If they're hosted (e.g. shared hosting), then the hosting party may just lock you out if they had DDOS protection because you're using their resources. They're not happy with phishing sites being hosted on their sites, but also not - and they probably suffer more damage, even if it's "just" resources - from DDOS attacks.