The website itself is free of content, save for one small search bar at the top of the screen.
As you've probably guessed, the wannabe Whaler (traditionally a hunter of high level executives and CEOs, now turning their target on, um, random phishers) enters the URL of a confirmed phishing site into the box and hits "Submit".
At this point, the site checks a large list of common (and not so common) filenames that are likely to contain lots of logins gathered up by the original phisher.
If the Whaler is successful, they'll see something like this:
From there, it's simply a case of the Whaler collecting the logins, changing all the passwords and bumping up their tally of stolen details with a minimum of effort. If you're one of the phishing victims whose login details are now changing hands from phisher to whaler, you have my apologies - it can't be nice to see your already stolen account become that little bit dirtier.
While the above site will no doubt be crashing and burning sometime in the near future (especially as the free hosting it sits on can't seem to cope with the strain of becoming the most popular site on the web for script kiddies and account stealers in general), you can bet there will be endless copycats to take its place.
Can't wait to see what "Version 2" brings...