How Anyone Can DESTROY A Scam Website in Minutes 😤 (Scammers Will HATE This)

Intro Scammers are going to be furious at this video.  I'm going to show you how just by yourself,   you can shut down scam and phishing websites  potentially within minutes. In this video,   I'll demonstrate using a real life scam  phishing site that I found on Twitter   designed to steal Steam accounts.  This website had been up for 10 days   already and not a single antivirus  security company had flagged it yet. But within minutes, I had it flagged by multiple  security companies, within hours, nearly a dozen,   and within 24 hours, the website was completely  blocked by Google Chrome and Edge by default. And   within two days, the domain registrar itself  had the domain name suspended and taken away   from the scammers completely, which is why I'm  not worried about showing the domain name here. Still though, don't go to it. You never know  in the future. So if you didn't think you   could make a difference as just one person,  I'll show you how. All you need to do is know   the various pages that security companies have  for submitting malicious websites and report   them. And to be clear, I didn't use any kind of  special YouTuber connections to do any of this. I used the same exact public forms that  everyone else would, and within one day,   a scam site was shut down. So  as an overview for this video,   first I'll give you a quick explanation on  how this particular scam website worked.   Then I'll show you how to report a malicious  URL to over 15 security companies using their   pages for doing so, which will basically  end up nuking the scam website from orbit. Then I'll give you the results for about how  long it took each security company to start   flagging the scam site. So for this scam, it's  actually getting pretty common recently on Steam,   Today's Scam Example where you get a message from one of  your friends whose account has been   hijacked though. And the scammer  will ask you to go to a website   supposedly for some game tournament  and asks you to vote for their team. Again, still pretending to be your friend.  But on that website, when you go to vote,   it prompts you to log in with your  Steam account. But it's a fake Steam   login window. And it looks pretty  convincing. All the links on this   window go to the real Steam site, but if you  type in any credentials, it will steal them. I've actually seen a couple varieties  of this type of website. On this site,   it actually pops up a separate browser window,  but the URL box just says "about:blank". On   another site, it brought up an entire  fake browser window. So this apparent   window with Steam as the URL showing is  not even a separate browser window at all. Very tricky. Also apparently tricky is it will  also steal your Steam Guard credentials. So I   just put in a fake login credential and it knew  that the login was incorrect. So I wasn't about   to type in any real credentials, but I bet that  it was actually relaying the login and if it   saw that it was asking for Steam Guard,  it would have just asked for that too. And by then it had your login and your  Steam Guard code. And I have to say,   as far as scam domain names go, fps league dot com  actually seems pretty legit. Now obviously do not   go to this website. Right now it's down anyways,  but you still don't want to knowingly visit a   potentially malicious site. As a pro tip, a lot of  scam websites use newly registered domain names. Pro Tip: Site Age They are not up for very long before they get  caught and then they just go down. So a good   way to tell if a site is kind of suspicious  is to look up that registration date using   the so-called WHOIS registration data. If it's  a common domain extension like .com or.net,   you can go to lookup.ican.org and  it will tell you the created date. If it's an extension that that site  doesn't work on, you can just Google   the top level domain extension like .io  and then "whois lookup" and you should be   able to find something from there. And I would  actually recommend if possible that you just   automatically block newly registered domains if  you have some kind of service that allows that. Sometimes hardware firewalls use that,  but one service I've been using recently   that I just found out about, and this  isn't sponsored or anything by the way,   but it's called NextDNS and it  lets you add a bunch of filters,   including newly registered domains. I'm not  going to get into how to do all that yourself. If you don't know how, maybe ask a friend who's  good with computers and they can probably help   you. But I just wanted to mention it. I've been  using it for about a week and I like it so far.   Preparing to Report All right, so now let's get to how to actually  report a malicious URL, assuming you come across   one. So what you want to probably do is open up  notepad and copy over the URL so you have it. And also what you want to do is make a  note - a description, that you'll submit   along with the report to describe what the  scam is. So for example with this website,   I wrote a quick thing that says, "It is a  Steam phishing site. If you click on a link   such as sign in with Steam at the top, then  it will bring up a fake Steam login window." And something like that is detailed enough, just  enough where if a human goes to review the site,   they'll know why you actually reported it  as malicious and they'll be able to easily   tell. If possible, you might also want  to take a screenshot of the scam part,   like the fake pop-up window or something. That  can sometimes be included with the report. And remember if you are visiting  a known scam website, open it in   a sandbox. Windows has a built-in sandbox  now that you can open it with. You can also   use some kind of virtual machine. And  there's also some websites like Anyrun,   which you can use a virtual machine online. Like  you just type in the URL here and it'll give you   a quick 60 second virtual machine where you can  actually navigate around the site, click on stuff. So you can get a quick screenshot through  that. Just you want to be sure you're safe.   