Dark Web Anti-Bot Services Enable Phishing Pages to Bypass Google’s “Red Page”

bypass Google Red Page
The cybercrime forum thread design for Remove Red | Image: SlashNext

In a recent report by SlashNext, cybercriminals are increasingly leveraging anti-bot services available on the dark web to bypass Google’s “Red Page” warnings.

Phishing has long been a favored tactic in cybercrime. The rise of Phishing-as-a-Service (PhaaS) platforms has made it even more accessible, enabling even less technically savvy criminals to launch widespread phishing attacks. Traditionally, Google’s Safe Browsing “Red Page” has served as a critical defense mechanism, alerting users of dangerous websites and reducing the success rates of these malicious campaigns. However, the new anti-bot services are designed to undermine this safeguard, putting more users at risk.

An example of what the Google “Red Page” looks like

Google’s Safe Browsing “Red Page” has been an obstacle for phishing campaigns. It automatically flags suspicious URLs, warning users to avoid potential phishing attempts. This warning system has significantly reduced the number of successful phishing attacks. But with the advent of anti-bot services, phishing operators are now better equipped to avoid detection and maintain their campaigns’ effectiveness.

One such service, Otus Anti-Bot, offers cybercriminals quick deployment and real-time updates, allowing phishing sites to remain operational longer. Otus employs behavioral analysis, bot signature detection, and threat intelligence integration to prevent Google’s bots and other security services from flagging malicious URLs. Similarly, Remove Red focuses on eliminating existing red page warnings and monitors flagged domains via Telegram or Discord, enabling criminals to keep their phishing sites active for longer periods.

Anti-bot services function by deploying several sophisticated techniques, including:

  • Bot Detection and IP Filtering: They identify security crawlers using IP and user-agent filtering, ensuring phishing pages are not scanned by cybersecurity services like URLScan.
  • Cloaking Techniques: By analyzing user profiles, anti-bot services display different content to different users. Cybersecurity bots are often served benign content, while real users are shown phishing pages.
  • Geolocation-Based Targeting: Some services block traffic from outside specific regions, making it difficult for international security teams to detect phishing campaigns.
  • CAPTCHA and Challenges: These features add layers of complexity, preventing automated scanners from easily accessing phishing content

The rise of these dark web anti-bot services poses a significant challenge to cybersecurity teams. By prolonging the lifespan of phishing pages and circumventing detection mechanisms, these services are making it more difficult for companies and users to stay protected online. As cybercriminals continue to innovate, cybersecurity professionals must develop new methods to counter these evolving threats.

Related Posts: