164 questions
0
votes
0
answers
61
views
Server Timing API - There's undefined and unexpected png on my running browser
I got a weird issue when I was working on html, js.Below is what I got, the point is that when I sent the same code to other computer, it works well with the data, and I also got a line of "...
- 35
-1
votes
1
answer
174
views
Unchecked runtime.lastError: The message port closed before a response was received. Chrome Extension
I'm getting this error over and over again and still can't figure out how to solve it. The sendResponse function is being called before the analyzePageGuest function has completed its execution, but I'...
- 3
0
votes
0
answers
176
views
Report Message - Outlook Add-In opens Browser and doesn't work correctly
I'm trying to use the "Report Message" Outlook Add-In which I think is MSFT developed to report a "Phishing" e-mail but it's opening the Edge browser to the following URL and not ...
- 2,752
0
votes
1
answer
174
views
Having issues reporting storage buckets that are hosting spam and phishing redirects html/javascript files
The following storage buckets are hosting spam and phishing links and I cannot get any google support to forward my report to upper tiers to take action.
All I get in response is basically "That'...
- 495
0
votes
1
answer
336
views
What are the Risks of using app with dangerous delegated permissions in azure?
What are the risks in using an app with dangerous delegated permissions - besides luring a privileged user to connect the app and use his privileges?
Are there any known dangerous delegated ...
- 127
0
votes
1
answer
56
views
Flask App 500 Internal Server Error for chrome extension tool
Im new to flask and im trying to create a chrome extension tool for a phishing email detection system. I imagine the system works by clicking a Extract Button which will extract the sender, subject ...
- 3
0
votes
2
answers
308
views
Microsoft Defender SmartScreen Edge marked our site as phishing site
Our domain, vstbalance.com, was flagged as phishing by Microsoft Defender SmartScreen. After switching to portal.vstbalance.com (which targets the same folder), the issue was resolved. How can we ...
- 213
0
votes
0
answers
232
views
Malware and Phishing Detection Discrepancy between Google Web Risk Lookup API and VirusTotal
I recently delved into the realm of malware and phishing detection, experimenting with various services. One interesting observation emerged during my exploration—specifically, the disparity in ...
0
votes
0
answers
120
views
Can't connect to NGROK server
After installing blackeye on my VM , I tried downloading and configuring NGROK SERVER but it keeps showing error when I run any command option on blackeye and it won't connect
I tried deleting both ...
0
votes
1
answer
77
views
Python and Phishing links: detect browser blockpages
I am trying to create a small python script to check the following:
if when a URL is opened in a browser a blocking page is shown to the user with a phishing warning
An example of a blockpage from ...
- 23
2
votes
1
answer
99
views
Is it possible to automatically redirect the download of a file to a container in case the file contain a malware?
I was wondering if there is an existing tool that can automatically redirect the download of a file to a container ? Or if there is an existing open-source project about it.
For more context, I wanted ...
- 21
0
votes
0
answers
80
views
Phishing Warning in Chrome
I have a website that generates an email when a user registers. The email has a link (a http get) to an API that confirms the user's email address. The API returns a "true" value. Note, ...
- 129
0
votes
1
answer
215
views
Exchange rule to notify user that they reported a phishing simulation email
We send phishing simulation emails to user's Outlook clients with a 3rd party SaaS. I've also have globally enrolled the 'Report Message' add-in for all our users, that they're actively using. (Add-in ...
- 1
0
votes
0
answers
120
views
What does the recent: 'additional protection against phishing', from Google do?
Recently Gmail has been showing a prompt to use: "additional protection against phishing".
It looks like it only matters if I use Chrome or Android. I normally use Linux and Firefox and I ...
- 5,053
0
votes
1
answer
211
views
How to Deal with Bold Red 'Deceptive Site Ahead' Warning on Chrome?
I have dev.randomlog.org which serves as a repository for many of my tests as a developer. It's up for over a decade (nearly two I think), but...
3 days ago, the notorious big red warning covers ...
- 723
1
vote
0
answers
180
views
Browsers incorrectly flag my intranet sites as phishing
I have several (not only) web services running on my local network, like TrueNas, jellyfin, pihole, home assistant, etc.
Some are accessible from outside (I have a static public IP and port forwarding ...
