I decided to be pro-active today and try and close down a phishing web site, I think I managed it in less than 15 minutes…
The email came in looking like a PayPal ‘security’ message, so a quick look at the email html source revealed the ‘PayPal’ link of
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
actually went here;
http://www.paypal-unlocking.net/
So, checking the source of this page revealed that it was pulling content in from here;
http://69.57.130.51/~stevenbw/web/
Stepping back one directory to here;
http://69.57.130.51/~stevenbw/
Revealed this listing… with another phishing site in the sky/ directory
Confirm.htm
_private/
cgi-bin/ –
class.phpmailer.php
class.smtp.php
images/
off.php
postinfo.html
sky/
web/
… and a quick lookup of the ipaddress using this resource;
http://www.whois.sc/69.57.130.51
revealed that it was hosted at Everyones Internet, Inc.
So I just popped onto their web site clicked the ‘Support Chat’ link and asked the nice person if he was aware of the phishing using their web site. They didn’t know and said they promptly shut it down.
Job done, maybe, if I’m awake and didn’t make any mistakes…