New ask Hacker News story: Ask HN: How to get a phishing website that steals credentials taken down?
Ask HN: How to get a phishing website that steals credentials taken down?
8 by temp_account_32 | 6 comments on Hacker News.
Every few weeks I receive one of those scam SMS messages that are along the lines of "You have not paid for shipping for your parcel, please go to scam-domain-123.xyz to pay" which then has a php form to steal unsuspecting people's credit card details. Sometimes I look for these on popular social media posts as well where people repost SMS scams, and every time I do a WHOIS check, contact the registrar's abuse email, send them the details, and get them taken down so they don't scam more people. I know the scammers will just register another domain, but it does slow them down and in my mind if I save just one person from getting scammed by doing that, it's worth it. It's like a hobby in my free time. My success rate has been pretty much 100%, some registrars like Porkbun get the domains delisted within minutes, I am very impressed. Others take their time but it always works in the end. I have recently ran into one instance where my reports do nothing, the registrar is ignoring it and I'm not sure how I can get it taken down. These domains have been active for more than a month. WARNING! DANGEROUS SCAM websites ahead, do visit if you don't know what you're doing and DO NOT put any details into the forms! I have encoded them in base64 just in case: aHR0cHM6Ly9hcHBsZS13YWxsZXQtaWQ0Ny5jb20v (WARNING SCAM WEBSITE!) The first website attempts to steal all your payment details, and after entering them (I tried with fake ones obviously), then redirects to the second website attempting to steal your iCloud credentials: aHR0cHM6Ly9hcHBsZXBheS5hdXRoLWljbG91ZC5jb20v (WARNING SCAM WEBSITE!) They are both very well made and cloned in the style of official Apple websites. The registrar seems to be ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED. When I contacted their abuse email, I get an automated message saying my message is ignored because they get a lot of false reports (how convenient!), and redirecting me to another website[0] to report it which requires tons of your personal details, photographic evidence, and all sorts of nonsense. I filled out these forms but they seem to just ignore the report anyway. For some reason these websites are still not flagged by Chrome's Safe Browsing despite me making reports[1] and the website running for at least a month, having been registered on 2022-08-03. Google are normally pretty good in flagging these kind of websites but in this instance it seems futile. Any ideas? [0] 1. https://ift.tt/p0whM1D (for users within China) 2. https://ift.tt/wYu8EDX (for users outside of China) [1] https://ift.tt/qSPa2uJ
8 by temp_account_32 | 6 comments on Hacker News.
Every few weeks I receive one of those scam SMS messages that are along the lines of "You have not paid for shipping for your parcel, please go to scam-domain-123.xyz to pay" which then has a php form to steal unsuspecting people's credit card details. Sometimes I look for these on popular social media posts as well where people repost SMS scams, and every time I do a WHOIS check, contact the registrar's abuse email, send them the details, and get them taken down so they don't scam more people. I know the scammers will just register another domain, but it does slow them down and in my mind if I save just one person from getting scammed by doing that, it's worth it. It's like a hobby in my free time. My success rate has been pretty much 100%, some registrars like Porkbun get the domains delisted within minutes, I am very impressed. Others take their time but it always works in the end. I have recently ran into one instance where my reports do nothing, the registrar is ignoring it and I'm not sure how I can get it taken down. These domains have been active for more than a month. WARNING! DANGEROUS SCAM websites ahead, do visit if you don't know what you're doing and DO NOT put any details into the forms! I have encoded them in base64 just in case: aHR0cHM6Ly9hcHBsZS13YWxsZXQtaWQ0Ny5jb20v (WARNING SCAM WEBSITE!) The first website attempts to steal all your payment details, and after entering them (I tried with fake ones obviously), then redirects to the second website attempting to steal your iCloud credentials: aHR0cHM6Ly9hcHBsZXBheS5hdXRoLWljbG91ZC5jb20v (WARNING SCAM WEBSITE!) They are both very well made and cloned in the style of official Apple websites. The registrar seems to be ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED. When I contacted their abuse email, I get an automated message saying my message is ignored because they get a lot of false reports (how convenient!), and redirecting me to another website[0] to report it which requires tons of your personal details, photographic evidence, and all sorts of nonsense. I filled out these forms but they seem to just ignore the report anyway. For some reason these websites are still not flagged by Chrome's Safe Browsing despite me making reports[1] and the website running for at least a month, having been registered on 2022-08-03. Google are normally pretty good in flagging these kind of websites but in this instance it seems futile. Any ideas? [0] 1. https://ift.tt/p0whM1D (for users within China) 2. https://ift.tt/wYu8EDX (for users outside of China) [1] https://ift.tt/qSPa2uJ
Comments
Post a Comment