- 46
-3
votes
2
answers
105
views
Phishing login form [closed]
I am working on a phishing quest, where I have to clone a company login form and test my colleagues who failed the cyber training.
My planning procedure is the following:
Get clone of (any) login ...
- 178
1
vote
1
answer
871
views
How to correct a misconfigured spf record to stop sending phishing or spam emails from our domain by attacker?
I got this email recently that speaks about vulnerability issue with our email because of misconfigured spf record. Please find below the actual email.
Is this really an issue? How to address the ...
- 13
2
votes
0
answers
591
views
Site marked as deceptive for Phishing, even when it is not
I have a social media site made with Next.js Typescript and Sanity CMS, which has been marked as deceptive site by google. When I searched for the sample URLs in the google search console, I found ...
0
votes
2
answers
37
views
Can I be sure that a Sharepoint site is owned by the company?
I got an email at work asking me to update a password in a document at a web address in the form https://companyname.sharepoint.com/:x:/s/...
Can I be assured that the company "companyname" ...
- 756
0
votes
1
answer
141
views
Does disabling the "Allow from Unknown Sources" Option in the Android settings prevent automatic malware download/installation?
So the other day I was thinking about app distribution and I came across this setting in the Android settings "Allow Unknown sources". I have read a few articles about it, but none seem to ...
- 31
0
votes
0
answers
116
views
Hosting EDUCATIONAL Phishing Site
Is there any place where I can legally host a phishing site for educational purposes? I need to for my Information Security course project. I've hosted it on Firebase and Github but they've both been ...
- 9
4
votes
2
answers
3k
views
Can I trust Git Credential Manager by GitCredentialManager?
I've used Github desktop for a couple of years. Today it will suddenly would not log in to my account, although I have not changed password lately. When I click login with browser I'm taken to a page ...
- 81
0
votes
0
answers
175
views
Report a phishing site hosted in
Phishing Site
Does someone know how can I report a phishing site hosted in Heroku? I'm trying to find a number or email to let us know if they can down the page
0
votes
1
answer
8k
views
Can emails with firebaseapp.com domain be phishing emails? [closed]
I received 30+ emails in all languages (often eastern European) that always say the same thing :
"hello
We received a request to access project-0000000000 with this email address. If you want to ...
-1
votes
1
answer
1k
views
Ngrok not working after add the auth token and doing all the steps -blackeye
Ngrok not working in blackeye :(
enter image description here
enter image description here
- 1
2
votes
1
answer
4k
views
How do I fix this 'phishing' warning in my app deployed in vercel?
Hi people: I deployed my videogames CRUD in heroku + vercel and I'm getting a "phishing warning" like this one from every browser when I visit the site:
I tried redeploying the app with a ...
- 41
2
votes
1
answer
2k
views
I need PhishTank API keys because registration for new users is temporarily disabled?
I want to build a real-time Phishing detection application so I need API Keys.
- 31
2
votes
2
answers
504
views
May I know how to report phishing with Gmail API?
It is easy to report phishing in Gmail UI, but I want to report a phishing attack with Gmail API. May I know how to do it and what the api endpoint is?
- 31
-2
votes
2
answers
283
views
Login button not giving submit info while hitting enter works for getting credentials
I'm currently creating a phishing test for my employees and I got into a problem.I'm hosting my index.html on my local server using xampp and I want to when someone logs that I can get their info.I ...
- 11
-1
votes
2
answers
536
views
Is it safe to accept url from user to show in our website? [closed]
I wanna show users websites in their profiles but I don't know after I validate the user's input format to be the valid URL (https://userwebsite.com), is it safe to use that input in a tag (<a href=...
- 13
2
votes
0
answers
541
views
Free phishing email dataset examples
I am searching for phishing email datasets and could find only a couple of them till now. The are the Enron, SpamAssassin, TREC 2007, UCI dataset, Nigerian Fraud Emails, Hilary Clinton Email Dataset, ...
- 39
0
votes
2
answers
413
views
Google thinks my portfolio project is a phishing scam
Basically I made a Netflix clone as a portfolio project, there is a banner along the bottom that shows it's a project built by me but when visiting the page via google chrome I get a red screen with a ...
- 230
0
votes
1
answer
69
views
Didnt realize "aspx?URL=http://cuz.pw/" added to url. Am i scammed?
