How Anyone Can DESTROY A Scam Website in Minutes 😤 (Scammers Will HATE This)
Vložit
- čas přidán 22. 05. 2024
- SCAMMERS WILL BE FURIOUS! 😂 The next time you come across a malicious phishing site, you will know how to get it wiped off the planet!
In this video I will be showing you how just by yourself, you are able to utterly DESTROY a phishing or scam website by reporting it to a whole bunch of antivirus and cybersecurity companies. If you get into a good rhythm, you can easily report it to all of them in just a couple of minutes. And often times, just a few minutes later these companies will detect the scam and flag it. This will alert potential victims if they check the domain name on VirusTotal, or the site should hopefully become totally blocked by Google and Microsoft by default, effectively killing the scam site.
▼ Sites to Report Malicious URLs: ▼
• Google SafeBrowsing: safebrowsing.google.com/safeb...
• Microsoft: www.microsoft.com/en-us/wdsi/...
• Fortiguard: www.fortiguard.com/webfilter
• BrightCloud: www.brightcloud.com/tools/url...
• CRDF: threatcenter.crdf.fr/submit_u...
• Netcraft: report.netcraft.com/report
• Palo Alto Networks: urlfiltering.paloaltonetworks...
• ESET: phishing.eset.com/en-us/report
• Trend Micro: global.sitesafety.trendmicro....
• BitDefender: www.bitdefender.com/consumer/...
• McAfee: sitelookup.mcafee.com/
• Forcepoint: csi.forcepoint.com/
• Symantec: sitereview.symantec.com/#/
• Spam404: www.spam404.com/report.html
• Kaspersky: opentip.kaspersky.com/
• Cisco Talos: talosintelligence.com/reputat...
More Reporting Sites I Didn't Mention in the Video (I'll add these as I find them):
• Avira: www.avira.com/en/analysis/sub...
▼ Time Stamps: ▼
0:00 - Intro
1:30 - Today's Scam Example
3:00 - Pro Tip: Site Age
4:07 - Preparing to Report
5:26 - Specific Sites for Reporting
------------
5:36 - Google Safe Browsing
5:55 - Microsoft SmartScreen
6:39 - Contact the Registrar
7:34 - Fortiguard
8:26 - Brightcloud
9:00 - CRDF Threat Center
10:05 - Netcraft
11:03 - Palo Alto Networks
11:25 - ESET
11:50 - Trend Micro
12:45 - Bitdefender
13:04 - McAfee
13:29 - Forcepoint
14:03 - Symantec
14:31 - Spam404
14:39 - Kaspersky
15:00 - Cisco Talos
15:58 - PhishTank
16:20 - VirusTotal Community
------------
16:33 - The Reporting Results
18:43 - Company Response Times
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ - Věda a technologie
I spent so many hours recording and editing this video please give it a thumbs up for the algorithm
• Also someone made a good point to emphasize: Only do this for legitimate phishing / malware domains, not just random companies you were dissatisfied with. Otherwise it will just waste yours and everyone’s time.
• Also to be clear, at the beginning when I say "within a few hours", I just mean that's how long it took the companies to analyze the site. The work of reporting the site to all the companies only takes a few minutes once you know what to do.
• As for getting sites blocked on Firefox and Safari, those also use Google’s Safe Browsing filter, so reporting it there covers them
no because you pinned your own comment
I got this recommended to me only 2 minutes after it was released :)
Being that 7th view is something else.
Again.... first the bot code.. now this.
Really Joe, ya should be hired, by the top team of Google and CZcams, for sure. Along with scammerPayback. You 2 are making awesome work for society, true digital saints.
@@_lun4r_ what's bad about it?
Windows Sandbox isnt anvaiable in home
Please do not misuse this to randomly report any site. This is not to report a website that you purchase something from and they got you a lower quality item or they supplied late. I know some people can be quite ridiculous.
This is not to report a creator's website that you don't like.
Make sure you have done you due diligence and made enough research to ensure the site you are reporting is really malicious.
