Author |
Message |
baiter69
Hello I'm New here!
Joined: 24 May 2012
Posts: 3
|
Posted:
Wed May 30, 2012 5:00 pm |
|
Hey All,
I am not sure if this is the right place, but I am excited about my first website take down and wanted to share
I am still very new to the spambaiting part, but have always been good with internet forensics so for now that is what I was focusing on. I received an email informing me of the suspension of my Paypal account. The thing is, that account is not associated with Paypal, so there was not much homework involved in determining it was a scam. Before joining the spambait community I had not given much thought to the take-down of these sites. However, while the idea was posted everywhere, I could not find a how to so I resorted to using common sense.
So I will share my method for anyone interested. It essentially took less than one working day (I did this on the Memorial Day (Monday) and on Tuesday it was down). Also take note that I use Linux and will reference those techniques.
Recommended Setup
Firefox with NoScript & Ghosty plugins
NoScript - Stops unauthorized scripts from running
Ghosty - Activly blocks tracking cookies & other methods
Terminator - Linux terminal shell that has many convenient options.
Steps
First determine that you have a spoof on your hands and click the link. I primarily do this to make it easy to copy and paste the domain. Most of these will have private registrations, plus it really does not matter who registered the site.
Second, I ping the domain and copy the ip address down (or highlight and copy to clipboard)
Third, Go to a reverse IP website (you can also Google "reverse IP.ADD.RESS" with out the quotes.
With this you can determine the Web Host. Then you simply send an email to [email protected] informing them of the spoof site and the domain(s) involved.
Sometimes there are multiples hosts involved redirecting you all over the place. In the terminal window you can enter "wget spoofdomain.tld" and it will display all of the redirects as it finally gets to the domain and you can follow the same process for all of the ip addresses listed.
It is actually VERY easy.
Sincerely,
Baiter69
Here is a copy and paste from my first one
My email to them
From: xxxxxxxxxxxx [mailto:[email protected]]
Sent: Monday, May 28, 2012 7:15 PM
To: [email protected]
Subject: You are hosting a Paypal spoof site
I have traced a Paypal spoof site to your ip address 207.150.212.117 . The domain is linuxhostpaypal.com. i received a spoof email and went to their site. Retrieved their Ip address and did a reverse lookup.
I trust that you will remove this site.
Their Response
From Abuse Department Tue May 29 15:02:11 2012
Hello,
Thank you for bringing this issue to our attention. The fraudulent site in question has been shut down. We trust that this concludes our involvement in this matter. But feel free to let us know if you require any further assistance.
Thank you,
Abuse Department
Affinity/Hostway Corporation |
|
|
|
|
TheProbie
Master of Master Baiters
Joined: 24 Oct 2010
Posts: 907
Location: Guarding Goat #1
|
Posted:
Wed May 30, 2012 5:46 pm |
|
Welcome to Eater.
We do have an entire subforum for discussion and killing fake scammer sites. You can find it here.
My setup is Firefox with NoScript (I didn't know about Ghostly - thanks for that) and Flagfox, which gives easy reverse IP lookup.
Good job killing your first(?) fake site. Treat yourself to a nice flag of the nationality the site claimed to have. EDIT: If it's a fake Paypal, I guess you should want to attach to your signature. EDIT2: In my defence, it didn't say anywhere in the post that it was a phishing site. Dorothy's right, flags are not awarded for taking down phishing sites.
Bait safe, and enjoy your stay |
_________________ Dai Teatime - real name Anderson Frank:
- Lagos to Accra (WIMP) + unconfirmed travel from Lagos to Cotonou
- Lagos to Nairobi (big beacon hunt, starring Robert Heinrich - featuring myself, Dr. Mike, Muzungu, Gwonam and TheDane)
best quote: I HATE MYSELF MORE EACH DAY TO REALISE THAT I FALL A VICTIM.
x2
-x14
x5 - Charity lads
x6 x2
"Why will i be afraid? Even the government knows its was a result of what they did to us back then, although is not encouraging but it can't stop" - Lad answering if he's afraid of being punished
Last edited by TheProbie on Wed May 30, 2012 9:09 pm; edited 1 time in total |
|
|
|
Dorothy
Baiting Guru
Joined: 09 Jul 2008
Posts: 3114
Location: somewhere over the rainbow
|
Posted:
Wed May 30, 2012 9:05 pm |
|
Welcome baiter69.
Good job starting in the world of fake sites. As theprobie said, we have a whole subforum dedicated to fake site killing. You can learn a lot there about how to research, compile evidence, and report fakes that are much more complicated.
One note, though--there is no flag for reporting phishing sites as they are outside of our scope. We focus on sites used in advance fee fraud, as opposed to phishing sites.
For phishing sites, you can certainly report them independently, or you can simply forward them to phishtank and the site being impersonated. For paypal sites you can forward the email to [email protected] and they will usually get the fake killed pretty quickly. Ultimately the fakes cost them money too so they are typically pretty proactive.
Stick around, get a mentor and you'll be running at full speed in no time! |
_________________ "I've a feeling we're not in Kansas any more..." |
|
|
|
vonpaso xlura
Baiting Guru
Joined: 10 Apr 2011
Posts: 13781
Location: Bertcad, Lojbanistan
|
Posted:
Thu May 31, 2012 12:31 am |
|
Welcome and congratulations on your first site kill! I'm currently working on a gang of mule breeders who use a cluster of nameservers in the Soviet Union (not actually located there, but the domains are).
I use the programs host and jwhois. |
_________________ ×12 ×3 ×3
unwashed
×163
×186
Accra - SH Cotonou
you are a fake people so do not ever write to me again.
Am mad at you right now ... Am tired of your questions ... Am sick and tire you and your bank
Nigerian pig . go swallow a grenade idiot. Boko Haram will solve your problem idiot .
you are big fool by send a fake payment information and never you contact me again asshole .
your passgae bearing your ATM CATD ... Ant Terrorist Certificate ... legal verterbrate ... expartiate your meaning ... gets to your dwaignted address ... successful ofghw transfer |
|
|
|
baiter69
Hello I'm New here!
Joined: 24 May 2012
Posts: 3
|
Posted:
Tue Jun 05, 2012 12:34 am |
|
I will take a look at the link to the site-killing area. Eventually I may get into the email portion.
Thanks everyone for all the good info |
|
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|