Phishing Site
Does someone know how can I report a phishing site hosted in Heroku? I'm trying to find a number or email to let us know if they can down the page
Related
I am new in this community.
I have not much knowledge of coding. I am facing below issue, please assist me to solve the issue.
I have 2 websites. I added Auth0 authentication in Website A and its login process is working. I want to that, suppose user is already logged-in on website A, Can I Request a users status of website A using another website ?
I have check out some blog, but those are not sufficient.
So I have a website that send phishing emails for employers and I get the results for this campaign (for example how many employees click on the link, etc)
While testing my website on my personal emails the website became dangerous.
What should I do ?
Disclaimer - I run a phishing simulation service called CanIPhish and I came across this exact same issue when building my phishing websites.
What's happening here, is google is discovering and analysing your website through both it's normal indexing capability but also by scanning emails and detonating links.
When Google or it's threat intelligence partners discover your website it's analysing the content and accordingly flagging it as malicious.
To get around this issue, you need to hide the website behind a load-balancer or CDN which can perform conditional routing based on querystring parameters. Within the querystring you need to create a single-use GUID tied to the campaign and target. When the target detonates the link, they're forwarded to the phishing website and the GUID becomes inoperable. This way, when google or a threat intelligence partner index the site or detonate links in an email, they see something completely different to what your actual targets see.
I'm operating my myriad of phishing websites by hosting them on Amazon S3, I'm using Cloudfront as the CDN, Lambda#Edge on Cloudfront to inspect QueryString parameters and a mixture of DynamoDB with S3 for storing target user details and details on whether a GUID has already been detonated.
To see an example of this - try browsing here and all you'll see is a "Oops you clicked a phishing link" instead of the actual page which is a Google phishing site.
I have recently created a website for my client, but when I try to post to my facebook or Linkedin, I noticed that the web security advisor shows it is malicious site and given it a red cross after the link.
I would like to know what is going wrong with this url? Any solution to fix it up?
I have been publishing my site to Azure and I've been restricting IP addresses so only people on my list can access the url ex. mysite.azuretestsite.com. But now I want to show people but I don't want to have to ask everyone for their IP address just to give them permission to view it.
The one thing I'm worried about is bots/web scrappers like Google who will pick up my site and then it might end up in their search results or for other purposes, which I don't want to happen before I go live.
Should I be worried about having the site live even though I have't registered the domain name yet? What are the pros and cons here and does it really matter if nobody know the site url? I'm more worried about bots/etc
Normally, crawlers won't know your site mysite.azurewebsites.net exists, unless you have outbound link, and the landing website happens to turn on analytics.
For that case, there is nothing you can do about it. Otherwise, you have to ask user to sign-up before viewing your site.
I want to know if developers are able to load a specific region of website into their company's Facebook page? If so, How? Is anyone else doing it or is there any company Facebook page I can see or reference?
Reason:
To get around the 810 pixel limit and having no ability to adjust the source website I need to show only a portion of the website in Facebook. When the users hit the link on the portion of the website I want to take them to the appropriate page but stay in Facebook.