I think this video should have shown people how to detect and confirm malicious sites before reporting except for the obvious phishing sites and scam website.
But this is a good video. Please use this when you are sure and have proof like screenshots as evidence.
I could imagine there would be people who would report websites simply for disagreement about things such as freedom of expression, I'm of course not talking about people making art based on likenesses of people in real life or anything like that, when it's purely fictional in not just scenario but also with it's characters, human rights wouldn't logically apply to anyone besides the artist in question.
Userbenchmark is very malicious though, right?
@@DragonOfTheMortalKombat no its not, its just a benchmark for you pc
@@missevi313 no, it is a misinformation spreading platform banned from various forums for right reasons.
@@DragonOfTheMortalKombat lol no its not
Browsers should get built in report buttons I'm sure that would encourage way more people to report
i did find one in edge but it was just very hidden.
No... Well, I suppose browsers could add a button to report it to themself if they are willing to field the ridiculous number of reports that would generate before publishing them. But.. End users would basically spam it with false reports because they think a site is suspicious. It's worth noting that contacting a domain registrar, etc, Should Not be done unless you are sure that domain's owner is intending or allows the phishing or malicious activity - reports should usually go to the email providers and site contacts _first_. It is worth noting that submitting a false takedown to a domain registrar or ISP can lead to a criminal charge if the complaint is deemed fraudulent and/or being sued for damages if a reckless report causes a domain registrar to mistakenly take something down. The reporter assuming legal responsibility for what they write in their report and making sure to do so accurately are important requirements.
Most end users won't know how to gather and enter all necessary facts, then excess of reports would get backlogged to the point few are ever answered. Organizations' points of contact that deal with these are in a business of investigating and responding to abuse, not providing a customer service - a registrar's abuse contact may be a low-priority secondary job duty of a dozen or less admins.
Thus for end users.. you should mostly report malware or phishing to your IT or site Admin first, Or use the tools they've provided to report to them, but If this is a personal PC.. contact your Antivirus/phishing filter vendor, or Google (or Virustotal), and security vendors will share information, and it's plenty to report to one of those.
Most would probably just abuse it and false report people they don't like or some such
@@HowtoRadicalize yup
So people frustrated for whatever reason ( mostly not legit reason ) could do report revenge. I am not trying to be mean, your suggestion is great. My point is that we humans are a sack of emotions and irrationality.
I wanted add something since it wasn't mentioned. If the website has anything to do with AWS (hosting, database, etc...), you can forward the information to the AWS abuse email and Amazon can shut down their aws account which could be catastrophic for them.
@thgougler Which sounds a way quicker way than reporting to 20 differents websites, thank you ! Btw, how could you tell quickly if the website is actually using AWS services or not ?
@@jeromevoiron1137 whois
whois or nslookup
Yeah I went through AWS' verification process one time. I just wanted to see what services they had and maybe learn something and didn't expect a rigorous verification process. The idea "scammers need web hosting" didn't occur to me.
I imagine even if they spoofed their identity for that process somehow (e.g. with someone else's identity), it's still a PITA. Meanwhile for you it's just a quick form or two.
Scammers will just make a fake copyright strike to this video 😂
The information is already out there now 🧐
@@ThioJoe Already Downloaded The Video I Will Only Reupload It When That Happens.
@@ThioJoe I will download the video for save keeping just in case
@@ThioJoe I also downloaded it like other people and will also try to win the usb
@@ThioJoedownloaded too
That will be so useful to nerf so many types of scams. I didn't even know this existed. You deserve a lot more subscribers because you always fight against scammers and hackers! Keep up your great work!
He nearly has 3 mil and got mentioned on every youtuber and their mother's channel with their antispam I think he's good
@hedwig7s He totally deserves 3 million also yes I have seen ThioJoe's anti-spam project being featured on even LTT's channel
@@hedwig7s just 1 mistake lol thats all it takes, it can be a BANK sending a bank statement as a pdf with password
and lets say he f3cked up in future and forgot to check the email or the email domains looks really convenient as chase bank or other banks
Soon as he opens the PDF, he's a GONER man. Even he can get TRICKED and HACKED. even if you're pro doesn't mean you aint worth getting attacked, just 1 mistake thats all, maybe his GF at his home using his PC for Gaming and try a cheatbot or idk anything while he's away from his Computer. Thats all it takes BRO. 🙄
The average person should be focused on accountability like this. Too many people think someone else will do it
I didn't even know that I could simply report a website like that, and it seems really easy. It's definitely a great idea.