I just googled a website and sent my login&password. But just after i realized that at the end of url of website there was an extra "aspx?URL=http://cuz.pw/"
So what does it stand for? ...
1
vote
0
answers
188
views
Chrome extension content script for extracting URL features
This is only a snippet of code for building Chrome extension to detect phishing URL. The code below is to extract the URL features. What I do not understand is the purpose of function predict(data,...
- 21
-1
votes
1
answer
463
views
Getting discord webhook from site [closed]
Is there a way to get a Discord webhook from a site? I know of a phishing site that prompts you for your name and password, which it then sends to a Discord server. Last time they were using ...
- 1
1
vote
2
answers
2k
views
Just opened an HTM file with the following code, is it dangerous?
I received an email from an unknown person and opened an htm file in the attachment file. The following code executed :
<frameset onpageshow="document.location.replace(window.atob('...
4
votes
1
answer
271
views
Phishing Website Detection using Machine Learning
I have a semester project where I have to detect phishing website using ML. I have been using support vector binary classifier which is trained on an existing dataset to predict that whether a ...
- 57
-3
votes
1
answer
62
views
Sketchy CDATA code written in Python's byte format
People of StackOverflow, what do these things do? Excuse me for having such little knowledge of Python.
source (please use line wrap): view-source:clipfull.github.io (phishing site's source code)
- 13
2
votes
0
answers
423
views
OAuth client id and guessing
OAuth manual https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/ says that
The client_id is a public identifier for apps. Even though it’s
public, it’s best that it isn’t ...
- 6,277
0
votes
1
answer
197
views
Figuring Phishing redirection hidden in web source code
I'm working at an anti Phishing company and I've stumbled a case which managed to evade our JCrawler, I tried to understand the code and what the attacker did here to stay undetectable and couldn't ...
0
votes
2
answers
1k
views
Exchange Rule based on Sender From "Name" instead of address?
I'm trying to alleviate some phishing attacks that leverage a real From Name, but fake/variable From Address.
Essentially, someone will send an e-mail from John Smith, but the address is xnuinds@some-...
- 13
0
votes
1
answer
835
views
How to report phishing on Firebase.com [closed]
We've received quite a number of phishing attempts that using firebase.com as a landing site. I cannot find any link to report such cases. Does anyone know how to report phishing on firebase.com?
0
votes
1
answer
812
views
auto expand hyperlinks in emails in Outlook with actual URL (prevent phishing)
For emails to Office365 accounts as viewed in a modern Outlook, is there a way to auto expand hyperlinks with the actual underlying URL. This way, users can immediately see where the URL is actually ...
- 53
0
votes
1
answer
106
views
Matching HTML anchors which display different URL from its href [closed]
We're victims of phishing attacks and we want to strengthen our Postfix spam filters.
We want to detect email bodies containing anchors (<a>) around an URL but targeting a different URL in its ...
- 1,031
-3
votes
2
answers
461
views
How to check a part of string with regex pattern in python [duplicate]
I want to check if a string contains some part that matches a given regex pattern.
My regex is to check for the presence of an IP address, it goes like this
regex = '''^(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]...
- 149
10
votes
2
answers
601
views
Doesn't OAuth 2.0 PKCE Flow open the door to masquerading/phishing attacks?
With OAuth 2.0 PKCE Flow for Installed App (e.g. a desktop app/cli/client library), it seems that nothing is preventing an attacker to:
obtain client_id by using the original app (client_id is public ...
- 355
1
vote
0
answers
368
views
AWS SES emails to Gmail accounts flagged as phishing and delayed by 4 minutes
I'm using AWS SES in a Lambda function to send emails. When the email is sent to an Outlook address, or without an attachment to a Gmail address, it is received immediately.
However, when I send an ...
- 254
0
votes
0
answers
617
views
Why am I not receiving emails with the credentials inputted into my locally hosted (non-illegal) phishing site?
Don't worry it's not what it sounds like. I'm doing a project which involves interacting with Phishing sites with Puppeteer.
In order to test my code I downloaded dozens of phishing kits using (https:/...
- 65
0
votes
3
answers
6k
views
How to solve wordpress redirection hacks attacks?
My website https://spicecarts.in just now got hacked! It is redirecting to other sites!
I checked with this tool https://sitecheck.sucuri.net/results/https/spicecarts.in
and found the errors
1.Known ...
- 31