First website take down brag & how to

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Hello I'm New here! Joined: 24 May 2012 Posts: 3

Hey All,

I am not sure if this is the right place, but I am excited about my first website take down and wanted to share Smile

I am still very new to the spambaiting part, but have always been good with internet forensics so for now that is what I was focusing on. I received an email informing me of the suspension of my Paypal account. The thing is, that account is not associated with Paypal, so there was not much homework involved in determining it was a scam. Before joining the spambait community I had not given much thought to the take-down of these sites. However, while the idea was posted everywhere, I could not find a how to so I resorted to using common sense.

So I will share my method for anyone interested. It essentially took less than one working day (I did this on the Memorial Day (Monday) and on Tuesday it was down). Also take note that I use Linux and will reference those techniques.

Recommended Setup
Firefox with NoScript & Ghosty plugins
NoScript - Stops unauthorized scripts from running
Ghosty - Activly blocks tracking cookies & other methods

Terminator - Linux terminal shell that has many convenient options.

Steps

First determine that you have a spoof on your hands and click the link. I primarily do this to make it easy to copy and paste the domain. Most of these will have private registrations, plus it really does not matter who registered the site.

Second, I ping the domain and copy the ip address down (or highlight and copy to clipboard)

Third, Go to a reverse IP website (you can also Google "reverse IP.ADD.RESS" with out the quotes.

With this you can determine the Web Host. Then you simply send an email to [email protected] informing them of the spoof site and the domain(s) involved.

Sometimes there are multiples hosts involved redirecting you all over the place. In the terminal window you can enter "wget spoofdomain.tld" and it will display all of the redirects as it finally gets to the domain and you can follow the same process for all of the ip addresses listed.

It is actually VERY easy.

Sincerely,
Baiter69

Here is a copy and paste from my first one

My email to them

From: xxxxxxxxxxxx [mailto:[email protected]]
Sent: Monday, May 28, 2012 7:15 PM
To: [email protected]
Subject: You are hosting a Paypal spoof site

I have traced a Paypal spoof site to your ip address 207.150.212.117 . The domain is linuxhostpaypal.com. i received a spoof email and went to their site. Retrieved their Ip address and did a reverse lookup.

I trust that you will remove this site.

Their Response

From Abuse Department Tue May 29 15:02:11 2012

Hello,

Thank you for bringing this issue to our attention. The fraudulent site in question has been shut down. We trust that this concludes our involvement in this matter. But feel free to let us know if you require any further assistance.

Thank you,

Abuse Department

Affinity/Hostway Corporation

Posted: Wed May 30, 2012 5:46 pm

Welcome to Eater.

We do have an entire subforum for discussion and killing fake scammer sites. You can find it here.

My setup is Firefox with NoScript (I didn't know about Ghostly - thanks for that) and Flagfox, which gives easy reverse IP lookup.

Good job killing your first(?) fake site. Treat yourself to a nice flag of the nationality the site claimed to have. EDIT: If it's a fake Paypal, I guess you should want to attach United States

to your signature. EDIT2: In my defence, it didn't say anywhere in the post that it was a phishing site. Dorothy's right, flags are not awarded for taking down phishing sites.

Bait safe, and enjoy your stay Smile

Posted: Wed May 30, 2012 9:05 pm

Welcome baiter69.

Good job starting in the world of fake sites. As theprobie said, we have a whole subforum dedicated to fake site killing. You can learn a lot there about how to research, compile evidence, and report fakes that are much more complicated.

One note, though--there is no flag for reporting phishing sites as they are outside of our scope. We focus on sites used in advance fee fraud, as opposed to phishing sites.
For phishing sites, you can certainly report them independently, or you can simply forward them to phishtank and the site being impersonated. For paypal sites you can forward the email to [email protected] and they will usually get the fake killed pretty quickly. Ultimately the fakes cost them money too so they are typically pretty proactive.

Stick around, get a mentor and you'll be running at full speed in no time!

Posted: Thu May 31, 2012 12:31 am

Welcome and congratulations on your first site kill! I'm currently working on a gang of mule breeders who use a cluster of nameservers in the Soviet Union (not actually located there, but the domains are).

I use the programs host and jwhois.

Hello I'm New here! Joined: 24 May 2012 Posts: 3

I will take a look at the link to the site-killing area. Eventually I may get into the email portion.

Thanks everyone for all the good info

First website take down brag & how to	View next topic View previous topic