@@CZghost so now are you trying to report every sites you found lol you won't get paid lol its time wasting
The DNS registering process by the scammers is automated. Scripts re-register on another domain in milliseconds. They'll update the URL in the video livestreams (such as Elon Musk crypto scams), Twitter post etc. To really hurt scammers, you need to hit their infrastructure and/or their money streams and/or visit them and take them down.
You're right, they will likely just set up a new site. But at least it will help the people that perhaps get a scam message and don't see it for several hours, and hopefully by the time the do, the site will be blocked.
@ThioJoe fully agreed. Reporting the scam website is always better than taking no action. Even if reporting resulted in one less victim, you already achieved your goal. Your viewers do have to understand that this is a surface-level impact for scammers themselves.
That involves getting your own hands dirty and possibly endangering your equipment and maybe even life. Wouldn't do that.
@@CZghost a small price to pay for the greater good
@@justarandompersoniguess your equipment/life=small price?? when another scam site would immediately take their place anyways???? what are u on
The fact that we have to go to lengths like this to make sure people don’t get phished is unbelievable
Lengths like this? It's filling in simple online forms, it's not that much of a process. You make it sound like wasting a few minutes to take down malicious sites is an extremely arduous process. People these days really want 1-click solutions for literally anything...
@@revsnowfox5798 Yeah What the OP doesn't understand is the reason why there are so many services is because much of this stuff is regional and reporting takes time to propagate through various channels to ensure correct classification. Not to mention, the _numerous_ daily false flags they have to field.
A spread load is not only easier to manage, it also allows for cross-checking and confirmation between multiple parties. Reporting of this variety is more like a jury council reaching consensus based on how often you appeal to them rather than a central authority smiting webpages with the power of Zeus.
@@revsnowfox5798 There's like 20 different forms to report to, and for how many people are sending out phishing links and stuff, it's a lot easier to just ignore the site than fill out 20 forms. It's better to have the barrier set lower.
I agree, why is there no international internet safety organization /police that provides a report we can complete that will link to all security companies... like a WHO for internet or something.
@@cherrypoutines6269 Internet is still new - and international laws are difficult for every country to agree to. Only a couple forms will typically suffice this is just a guide to completely annihilate a site.
This is great. Now imagine, if you made a tool, that would auto report the site to all the websites.
sadly many of them have captchas so bots cant submit reports
@@wojtekpolska1013 yeah I was afraid of that. But this video is still very informative and I'll be using all of the sites myself.
If anyone could do that it would be thio
Some of those report forms have capcha's, so that might not be possible.
yeah, like how theojoe made a program to report every scam comment
As someone who operates a hosting provider thank you for creating a video. Most people don't alert us whilst we can immediately take down a website instead of having to wait for all of the third-party providers to block the site. Going to the source directly will most likely resolve in quicker resolution of taking the site down and stopping toe scammers from stealing other peoples information.
I've tried contacting hosting providers directly and they have never taken a site down. They ask for too much information and proof of damages before doing anything. I'd prefer just dealing with the reports.
@@ananamusly never heard that. In the. Netherlands where we are located we are actively monitored by the gov and they force us to deal with cyber crime and may even hold us responsable for not dealing with it so most of us tend to block those sites.
In my case, they manage to take 12 K making believe it was a investment. I am an idiot.
best feeling in the world is to see people get what they deserve
Registrars that will take a domain down on the strength of a report like this are few and far between. Scammers tend to register their domains with registrars who actively protect them or who have no process in place to take them down for abuse. There are two that I know of (I won't name them here to avoid being sued) that raise immediate red flags, as in I can be 99% certain that a domain registered with them is a scam domain.
i think u should give a few hints for us geeks to watch out for
you can't get sued for saying this kind of stuff btw
the reason ppl hide company names, is in case they work at the company and want to avoid getting fired. you can't get sued for simply saying something about a company that they don't like.
