Interesting. If you look at the source for the phishing site, it's actually much more nicely formatted than the real SR site. Odd -- personally I would have set it up like a proxy and just replaced all the URLs, then passed all page requests straight through after logging the captured data... but that's not what this guy did. He's either OCD, is an experienced developer, or used an automated tool to rip & copy the site.Otherwise, the HTML source wouldn't be so neatly indented. No, it doesn't really have anything to do with anything... I just find it odd that he's serving up a modified copy of the site HTML instead of doing it dynamically. What if SR changes? Doesn't he want to still phish people after that? :P