Specific Sites for Reporting And now I can go through the individual  pages for all the security websites,   how to report each one. I'm going to  go through them pretty quickly because   there are several. And of course I will  put all these links in the description. Google Safe Browsing Alright so the first big one you'll want  to report it to is Google Safe Browsing.   This will get the website blocked on Chrome.  And all you have to do is put in the URL and   add a little note describing it. So I'll  put that in that I showed you before. And   if it doesn't get auto detected, that note  will of course help them review it manually. And then you just submit it. The other big one  you'll want to report it to is Microsoft and their   Microsoft SmartScreen SmartScreen Filter. This will get it blocked  on Edge and Windows and all that. Now you can   either log in with your Microsoft account or as a  guest. I don't think it really makes a difference.   But either way, you'll just put in the URL and  then choose phishing or the other one, depending   on the website, and then fill out the CAPTCHA  if you're not logged in and then hit submit. Unfortunately there is no notes section  on this site. I'm not sure why that is,   but it is what it is. Also if you're  using an enterprise admin account,   you can go into the Microsoft 365 Defender  dashboard and you can submit a URL through   that. And that does actually let you add a note,  but you have to have like a business account. So most people won't be able to do that.  Next, it's definitely worth trying to   Contact the Registrar report the domain to the registrar and cut it  off at the source. Right in the WHOIS info,   there should be the registrar's  name and abuse contact email. I   emailed this one and basically said  the same thing as in my other notes. But when you do go to type the  domain, don't do it like this.   Write it something like this with  the dot spelled out or whatever,   because the first email I tried to send  got blocked by Gmail, because I guess the   domain was already flagged. So you want to  write it out as not a link. In this case,   they actually just sent an email back saying that  I actually had to fill out a form on their site. So I did that instead. And about two days later, I  noticed the registrar had set the name servers to   show that it was actually suspended. And there  were also some new domain statuses applied,   which corroborate that. Though not every registrar  may show suspended name servers like this. Also,   not every registrar is very good at taking  down sites, but it's still worth it. But usually I found after Google and Microsoft  start blocking the site that the scammers often   just shut the site down themselves anyway. Next  up we have FortiGuard. And here you type in the   Fortiguard URL for the site and hit enter or the search icon.  And you'll see that here it lists the category as   recently registered and a security risk group.  But we want it flagged fully as phishing. So click request a review and then for  suggest a category, choose "phishing" or   whatever the site is. And if you're able, take  a screenshot of the site or the malicious part,   like the fake login window. A lot of these  sites block scanners that are automatic. So   you'll notice VirusTotal actually returned a  404 because it must have somehow blocked it. So putting in a screenshot, a lot  of times it will help with a manual   review. Then just put in your name and  email, you'll get a notification on what   they do. And then for "company", you can  just put "self". And then for comment,   add that same note and then hit submit. And you  should see a confirmation message at the top. Brightcloud Next we have BrightCloud. Just paste the  site in the box that says "Look up URL   or IP" and then hit look up. The reputation  will probably be uncategorized or suspicious   because it's a new domain, but again we want  it fully flagged. So look on the left for the   "Request a Change" section. Put in the URL, then  click on "I would like to suggest a category." In this case we want "phishing or other  frauds." Then click done and then put in   your email and you can leave the  product box empty. Then add your   note and then submit. And then you should  see a confirmation message. Next is CRDF   CRDF Threat Center Threat Lab Center. So at the top, hover over  URLs and then click Submit Malicious URLs. This form is super basic. It just asks you  for your email address and a list of URLs.   So don't put anything except links in here, no  notes or anything. And then agree to the terms,   then submit the request and you'll  see a confirmation number. Now I have   found this website often on the first  attempt might not catch a scam site. I guess it's automated. So in my case, I got  an email about 30 minutes after submitting   it and it says no malicious sites were found.  