Glad to see I’m not the only one having fun with this! :D
My favourite one was a fake cryptocurrency wallet that stole the private keys that you entered. It turned out that the backend was a PHP script that emailed the keys to him via mail() and the hosting company suspended his account for sending too many emails.
We need everyone doing this every time they see these kinds of websites.
It’s like picking up litter while on a hike, you just do it for everyone else.