SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 First website take down brag & how to

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
baiter69
Hello I'm New here!


Joined: 24 May 2012
Posts: 3


PostPosted: Wed May 30, 2012 5:00 pm Reply with quoteBack to top

Hey All,

I am not sure if this is the right place, but I am excited about my first website take down and wanted to share Smile

I am still very new to the spambaiting part, but have always been good with internet forensics so for now that is what I was focusing on. I received an email informing me of the suspension of my Paypal account. The thing is, that account is not associated with Paypal, so there was not much homework involved in determining it was a scam. Before joining the spambait community I had not given much thought to the take-down of these sites. However, while the idea was posted everywhere, I could not find a how to so I resorted to using common sense.

So I will share my method for anyone interested. It essentially took less than one working day (I did this on the Memorial Day (Monday) and on Tuesday it was down). Also take note that I use Linux and will reference those techniques.

Recommended Setup
Firefox with NoScript & Ghosty plugins
NoScript - Stops unauthorized scripts from running
Ghosty - Activly blocks tracking cookies & other methods

Terminator - Linux terminal shell that has many convenient options.

Steps

First determine that you have a spoof on your hands and click the link. I primarily do this to make it easy to copy and paste the domain. Most of these will have private registrations, plus it really does not matter who registered the site.

Second, I ping the domain and copy the ip address down (or highlight and copy to clipboard)

Third, Go to a reverse IP website (you can also Google "reverse IP.ADD.RESS" with out the quotes.

With this you can determine the Web Host. Then you simply send an email to [email protected] informing them of the spoof site and the domain(s) involved.

Sometimes there are multiples hosts involved redirecting you all over the place. In the terminal window you can enter "wget spoofdomain.tld" and it will display all of the redirects as it finally gets to the domain and you can follow the same process for all of the ip addresses listed.

It is actually VERY easy.

Sincerely,
Baiter69

Here is a copy and paste from my first one

My email to them

From: xxxxxxxxxxxx [mailto:[email protected]]
Sent: Monday, May 28, 2012 7:15 PM
To: [email protected]
Subject: You are hosting a Paypal spoof site


I have traced a Paypal spoof site to your ip address 207.150.212.117 . The domain is linuxhostpaypal.com. i received a spoof email and went to their site. Retrieved their Ip address and did a reverse lookup.

I trust that you will remove this site.



Their Response

From Abuse Department Tue May 29 15:02:11 2012


Hello,

Thank you for bringing this issue to our attention. The fraudulent site in question has been shut down. We trust that this concludes our involvement in this matter. But feel free to let us know if you require any further assistance.



Thank you,

Abuse Department

Affinity/Hostway Corporation
View user's profileSend private message
TheProbie
Master of Master Baiters


Joined: 24 Oct 2010
Posts: 907
Location: Guarding Goat #1


PostPosted: Wed May 30, 2012 5:46 pm Reply with quoteBack to top

Welcome to Eater.

We do have an entire subforum for discussion and killing fake scammer sites. You can find it here.

My setup is Firefox with NoScript (I didn't know about Ghostly - thanks for that) and Flagfox, which gives easy reverse IP lookup.

Good job killing your first(?) fake site. Treat yourself to a nice flag of the nationality the site claimed to have. EDIT: If it's a fake Paypal, I guess you should want to attach United States to your signature. EDIT2: In my defence, it didn't say anywhere in the post that it was a phishing site. Dorothy's right, flags are not awarded for taking down phishing sites.

Bait safe, and enjoy your stay Smile

_________________
Dai Teatime - real name Anderson Frank:
Safari - Lagos to Accra (WIMP) + unconfirmed travel from Lagos to Cotonou
Safari - Lagos to Nairobi (big beacon hunt, starring Robert Heinrich - featuring myself, Dr. Mike, Muzungu, Gwonam and TheDane)
best quote: I HATE MYSELF MORE EACH DAY TO REALISE THAT I FALL A VICTIM.
Closed lad accounts x2

United KingdomUnited StatesBurkina FasoGhanaCanadaSpainNigeriaGermanyIreland-x14
Closed lad accounts x5 - Charity lads
Closed lad accounts x6 x2
Easter Egg 2012
"Why will i be afraid? Even the government knows its was a result of what they did to us back then, although is not encouraging but it can't stop" - Lad answering if he's afraid of being punished

Last edited by TheProbie on Wed May 30, 2012 9:09 pm; edited 1 time in total
View user's profileSend private message
Dorothy
Baiting Guru


Joined: 09 Jul 2008
Posts: 3114
Location: somewhere over the rainbow


PostPosted: Wed May 30, 2012 9:05 pm Reply with quoteBack to top

Welcome baiter69.

Good job starting in the world of fake sites. As theprobie said, we have a whole subforum dedicated to fake site killing. You can learn a lot there about how to research, compile evidence, and report fakes that are much more complicated.

One note, though--there is no flag for reporting phishing sites as they are outside of our scope. We focus on sites used in advance fee fraud, as opposed to phishing sites.
For phishing sites, you can certainly report them independently, or you can simply forward them to phishtank and the site being impersonated. For paypal sites you can forward the email to [email protected] and they will usually get the fake killed pretty quickly. Ultimately the fakes cost them money too so they are typically pretty proactive.

Stick around, get a mentor and you'll be running at full speed in no time!

_________________
Purple FlowerEaster Egg"I've a feeling we're not in Kansas any more..."
View user's profileSend private message
vonpaso xlura
Different and Distinctive


Joined: 10 Apr 2011
Posts: 12222
Location: Bertcad, Lojbanistan


PostPosted: Thu May 31, 2012 12:31 am Reply with quoteBack to top

Welcome and congratulations on your first site kill! I'm currently working on a gang of mule breeders who use a cluster of nameservers in the Soviet Union (not actually located there, but the domains are).

I use the programs host and jwhois.

_________________
Easter Egg 2012 United Kingdom×12 United States×3 Russia×3 CanadaNigeriaGermanyMalaysiaNetherlandsAustraliaTogo
United KingdomUnited KingdomCanada unwashed
Closed lad accounts×75
×110
Safari Accra - SH Cotonou
This is very frustrating ... their said they is know transaction ... I feel very ebasared right now ... I feel very dissapoited again
YOU CAN'T EVEN KEEP YOUR BULLSHIT SCAM STORIES STRAIGHT!! YOU AREN'T EVEN A SMART CRIMINAL!! YOU ARE GOING TO PRISON!!
E NO GO BETTER FOR YOUR MAMA NAA ME U DEY WYNE ABI GOD PUNISHED YOU AND YOUR GENERATION
you are a fake people so do not ever write to me again.
Am mad at you right now ... Am tired of your questions ... Am sick and tire you and your bank
Nigerian pig . go swallow a grenade idiot. Boko Haram will solve your problem idiot .
View user's profileSend private messageSend e-mail
baiter69
Hello I'm New here!


Joined: 24 May 2012
Posts: 3


PostPosted: Tue Jun 05, 2012 12:34 am Reply with quoteBack to top

I will take a look at the link to the site-killing area. Eventually I may get into the email portion.

Thanks everyone for all the good info
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT