The domain has been hosted at five different locations since Nov. 30, including several broadband providers, suggesting it may be part of a botnet. Phishing sites hosted on botnets are difficult to shut down, as they can be quickly moved from one hacked computer to another. Botnet-based phishing operations often maintain their own DNS servers which are also shifted frequently to provide a moving target.

This demonstrates the value of the Netcraft toolbar, which protects users as they surf the Internet, blocking access to confirmed phishing sites, even if they remain online.

Netcraft received well over 8,000 reports of phishing sites during November. Each submission is reviewed by a staff member and classified, with confirmed phishing sites added to the list of sites being blocked by the Netcraft toolbar. Each confirmed report is used as a ticket in a monthly draw for a top of the range IPod.