@@LinusTechTipsTemporary for me it was namescheap they wouldn't take down a domain being used to impersonate a bank page without a police report
@@wojtekpolska1013 Yes you CAN. They can sue you for defamation, and unless you can afford a lawyer that can get very expensive very quickly. If it reaches a court and you have a lawyer they will lose, but if you can't afford that lawyer you could lose even though your reporting was accurate.
@@FireAngelOfLondon I mean, you can be sued by any person for any reason. I’m pretty sure what they meant is that you can’t be legally liable for telling the truth. It takes a lot to prove defamation, at least in the US.
Either way, lots of states have Anti-SLAPP statutes for exactly this reason.
When I read the title, I was thinking more along the lines of DDOSing them... Would be ineffective but cooler
I saw in the screenshot that they're using CloudFlare as their name server so DDoSing isn't really an option. Besides, it's illegal and would probably get the DDoSer in trouble with their ISP
You are by far, THE most underrated CZcamsr ever! Bro, u saved my butt more times than i can count, and apparently Linus' too. Please never stop for those of us that TRULY love the work you do.
Appreciate it! 😁
I really like that you made this video, and hopefully it will prevent many phishing attacks. But this won't stop phishing unfortunately, until the domain gets reported the damage is most likely already done and scammers can always register a new domain. Sadly scammers will always be out there scamming people, but raising awareness and reporting it like you showed here certainly helps!
Man, the edit on your videos reached peak really fast! I'm loving it: good, clean and useful.
Cheers from Argentina.
Absolutely BRILLIANT tutorial Theo, which I have already put to good use !
Thank you very much for taking the time to research and create this tutorial. Cheers mate 😍
Glad I found this video. I've noticed a new discord scam that's been going around where someone will randomly add you. and never actually talk to you.. and instead just have a profile description, with a link in there. And just.. hope that you're curious enough to click the link to see what it is. Scammers are getting more and more creative every day, so it's nice being able to take down scam links fairly easily
If you want to do a follow up you should do one on how to report spam emails to vendors like AWS.
@ThioJoe : Excellent work Joe !!! 🙂🙂🙂
The only shame is that we sort of need to submit our malicious activity reports to all these sites individually. It would be so much better and easier if there was 1 centralized reporting point, and from there on allthe companies could use that to reference this data.
I can't wait for the next scammer to send me a malicious link.
Thank you for all the time you put into this. Much appreciated!
I’ve been doing this manually via various search queries, but having a video like this for reference beats that!
Thank you sooooooo much! It was already reported on one or two website so that is an improvement! Keep doing what you do best! Thanks!
Thanks ThioJoe ! You are the best !
Dude, thank you! This was awesome and I was able to accomplish in 24 hours what a whole company (the company being targeted/copied) couldn't for over a year!
I appreciate your time and effort put into making all those informative videos. Keep up the good work !
One of the best videos you made Thio, not only you covered and altruistic topic in which you obviously put a lot of time and effort, you also made a video tutorial how everyone esle can chp-in too. The effect of this video will be enormous, you can be sure about that.
thank you for making this important video! it will help a lot of people out. every year I encounter 2 or 3 physhing, malware, or technical support your computer has a virus call now website. I never knew what to do after leaving these sites, but from now on I will do this reporting method. hopefully with more of us reporting these websites, they will become less common to encounter.
The thing that I've learned from this video: it would be great to have a single website that would take the report and then propagate it to the other websites, because it feels more like a chore than a simple task.
Sure, two independent reviews and bam they are gone.
Love your channel and knowledge you share with everyone!
Great stuff. Excellent work.
Thanks for this! I come across malicious domains a lot while scam baiting and thankful I know how to properly report them thanks to YOU
Yes! Another episode of the scam saga!❤
Excellent video! Great to see the whole process of filing reports to various companies. Thanks!
