How do YOU takedown your fellow phishing sites?

General
1

This isn’t a topic that is asking how to report an site through phish.report, but actually just asking how do YOU report your sites?

If you don’t know what I mean, heres how I do it:

  1. Find a scam or phishing site
  2. Put the link into a temporary notepad file
  3. Use a sandbox to analyse the website
  4. Report it (through phish.report, ofcourse :wink:)
  5. Repeat

Share your ways how YOU do it!

2
  1. When I found it through sources - I’ll just visit it. All phishing campaigns targeted my country is safe for browser/OS for now.
    With some ChatGPT wrote some bot with 2 buttons - check and report. Bot with scripts is hosted on free Oracle VPS.
  2. First - checking for duplicates in gov filter list. Also I check in my channel where all urls/domains are posted for counter and dedup.
  3. Then with same bot report domain and URL to 4 destinations: 1) [private]; 2) Netcraft; 3) phish.report; 4) channel.
  4. Then visit phish.report cases page for reporting to Google Safebrowsing and registrar. If hosting is not Cloudflare - report also to hosting provider with screenshot url (urlscan…png) if bypasses Cloudflare.
  5. Wait for mail from Netcraft and open issue if webpage is still alive and status is not Malicious. Take screenshot from mobile or paste urlscan…png if bypasses Cloudflare.

About not reporting to CF - see this..
About Microsoft - Edge have <2% browser marketshare for my country. If it blocks only in Edge/Office - no sense to report. Also Edge use Google Safebrowsing.

ToDo:
>3. Convert ID/UUID for links before sending from bot as answer for report where needed.
>4. Report to Google directly through API. There are 100 reports/month free in Google Cloud/Web-risk API.
>5. Create Netcraft issues with screenshots via API (and half-automated after status changes - periodic check for it), paste converted to base64 screenshot from ulrscan.

Sometimes report on sources through platform where it located, but its not effective.

3

Unpaid Cybersec student here - (have been sick and away with bad flu recently)
1- DnsPedia (only free and freshest NRDs I can find. Manually query current day.
For example, In Oz we have MyGov, Oz Gov portal. Huge amounts of phishing kits aimed at it. Dont search ‘mygov’, but just ‘gov’ as ‘mygov’ will only return half the results that are actually there. The variations are endless and my pattern matching is quicker as I dont have a subscription and scraping returns obfuscated data.
2- Notepad a whole slew of mygov, auspost, aus, -au, au-, linkt, bank, bnk domains that I have already opened and confirmed to be active sites.
3- If not confirmed, throw the whole list into bulk status checker.
4- see which ones are operational. (always use mobile UA agent as many are designed not to open on regular PC browser, only mobile device, same for status checker, Android mobile agent there)
5- Open URLscan, copy URLscan, copy screenshot. Check certificates issued - (sometimes find several other similar sites all issued under same cert- usually Let’s Encrypt) Add those to list.
6- Phish Report- Report everything. Email - include screenshots of fake site vs legit site for comparison enclosed.
7- Bundle all info up and tweet phishing site with appropriate hashtags and tag the targeted brand, tag the domain name registrar, hosting if able.
8- Have a coffee and repeat the same process over and over again.

Meanwhile, the brands targeted ‘should’ be doing all this, but they don’t…or at least not very well. Old people, non-tech savvy, boomers, everyone is getting hit hard with scams presently, brands just dont care. As long as their personal infrastructure is seemingly safe, everyone else has to fend for themselves.