nodejs","env":"live","s":"ci","ccpg":"US","csci":"d2db3be2ddce4edab653d7c934c1d6b4","comp":"authchallengenodeweb","tsrce":"authchallengenodeweb","cu":"0","ef_policy":"ccpa","captchaState":"CLIENT_SIDE_RECAPTCHA_SOLVED","message":""},"_csrf":"fCnihjcJH8dZgkvCGef6fhjRhYARu7R6hRxCY=","_sessionID":null} [16:29:23] [dbg] POST: /auth/logclientdata [16:29:23] [dbg] .paypal.com: enforce_policy = ccpa [16:29:23] [dbg] .paypal.com: LANG = en_US%3BUS [16:29:23] [dbg] .paypal.com: x-pp-s = eyJ0IjoiMTY0ODA1Mjk2MzQxNSIsImwiOiIwIiwibSI6IjAifQ [16:29:23] [dbg] .paypal.com: l7_az = dcg13.slc [16:29:23] [dbg] .paypal.com: ts = vreXpYrS%3D1742747363%26vteXpYrS%3D1648054763%26vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e%26vtyp%3Dnew [16:29:23] [dbg] .paypal.com: ts_c = vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e [16:29:23] [dbg] whitelistIP: 107.115.227.41 27e94a191268863550277f6c3473c226943cfdfc07854d97416754ea67607a45 [16:29:23] [dbg] POST: /signin [16:29:23] [dbg] POST body = [16:29:23] [dbg] POST: /signin [16:29:23] [dbg] .paypal.com: enforce_policy = ccpa [16:29:23] [dbg] .paypal.com: cookie_check = yes [16:29:23] [dbg] .paypal.com: d_id = f52a1b67bd1b4a3483ae1e77e7500a191648052963851 [16:29:23] [dbg] .paypal.com: LANG = en_US%3BUS [16:29:23] [dbg] .paypal.com: tsrce = unifiedloginnodeweb [16:29:23] [dbg] www.paypal.com: HaC80bwXscjqZ7KM6VOxULOB534 = [16:29:23] [dbg] .paypal.com: x-pp-s = eyJ0IjoiMTY0ODA1Mjk2Mzg3NSIsImwiOiIwIiwibSI6IjAifQ [16:29:23] [dbg] .paypal.com: l7_az = dcg13.slc [16:29:23] [dbg] .paypal.com: ts = vreXpYrS%3D1742747363%26vteXpYrS%3D1648054763%26vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e%26vtyp%3Dnew [16:29:23] [dbg] .paypal.com: ts_c = vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e [16:29:24] [dbg] whitelistIP: 107.115.227.41 27e94a191268863550277f6c3473c226943cfdfc07854d97416754ea67607a45 [16:29:24] [dbg] POST: /auth/createchallenge/3a9e9e15c0af4ea6/recaptchav3.js [16:29:24] [dbg] POST body = [16:29:24] [dbg] POST: /auth/createchallenge/3a9e9e15c0af4ea6/recaptchav3.js [16:29:25] [dbg] .paypal.com: enforce_policy = ccpa [16:29:25] [dbg] .paypal.com: LANG = en_US%3BUS [16:29:25] [dbg] .paypal.com: tsrce = authchallengenodeweb [16:29:25] [dbg] .paypal.com: x-pp-s = eyJ0IjoiMTY0ODA1Mjk2NTA2MCIsImwiOiIwIiwibSI6IjAifQ [16:29:25] [dbg] .paypal.com: l7_az = dcg13.slc [16:29:25] [dbg] .paypal.com: ts = vreXpYrS%3D1742747364%26vteXpYrS%3D1648054764%26vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e%26vtyp%3Dnew [16:29:25] [dbg] .paypal.com: ts_c = vr%3Db79c482f17f0ad005a5d2919f87e784f%26vt%3Db79c482f17f0ad005a5d2919f87e784e [16:29:26] [dbg] DNS A: c.paypal.mydomain.com. = [server IP] [16:29:26] [dbg] isWhitelistIP: 107.115.227.41 [16:29:26] [dbg] POST: /apple-touch-icon.png [16:29:26] [dbg] POST body = [16:29:26] [dbg] POST: /apple-touch-icon.png [16:29:26] [dbg] .paypal.com: l7_az = dcg14.slc [16:29:26] [dbg] .paypal.com: ts = vreXpYrS%3D1742747366%26vteXpYrS%3D1648054766%26vr%3Db79c95d717f0ad0056de41d9f87e5511%26vt%3Db79c95d717f0ad0056de41d9f87e5510%26vtyp%3Dnew [16:29:26] [dbg] .paypal.com: ts_c = vr%3Db79c95d717f0ad0056de41d9f87e5511%26vt%3Db79c95d717f0ad0056de41d9f87e5510

HornyLemur commented 2 years ago

Anyone?

HornyLemur commented 2 years ago

You're the best thank you very much!

On Monday, April 4, 2022, 09:20:14 PM EDT, Web3villian666 ***@***.***> wrote:

I had similar issues stuck on the first sign in page that's the old phishlets.... attually I got the latest .yaml off the author y'all can reach out to him on icq @mrgretzky to get issues fixed if needed.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

ladoual commented 2 years ago

HornyLemur did you find solution ? i have the same probleme with the paypal phishlet the page open and then close with black page . if you find the solution please share 👍