So what you'll want to do then is follow the   link in the email to the report that they give  you. And then next to the URL you submitted,   you can check the "misclassification" box and  then click "Continue the reporting process." Then here, they finally do let you add  an explanation in this box. So be sure   to put your note and that it has enough  details for when they manually review it,   then just hit submit and it'll say successfully  reported. In the two times I submitted a website   and they didn't catch it at first, I appealed  and both times they then caught it after that. So you might have to do that. Next up we  have Netcraft. So just put in the URL of   Netcraft the site along with your email. And I  actually forgot to do this, but be sure   to select "add further details" and then add  your explanation. And then hit Report Malicious   URL. Fortunately even without the details, it  still caught it and flagged it automatically. But if they send you an email  that says no threats were found,   just hit "Check Results" and then on the left,  click "Report An Issue". And then next to the URL,   select Misclassification and ideally upload  a screenshot for evidence. But then either   put the same note you did before or maybe add  a more detailed one in the misclassification   report reason, and then hit submit issue  and they'll re-review it probably manually. And I did have to do this one time and they did  catch it when re-reviewing it. As a cool side note   for this website, they actually have a leaderboard  for who submits the most malicious URLs the first   time. And they even have some prizes if  you submit enough, which is kind of cool.   Palo Alto Networks Moving on for Palo Alto Networks on the "Test a  Site" page, just put in the URL and hit search. And it may have a few categories already  like newly registered, high risk,   but nothing confirmed malicious or phishing.  So click Request a Change, then put in your   note and then find the proper category and select  it, put in your email and hit submit. For ESET,   ESET they have a "report a phishing page"  form. So put in the URL, then the note. And it also asks you for the organization  being targeted. So in this case, the site   is stealing Steam logins, so I put Steam.  Also, some sites like this one may require   you to add the HTTPS to the beginning of the  URL. So just be aware of that and then hit   submit. And they don't ask you for email, so  you won't get a notification if they flag it. Trend Micro For Trend Micro, you put the URL in the box that  says, "Is It safe?" And then hit Check Now. And   here it just says untested and newly observed  as the category. So hit Reclassify Request. And   then here are two options. So just click the  button under where it says "For Home Users",   etc. And then on this page for safety rating,   select the Dangerous option under content,  select "suggest a different category." Then under Internet Security, choose phishing or  whatever it is. Then you can just leave these two   check boxes alone, but in the box for comments,  add your note to explain it and then enter   email address and hit OK. Now hold on because  there's one more step. For this one you need to   actually go to the email they send you and click  a confirmation link before they actually scan it. And also check your spam box. In my case,  it was in there. So then once you go to the   confirmation link, it will actually submit  for a scan. For Bitdefender on this page,   Bitdefender you'll want to scroll down to the  submission form and then for category,   select False Negative. Then put in your name, your  email, in our case select URL and paste it in. Then for description as usual put the  note and hit submit. And you should see   a green confirmation message show up. For  McAfee, this page is for checking a single   McAfee URL. This box will ask you what product  you're using. Just select the Real-Time   Database option. Here it's at the top. And  then put in the link and hit Check URL. You can see it says it's currently uncategorized.  So down lower for Category 1, select Phishing and   you don't need to select all the categories, just  one is fine. Then put in your note and hit submit   URL for review and it should show a confirmation  page. For the company Forcepoint, in this box   Forcepoint we put the URL. And I guess you can only report  five a day or something, but anyway hit analyze. Currently it says the threat level is  low and is only classified as a newly   registered website. So hit suggest a different  classification. In the suggest dropdown,   the phishing option is actually called "Security:   Phishing and Other Frauds". So select that then  put in your note. Then click submit and there   doesn't seem to be any kind of confirmation  message, but it still should have worked. For Symantec on their site review request page,   first put in the URL and then  hit check category. In this case,   Symantec it just says the URL has not been rated and lets  you fill out a form. For "Filtering Service",   there are a bunch here. I wasn't even sure which  one, so I just picked Norton Safe Web, but I kind   of assume that they're going to propagate the  malicious URLs to all their products anyway. For category, it's just Phishing and then put in  your email address and then in the comment box,   your note and hit submit for review. To submit  to Spam404, this one is very simple. Just put   in the URL and the explanation note and that's  it, hit submit. For Kaspersky on their Threat   Spam404 Intelligence portal, go to the Lookup tab,  then put in the URL and hit enter to search. Kaspersky We can see it is not categorized. So on the right,  hit the submit to reanalyze button and here just   put in your email address and then it lets you  put in a comment to explain. So then hit submit   and you should see a little confirmation  message. Next up we have Cisco's Talos   Intelligence service. This