http://blog.fa.nta.sy/tags/phishing/ Recent content in Phishing on Investigations by 0xFantasy Hugo en-us Thu, 28 May 2026 19:34:33 -0400 http://blog.fa.nta.sy/posts/2026-05-28-google-redirects/ Thu, 28 May 2026 19:34:33 -0400 http://blog.fa.nta.sy/posts/2026-05-28-google-redirects/ Google has a multitude of open redirects that are frequently abused by threat actors. They are used to both deter initial URL scanning and obfuscate the final phishing URL. A recent example of this in the wild found by KnowBe4 showcased combining multiple redirects in a row. Google seemingly has no interest in fixing these issues according to their VRP. These redirects span different Google domains and products including Search, Meet and Ads (formerly DoubleClick). http://blog.fa.nta.sy/posts/2026-04-13-not-a-cloudflare-bypass/ Mon, 13 Apr 2026 16:05:35 -0400 http://blog.fa.nta.sy/posts/2026-04-13-not-a-cloudflare-bypass/ Through my daily work and from reading quite a few blog posts, researchers consistently mistake that a phishing kit is leveraging /cdn-cgi/phish-bypass to hinder web and security scanners. This stems from a misunderstanding of what the Cloudflare /cdn-cgi/ endpoint is and how it operates.