Tutorial: Reporting investment scam websites

Information Tutorials
1

I’ve been reporting investment scam websites for a couple of months now (reported around 200 and taken down around 160).
As there are more and more of them each day, reporting them asap can save possible victims so I thought I’d write a tutorial.

I use chatGPT to draft the mails for each investment scam website, here are the steps:

Before starting, prepare GPT and save this text into GPTs memory:

GPT instruction

Reporting investment scam websites
User expects that when they provide WHOIS data, I automatically extract the hosting provider and the Registrar from the WHOIS and address the report to their abuse team directly.
• User expects to draft two reports: 1 to the host 2 to the registrar
• Reports should follow the agreed structure:
1. Subject: “Investment Scam Website Report – [Website]”
2. Concise intro addressing the hosting provider’s or Registrar’s abuse team.
3. Evidence of scam & financial violations (false claims, identity theft, phishing risks including the legal references).
4. WHOIS & hosting details (Registrar, Domain Created, IP Address, Hosting Provider, ASN, Name Servers).
5. Concise scam warning reinforcing urgency and risks: “Additionally, we strongly suspect this website operates as an investment scam, where victims are lured into depositing money through a fake trading platform, often pressured by call centers. These scams typically involve identity theft risks, manipulated account balances, and refusal to process withdrawals.”
6. Request for immediate action.
• Format: Clear, professional, structured for easy reading (no formatting loss).
• Signature: “Best regards” (no name).
• Reports should remain concise and avoid overwhelming the host with excessive legal references.

  1. Open the website you want to report and the whois (I use: https://whois.domaintools.com/ as it gives the registrar + host information most of the times)
  2. Open this template
Template for GPT

(this is a new website we want to report)
Apply “For reporting investment scam websites” from your memory!
draft 2 mails:
1 to the host
2 to the registrar
“For any future scam website reports, automatically extract the hosting provider and registrar from the WHOIS and address the report to the appropriate abuse team. Do not use the wrong entity.”
if I provide links, put the as plain text in your draft

Evidence for Scam / Financial regulatory findings:

  • Not Registered with Any Financial Regulator
    Finding: The company offers financial services but is not registered with any recognized financial regulator.
    Violates Law: MiFID II (EU) & Financial Services and Markets Act 2000 (UK) – Offering financial services without authorization is illegal.

  • Impersonation / Identity Theft
    Finding: Claims to be [Company Name], but the real company is [Official Website].
    Violates Law: Fraud Act 2006 (UK) Section 2 – Fraud by false representation.

  • Fake or Misused Regulation Number
    Finding: Claims to be regulated under [Regulation #], but this belongs to [Legit Company].
    Violates Law: Financial Services and Markets Act 2000 (UK) & MiFID II (EU) – Misrepresentation of regulatory status is illegal.

  • Non-Existent Company (Fake Address, No Registration)
    Finding: Claims to be [Fake Company] with an address at [Address], but no such entity exists in any Business Registry.
    Violates Law: EU Anti-Money Laundering Directive (AMLD) – Requires financial firms to be legally registered.

  • Phishing / Unlawful Collection of Payment Card Data
    Finding: The website demands scanned copies of both the front and back of a credit or debit card, which violates multiple financial data protection regulations. Even when requesting partial details (e.g., last 4 digits), such practices pose serious fraud and identity theft risks.
    Violates Laws:
    UK: Fraud Act 2006 – Unlawful acquisition of financial details
    EU: GDPR – Unlawful processing of personal data
    Global: PCI DSS – Prohibits merchants from storing sensitive cardholder data

  • No Impressum / Missing Company Details
    Finding: Website does not provide a legal company name, address, or registration.
    Violates Law: EU E-Commerce Directive 2000/31/EC – Requires transparency about company identity.

Whois:
XXXX

  1. Check the website and fill in your findings in the template, for example: is the company + address real? is the company registered with any financial regulator [which is mandatory for offering financial services]? is the company asking for a scanned credit card [if yes: that’s illegal and you can keep the phishing part in the template, if no: remove it as some hosts/registrar will answer: “no proof for phishing found” and will close the report]?..
  2. copy paste the whois from whois domaintools into the template
  3. copy paste the whole filled out template to GPT and let it write the reports
  4. send the reports to the registrar/hosts (if you are interested send me a DM I have a list of registrar/hosts contacts including a rating if they act or if they don’t. I don’t want to post it here as scammer like that info as well of course). Remark: don’t rely on GPTs information on how to contact the hosts/registrars, you need to search for the correct ways yourself or the report ends up in nirvana.

if you have any questions let me know
cheers from Germany
dubloox3

1 « J'aime »
2

I updated the format and logic for reporting (makes it a bit easier for the Registrar/Host to understand: this is a scam)

New GPT instructions

Reporting investment scam websites

  • When provided WHOIS data, extract hosting provider and Registrar from WHOIS; address reports to their abuse teams correctly.
  • Draft two reports if host and registrar differ: 1 to host, 1 to registrar.
  • Reports follow this structure:
  1. Subject: “Investment Scam Website Report – [Website]”
  2. Intro:
    Dear [host/registrar] Abuse Team,
    We investigated [Website] and report it for suspension for operating an investment scam. Below is a clear Chain of Proof proving this is an investment scam:
    Proven investment-scam [Website]
  3. Company offers financial services
  4. Company does not legally exist
  5. Company is unregulated
    [If applicable:]
  6. Illegally demands identity/payment card data
    No legitimate financial firm operates this way. Please suspend the domain under your abuse policy.
  7. Chain of Proof (user provides description + proof using template):
  8. Offers Financial Services
  9. Fake / Non-Existent Company
  10. Company is Not Regulated
  11. Identity Theft & Phishing (if applicable)
  12. WHOIS & Hosting Summary: (Registrar, Domain Created, IP, Hosting Provider, ASN, Name Servers)
  • Signature: “Best regards” (no name)
  • Formatting:
    Use bold headers, numbered structure, short clear phrasing. No emojis/symbols.
    Lists must work in rich text and plain text (single-line items, no extra breaks).
    Put any links as plain text.
New Template for GPT

(this is a new website we want to report)
strictly follow the memory entry titled ‘Reporting investment scam websites’ verbatim for structure, tone, phrasing, and formatting
draft 2 mails: 1 to the host / 2 to the registrar
“automatically extract the hosting provider and registrar from the WHOIS”

here’s the description + proof for the “chain of proof” for this site

Chain of Proof (includes legal relevance):

  1. Offers Financial Services
    Clearly visible on start page → mandatory to be registered & regulated otherwise illegal!
    Proof: LINK
    → Regulation mandatory according to: U.S. SEC Act, UK FSMA 2000, and EU MiFID II.

  2. Fake / Non-Existent Company
    Claims to be COMPANY with an address at ADDRESS, but no such company exists in any public business registry → illegal!
    Claims to be COMPANY, but does not list a valid address = clearly non existent → illegal!
    Claims to be COMPANY, but impersonating a real company: [real company] → illegal!
    Proof: LINK
    → Illegal under EU Anti-Money Laundering Directive (AMLD) – Requires financial firms to be legally registered.

  3. Company is Not Regulated
    Offers financial services but is not registered with the any regulators → illegal!
    Offers financial services misusing regulation credentials → illegal!
    Offers financial services but is not registered with the any regulators including an official regulators warning → illegal!
    Proof: LINK
    → Illegal under MiFID II (EU) and the UK Financial Services and Markets Act 2000.

  4. Identity Theft & Phishing
    Unregistered & unregulated but still demands sensitive personal and credit card information → illegal!
    Proof: LINK
    → Violates GDPR, PCI DSS, and the UK Fraud Act 2006.

Whois:
XXXX

should look like this now, based on a site posted by @ScorpionMIT a while ago on TSU (and suspended by the host already)

Example

Subject: Investment Scam Website Report – honeydriptrade.com

Dear Asura Abuse Team,

We investigated honeydriptrade.com and report it for suspension for operating an investment scam. Below is a clear Chain of Proof proving this is an investment scam:

  1. Offers Financial Services
    Clearly visible on start page → mandatory to be registered & regulated otherwise illegal!
    Proof: http://honeydriptrade.com/
    → Regulation mandatory according to: U.S. SEC Act, UK FSMA 2000, and EU MiFID II.
  2. Fake / Non-Existent Company
    Claims to be Honey Drip Trade LTD with an address at 5895 W. Olympic Blvd. Los Angeles, CA 90036, but no such company exists in any public business registry → illegal!
    Proof: https://www.sec.gov/cgi-bin/browse-edgar?company=Honey+Drip+Trade+LTD&match=contains&CIK=&filenum=&State=&Country=&SIC=&owner=exclude&Find=Find+Companies&action=getcompany
    → Illegal under EU Anti-Money Laundering Directive (AMLD) – Requires financial firms to be legally registered.
  3. Company is Not Regulated
    Offers financial services but is not registered with the any regulators → illegal!
    Proof: https://www.sec.gov/cgi-bin/browse-edgar?company=Honey+Drip+Trade+LTD&match=contains&CIK=&filenum=&State=&Country=&SIC=&owner=exclude&Find=Find+Companies&action=getcompany
    → Illegal under MiFID II (EU) and the UK Financial Services and Markets Act 2000.

WHOIS & Hosting Summary:
Registrar: Hostinger Operations, UAB
Domain Created: 2024-10-23
Expires: 2025-10-23
Name Servers: NS7.ASURAHOSTING.COM, NS8.ASURAHOSTING.COM
IP: 198.251.88.188
Hosting Provider: Frantech Solutions
IP Location: Luxembourg – Luxembourg – Luxembourg
ASN: AS53667 (PONYNET)

Best regards

as “proof” I recommend to check if the company even exists (for example: UK company register) and then check if the company is regulated (for example FCA - UK regulator).
As some registrars only react to “phishing” I’d recommend to look on the site if you can find a proof for the fake company asking for ID/drivers licence/credit card copy (fake company asking for this = phishing).

1 « J'aime »