Ask HN: Tracking down fake Airbnb owner

The title is slightly confusing. Note that it is a ((fake Airbnb) owner), not a (fake (Airbnb owner)).

I don't have any advice but I hope they are able to recover their money. Shitty people like that are why some US states like Massachusetts now require all renters to find apartments through a registered broker. Sounds nice and safe but it ended up in me paying 4 months rent to get a new apartment. (2 months rent + security deposit + broker fee which was over a month's rent)

There&#x27;s more to it, more php machinery, but in short:<p><i></i> Basic Info<p>- username at home dir: comitin1 - LiteSpeed server - SERVER_ADMIN=webmaster@airbnb.com-itinerary.app - English not first language<p>- Sends over location, victim ip-port pair, protocol, client, TLS encryption suite<p><i></i> Client (Victim):<p>From main.html:<p>POST &#x2F;transaction.php?id=1 --&gt; transaction.html<p>POST &#x2F;transaction-process.php --&gt; attacker no longer cares...empty response body<p><i></i> Admin<p><a href="https:&#x2F;&#x2F;airbnb.com-itinerary.app&#x2F;rooms&#x2F;762837232&#x2F;files&#x2F;management&#x2F;" rel="nofollow">https:&#x2F;&#x2F;airbnb.com-itinerary.app&#x2F;rooms&#x2F;762837232&#x2F;files&#x2F;manag...</a><p>Login with POST &#x2F;index.php with username and password<p>There is a whole interface for easy management of properties, with its own UI! It does proper client and server-side validation of inputs, uses a set of images of houses and hosters.<p>POST &#x2F;process-data.php<p>POST &#x2F;send-discount.php for a particular property id<p>POST &#x2F;edit-discount-process.php

Is &quot;Not so technical&quot; euphemism for naive? This sucks, but also seems like a low effort scam.

This is gonna sound a bit granny-suck-eggs... but I hope your friend reported it to the police?