Reporting a Phishing Website

Reporting a Phishing Website

My phish finder has found a real world example of a runescape phishing website. We will start this little project off with a very detailed guide on preforming initial reporting the site to all parties we can find.

The domain

The real identifier of a website is it’s domain. Phishing websites will often have a domain that looks much like the real website. In this case we have:

A Runescape phishing Wesbite.

Now I didn’t want to post the text link for several obvious reasons. The biggest one being I don’t want google black listing my blog just because it detected the link here. In the future we will have a database to store this information.
Anyways, the point here, is the first part of this domain (secure[.] is the phishing website in question. This is the part of the URL we will need to focus our efforts on. If we navigate to the base URL, we get redirected to the Runescape website, so not much to see there. What we do need to do is start getting this URL onto spam lists and black lists so users are alerted in their browsers when they attempt to navigate to the fake website.


Report Abuse

Now we can ping the url within any command prompt or linux shell by issuing the command:
By doing this for the above website, we get the IP:
You can preform a ICANN lookup on the IP here:
This gives us the domain registrar and where we can go there to report abuse on the website.
We simply email the abuse email with the domain/url, and information about the phishing activity.
Not to spoil a future post, but digging into the registrar reveals some more dark details about this whole operation. For now though, we will report abuse here.

Domain registrar for

Hackers Hate Bad Attention

This is the first step of our dive into the Runescape phishing websites. I think it’s appropriate to start here, as this is what every user can and should do when they find these websites. Later, we will be going deeper and investigating, but we must start out by doing the basics. Next we will be doing some domain OSINT, and gather as much information on the domain itself. The biggest thing here is attention. The people pulling these scams do not want attention to the site. It makes the site go down faster, and makes them more likely to get caught in the long run. By consistently reporting these websites, Jagex, the governments, and companies start to form a record and pattern of behavior. This is bad news for the bad actor. So talk about it, report the website, and lets get some attention on these scams/domains.

Leave a Reply

Your email address will not be published. Required fields are marked *