Great Video! I hope it helps people reporting such scam Websites
Excellent. I am now part of team 'Shut Them Down Now'. :)
Great useful practice for developing one's OSINT skills.
Love your content, very useful! keep the good work up.
Fantastic Video! Excellent work.
Good tips. I've had luck with various forms of spam and scams I get on my cell phone using a similar mindset; scammers' approaches toward what they send me have been changing as a result. Sometimes hard to determine what should get which reports as I don't always know it is a scam as I have limited interaction with them; some get minimal or no effort from me. As for direct shutdown efforts, I usually target URL forwarding/shortening services, email reply to points, and phone numbers to respond back to; this video's tips are directly on track for the custom URL reporting. Thank you.
Thank you for this! Very detailed.
This video deserves to be seen by everyone on this planet
Dunno if you're _the_ GOAT TJ, but you're definitely in the herd of GOATs. You've earned your keep.
You are a saint! Thank you! I just got scammed and I want to save others from getting scammed as well.
Thank you for submission malicious/scam URLs :)
awesome thats good way to get these scammers angry lol everyone should share this video to everyone so everyone on this planet knows how to do get scammers angry
Much appreciated! Thanks for all your hard work, but how many people will watch the entire vid? This can't be good for your engagement stats.
I reported the malicious url and within 30 minutes Google Chrome blocked it. Thank you very much 👏👏👏
Bro, I remember trying to boost my wifi with an empty can of soda lololol. Been a fan for quite awhile. Much love from PA brother.
Thank you so much for making this video. This has been very helpful. I'm really glad that I came across this.
Wow 😲 This is AMAZING 🤩 Many Thanks Theo!!
Thanks, I’ve been searching for a way to do so for a while now, now I can do it with ease
Just used this video to report a steam phising site i found. Thanks a lot for putting a lot of work into these high quality videos
You rock! Thank you for your work.
Love your videos so full useful info. Liked and subbed :)
Thank you, we need more such videos on the internet/CZcams
AMAZING VIDEO!! so useful! i hope more people see and apply this
Excellent, thanks for this!!
You should be hired, by the top team of Google and CZcams, for sure.
Fraud Detection Agency (if they have one)
No. Anyone with IQ over room temperature could figure this out
No, he shouldn't. His tips are way too powerful for Google to deserve him.
Keep in mind Google profits from scams. As they sell ads for the scammers. They don't appear to care as long as they get paid.
You are doing God’s work - thank you! I’ve reported some refund scam sites to Google and been ignored so now I know what to do to get them taken down.
Thankyou for the site links!
i bookmarked them & will be using them.
There's too many "free game" steam fake accounts on tiktok & reporting them to tiktok had zero effect... "did not break community guidelines" 🙄
Now i'll report the sites they link in their bio by using your method!
Thanx again!
I typically fire a report towards the dns registrar and the server hosting company (you can whois an ip to get an abuse email for it). The site in question is often down in a couple of hours.
- Losing access to the domain name means the links the scammers sent are now useless.
- Losing access to their servers may even cause them to lose data if they are a bit sloppy.
- Plus the registrar and hosting company are the only ones who really know who the scammers are. So *if* they address the issue, any further reporting is an exercise in futility.
Except there exist bulletproof hosters that will ignore abuse emails. They're rare in my experience, but your millage may vary. By a lot, probably. So this video is still pretty useful in that regard.
Phone scammers sometimes show up on networks that take action with proper reporting. As they get booted from one, another, and a third...eventually they end up on the ones that are more permissive in allowed activities and less permissive about actions taken. I get feedback from Verizon about a number of my reports having action taken.
Im so proud you have matured :)
great content Thio 👍
Why nobody says how great he works to give us the best videos?
I never knew you could do that
i remember when i hated this guys guts, his fake help vids kept popping up instead of the real help vids, i had to memorize this guys channel so i could specifically avoid his trolls. he had already wasted about 30 minutes of my time. now i love him, im so glad he decided to used his skills for good instead of evil.
i made this comment before the thiojoe itself LOL
@@knightning3521 yeah, before he did that
I nearly fell for this exact type of steam scam once.
