[LinuxBender]

Get the IP of the server the phishing site is hosted on. Look up who owns it. [1] Try to determine if they are resellers or the primary owner of the address space. Give any logs or URL's to the hosting provider. Make sure they understand that the site changes based on user-agent or network so they will have to test from a mobile device.

[1] - https://bgp.he.net/

[liambowen]

OP says: "A cursory investigation showed that Namecheap is providing both registrar and hosting services for this phishing site." So he already contacted the host, Namecheap.

[LinuxBender]

I missed that. Well then... some other options might be gather evidence and upload to IC3 [1] understanding they may be understaffed or alternately discuss it on 4chan of whom I will not link. CC email the people at Namecheap when conversing with IC3.

[1] - https://www.ic3.gov/

[throwawaykwt01]

Thank you for the advice. I'm not a citizen of the US so I'm not sure if me contacting IC3 would be appropriate. I'll probably reach out to them in a couple of days if the phishing site remains up.

I posted the scam link publicly now that this post has been approved: https://news.ycombinator.com/item?id=30616831

[tomklein]

Or alternatively, a DNS lookup + WHOIS of the IP to get the Abuse contact of the hosting provider

[throwawaykwt01]

Already tried that without avail.

Namecheap is listed in WHOIS as the registrar. The domain's reverse DNS record points to namecheap servers. I posted the scam link publicly now that this post has been manually approved: https://news.ycombinator.com/item?id=30616831