Skyloop Digital Ltd, the operators of fake dating platforms

Wall of Shame Name and Shame
, ,
1

Popup - Hot Dates

Registered via NameSilo on December 30, 2024 - Whois meetflirtpartner.com

image
image975×686 34 KB

The popup redirects users to https://rabbitsmeet.com/, a NameCheap domain operated by Skyloop Digital, Ltd, who claim to operate out of 125 Wood St., London, England, EC2V 7AW

image
image750×421 64.5 KB

The scammers have been previously reported for operating the fake dating platform “FlingPals”

Associated Email Addresses:

3 Likes
2

Was analysing this website (was also pretending to be the target demographic for this site) and here’s what I found - I am new to analysing websites, and I won’t include anything that may not be useful:

The advertisements on the dating part of the website link to a similar form, which then eventually linked me to ‘Swingmyfling’, which has the exact same layout as ‘Flirvia’. They also showed the exact same messages and dating history.

(redacted the pornographic adverts with inspect element and have censored anything sexually suggestive)

image
image1060×869 49.3 KB

image
image1179×850 45.4 KB

Eventually the paywall is presented when one of the ‘users’ sends you a nude picture, which you are then redirected to me.jucydate .com, which redirects to hookupparadise .com

image
image491×578 43.5 KB

image
image517×862 25.9 KB

After three attempts - the ‘Try Now’ button just redirects the user back to the ‘Swingmyfling’ dating site.

In this case, the payment will fail as I am using Stripe’s test card.

Once the victim enters their card details in, the site makes requests to various APIs.

One of which is bp-pay .com (which the card details are sent to):

image
image909×113 7.04 KB

image
image526×349 27 KB

It then sends a GET request to brilliantpay .io, which returns onProcessApp.css and onProcessApp.js.

image
image709×117 6.2 KB

image
image720×113 6.47 KB

I think brilliantpay .io and api.shift4 .com are used to simulate the 3D-Secure part of the payment process.

It seems like some sort of validation of the card details occurs as well, as a request is sent to api.securionpay .com

image
image1131×131 9.25 KB

The API then returns a Base64 encoded string, which contains the card validation details - which includes all the credit card information:
image
image2557×130 36.1 KB

image
image2159×1099 172 KB

Then it eventually sends another GET request to brilliantpay .io, presumably stating that the payment has failed:

image
image1077×113 7.61 KB

It also fetches a JSON file called common.json, which includes the following:

image
image805×936 63.7 KB

WebSocket messages are also sent to
ws.hookupparadise .com/connection/websocket, which helps track the status of payments (e.g. how many times a user has attempted a payment):

image
image1129×944 93.8 KB

When loading onto hookupparadise .com at the beginning, another WebSocket connection was initiated, which transmits information related to notifications, messages, and new likes (and maybe more). The same WebSocket URL is used.

image
image1126×617 95.2 KB

A GET request is sent to
api.hookupparadise .com/init?from=ref&ft=(numbers here), which returns the information about the user and some of the other domains they use:

image
image813×1163 91.9 KB

1 Like