The thing that saved me, was my password manager not auto filling my credentials, which made me suspicious and take a closer look.
Those things are really convincing these days.
thanks for the amazing consolidation, helps a lot take down scammers
I think the reason that Chrome does not block the site right away is probably that Chrome would first need to update the local blacklist. So, this has noting to do with their infrastructure, but with the update cycle of your local Chrome installation. “Enhanced protection” would probably send each individual website you are opening to Google. The reason this is not enabled by default is probably privacy protection. If you enable “enhanced protection”, I expect that Google is technically able to track all sites you are visiting throughout the day and attach that to your advertisement profile. Even using incognito mode wouldn't change that. I don't know if they are doing it, but they could do that, and it would be impossible to check from anyone outside of Google. There was actually some controversy in Germany about a similar topic with Chrome. I am wondering if they actually introduced “Standard protection” and made it the default due to this controversy. (Maybe the controversy was exactly about this “enhanced protection” feature before it was optional. I don't know.)
BTW, I would kind of expect that some of these blacklists are synced with each other in regular intervals. I am not sure if you actually have to report the website on all sites individually.
A few of my friends fell for this kind of BS. I know because I've had some send me requests for this. I've never signed in as I thought it was odd reading the terms of service prompted me to login. Thinking about it, I was tempted to challenge them to do an Overdrill in Payday 2 to put them through a nightmare that lasts over an hour to get them to miss their game. Anyway, I think I am going to share this with people to raise awareness.
Excellent job 👏. Thanks So much 🙏
I want to thank you for the great video. I am Editor in Chief of a respected journal from the USA. Uninformed authors where submitting articles to a bogus copy of our site and paying a large publication fee which our journal does not do. They stole all our credentials even our name. We followed your careful and meticulous directions. Very quickly we received word that this bogus site was labeled as malicious and phishing. I truly appreciate the time and care you put into this video! Thank you again!
ThioJoe you absolute chad!
Good work!
Thank you so much for this video! I just got a phishing link a few hours ago and now I'm following all the steps in the video to report the link.
And, the website did get taken down. So, I can confirm that following the steps in the video works!
Nice work mate 👍
Got my first Steam scam in quite some time today. Gotta say, I was quite happy to put this video into practice.
This is gold, thanks! 👍🏆
A lot of usps smishing scams are going out right now. Hope your video helps bring down few!
Just yesterday I was helping a friend with this, awesome timing!
Thanks for the info definitely going to come in handy
4 minutes late with other 380 viewers! I already knew that trick. But I didn’t know more anti viruses to report. Thank you ThioJoe!
Excellent instructions! That will help many.
Thank you for this information, very good video.
this video is extremely informative. thanks for giving me a knowledge to punishing the scammers.
Thank you so much. this was so useful.
This makes me feel giddy. It's exciting.
I am bookmarking this video for ease of reporting. Thanks again
EPIC !!!
~ ThioJoe ROCKS !!!! 🤘😎👍
*Fantastic video!*
Using the links to report the scam running on Linus Tech Tips Channel.. oh boy that cryto elon musk giveaway was sooo good!
solid work i just flagged a bunch of phishing sites xD thanks for links!
Excellent video!
Thank you for this information. I have been at a loss on how to deal with this. I have tried the FBI and going to hosts directly and it has been useless. This feels fast more effective.
Any tip on domains used for impersonating companies sending emails for fake CZcams sponsors to get youtubers hacked?
They usually don't set any website on their domain and just set emails and when i report them to their registrar even explaining the whole situation, the registrar usually just responds backs saying "we couldn't find any infrining URLs".
Thanks for sharing. I was recently targeted with a pig butchering scam, and I want to fight back and and try to help other potential victims.
Thanks for putting that out there 🙏
Thank you for sharing!!!
Great tip! Thanks
I love youuuuuu... Keep up the great work
this channel is underrated