Thanks so much. Cloudflare is indeed harboring all the new kits.
Cloudflare is basically the bunker for scammers, like they even ip banned you for just trying to get rid of phishing sites.
At this point, the bulletproof hosting provider called “CyberBunker” was having less scammers than Cloudflare. CyberBunker - Wikipedia
Cloudflare saying that they care about the safety of the internet is a huge lie, they clearly don’t care.
Cloudflare is a massive pain.
Kill yourself, cloudflare, kys, cloudflare.
We may have a solution to this issue, Our internal analysis toolkit includes a feature that allows us to analyze content inside an encrypted container. I’ll ask someone in our team if circumventing the 1020 ban is possible through that system. I’ll update you when I have the info.
Thanks for feedback. Upon more digging it seems there are some ways to ‘possibly’ circumvent 1020 ip ban, but it seems to be hit or miss using cert info gained from censys.io query. All I really need from the 1020 error malicious website is a screenshot of it operational and the URL header contained also. Thats the ‘proof’ I need to report.
Okay, I confirmed with my team.
That system can bypass the 1020 ban, You can create the screenshot and stuff like that as this system basically gives you a throwaway browser of your choice. If you need access to this system, hit us up in a private message and we’ll get you an account at this “Internal” system.
Thanks so much to you and your team. It means a lot. I’m only having the 1020 issue with MyGov (Australian Government) phishing sites. (all government info, health records, pensioner payments, etc) Everything else is normal. MyGov phishing sites are a huge problem as old people, who are not tech savvy are getting an SMS that tells them to login to their account, they dont know any better…next thing you know scammers are getting their money redirected and all their personal info. Cheers.
Maybe, we could build out several IOK rules to detect the kits deployed that are targeting MyGov?
We have observed some links that are impersonating a similar thing. It’s called “mo” or in longer terms “Magyarország.hu” It’s the Hungarian equivalent of MyGov in Australia. Fortunately, Seems like Hungary is not targeted when it comes to Government websites however other websites such as Telekom Magyarország are targeted often. By the time, our systems detected the presence of the 2 “mo” copy cat phishing pages, They were taken offline by the Hungarian Webhost. Hungarian providers are usually really fast and polite however there are some bad apples there too.