one actually requires  signing up for a free account to report a URL,   Cisco Talos but it is actually probably worth it because Cisco  is such a big company with so many customers. Anyway, on the reputation center page,  you can put in a URL or even just an IP   and then hit the search icon. And here it  says unknown reputation and no category,   but if you have an account, you can click  the buttons to submit a reputation or   categorization ticket. However, one thing  to note is for the categorization option,   very strangely, there is no option  for phishing or malware or anything. It's just regular website categories,  which I thought was weird. So instead   what you have to do is go to the reputation  change option and then in the dropdown here,   select "Suggest Threat Category", and then  it lets you select stuff like phishing and   malware. So do that and then you set the platform  to Talos Intelligence, which is the only option. Then in the comments, put the usual note and  click submit. Finally I want to mention this   one called PhishTank. Now this would  be a good one to submit to because   PhishTank it's used by so many other services. However,   they require a account to submit and for some  reason they have registrations closed right now. So I guess just check back on this one, or  if anyone knows a guy who knows a guy so   I can get an account, maybe just send me an  email or DM me on Twitter or something. Oh,   and one final thing though, you can  actually sign up for a VirusTotal   account and that will let you vote on  a website and also leave a comment. VirusTotal Community So if anyone scans it, maybe even if it isn't  detected yet, they can still see your comment   about it. So now after reporting all of these,  we can get into the results for what happened.   I'll show you the VirusTotal scan results  and then I'll show you as accurate as I can   The Reporting Results the exact amount of time that each of these  security vendors took to actually flag it. So I re-scanned on VirusTotal  after about an hour. And awesome,   there were already four vendors that  were flagging it. But surprisingly,   even though VirusTotal had Google Safe Browsing  showing it as clean, on the actual Google site   to check a domain status, it does say it had  flagged it as unsafe and it was the same day. So I'm sure it was from when I submitted.  And this was even the case six hours later   and even the next day, VirusTotal is  still saying it was clean. So good to   know that VirusTotal can be pretty  delayed with some vendors. And do   realize that VirusTotal won't actually show  the latest results unless you hit re-scan. You can see here that it'll say it was  scanned hours ago and it'll just show   you those results. Also if you do  a scan and it flags something new,   be sure to also re-scan it on both the HTTP  and HTTPS version of the URL. For some reason,   VirusTotal shows these as separate and you will  want people to see the flagged results whether   they look on the HTTP or HTTPS version. And they  might not know they have to actually re-scan it. After re-scanning a couple hours later,  eight vendors were now flagging it. And   after about six hours, 10 of them were  flagging it. Now I do want to mention   something that I just learned, that even  if Google Safe Browsing flags a website,   which apparently it did very shortly after  I submitted it, it won't be blocked in   Google Chrome right away unless you have  Enhanced Protection on in the settings. I just had Standard Protection on and you'll  notice it says "Chrome may send URLs" to Safe   Browsing and checks if the malicious URL is  stored locally. But for enhanced protection   it checks all URLs I guess. So you might  want to enable that. I will say however,   that by the next day within 24 hours, it was  blocking with standard protection by default. And also Microsoft Edge was blocking it with  their smart screen. I'm not sure exactly how   long this took because I was asleep, but  it was within 24 hours. But I will note   that even though both Google and Microsoft  were blocking these, VirusTotal still was   not showing them as being flagged when I  re-scanned it, which was kind of weird. Anyway, I was doing my best to keep track of  exactly how long each security company would   Company Response Times take to flag it, whether by sending an email  or just showing up on VirusTotal. And here   are the results. Though I will point out that  it seems that for this site, fortunately a lot   of the companies were able to automatically  detect it, I guess with an automated scan. Other times it may take longer if it had  to be manually reviewed to confirm. So   don't necessarily expect some of these instant  results, but it could be. So now hopefully you   all are scam website destroying machines.  And the next time you see a scam website   and it just fills you with rage, you can  do something about it and take them down. Definitely give this video a big thumbs  up if you enjoyed it. I put quite a bit   of testing and work into this one, so I'd  really appreciate it. Also let me know down   in the comments if there's maybe other services  that let you submit to it that I didn't mention,   that it would be good. Or you can let me  know if you did this and it worked out. And if you want to subscribe, I try to make  videos about twice a week, Wednesday and Saturday,   so it should be worth it. If you want to keep  watching, the next video I'd recommend is one   where I was talking about some new scams this  year. So I'll put that link right here if you   want to click on it. So thanks so much for  watching and I'll see you in the next one.