Novel anti-bot services are being advertised on the dark web, offering cybercriminals advanced tools to bypass Google’s protective ‘Red Page’ warnings in a concerning development for cybersecurity teams. These services represent the latest evolution in the ongoing cat-and-mouse game between cybercriminals and security measures. To learn more about combating phishing attackers using anti-bot services, check out our SlashNext Complete page.
Phishing, a long-standing tactic in cybercrime, has become increasingly sophisticated with the rise of phishing-as-a-service (PhaaS) platforms. These platforms have democratized cybercrime, allowing even novice criminals to launch large-scale phishing campaigns with minimal technical knowledge. However, a persistent challenge for these cybercriminals has been avoiding detection by cybersecurity services like URLScan, which scan and block malicious websites.
Google’s Safe Browsing ‘Red Page‘ warning has been a particularly effective deterrent, alerting users to potential dangers and significantly reducing the success rate of phishing attacks. Now, these new anti-bot services threaten to undermine this line of defense, potentially exposing more users to sophisticated phishing attempts.
The “Google Red Page”
Google Safe Browsing’s “Red Page” is a security feature that protects users from harmful websites by warning them of potential dangers, such as phishing attempts. This red warning page advises users to avoid the site, severely limiting the potential success of phishing attacks.
An example of what the Google “Red Page” looks like
For cybercriminals, Google’s detection systems present a massive hurdle. Phishing campaigns rely on high click-through rates, but once Google or other security platforms flag a page, the campaign’s effectiveness plummets. Therefore, to stay ahead, criminals have developed “anti-bot” or “anti-red page” services to circumvent detection.
The Rise of Anti-Bot Services
Anti-bot services, like Otus Anti-Bot, Remove Red, and Limitless Anti-Bot, have become a cornerstone of complex phishing operations. These services aim to prevent security crawlers from identifying phishing pages and blocklisting them.
By filtering out cybersecurity bots and disguising phishing pages from scanners, these tools extend the lifespan of malicious sites, helping criminals evade detection longer.
Otus Anti-Bot
Otus Anti-Bot is one of the most popular solutions, claiming to deploy behavioral analysis, challenge-response mechanisms, bot signature detection, and integration with threat intelligence feeds. What sets Otus apart is its incredibly quick deployment—users can get it running on their phishing pages in under two minutes.
The cybercrime forum thread design for Otus Anti-Bot
Once deployed, Otus allows dynamic configuration changes, meaning the user only needs to paste the code once, and any updates to protection settings are applied in real time across multiple pages. The platform also offers easy IP and country-based whitelisting for customized testing and targeting.
Remove Red
Remove Red focuses on proactive removal of red page warnings rather than prevention alone. They claim to offer a temporary whitelist feature, which keeps the domain safe from reappearing on Google’s red page for a few days after the initial removal.
The cybercrime forum thread design for Remove Red
In addition to this, Remove Red provides monitoring services, keeping an eye on domains and notifying users via Telegram or Discord if their phishing sites are flagged again. This combination of removal and monitoring allows phishers to keep their sites online longer without constantly worrying about red page blocks.
Limitless Anti-Bot
Limitless Anti-Bot claims to extend the lifespan of phishing sites by adding a small piece of code to the page. The service emphasizes prevention over reactive removal, using advanced tools, AI, ISP information, and user-agent identification to distinguish between real users and bots.
The cybercrime forum thread design for Limitless Anti-Bot
Limitless offers two levels of protection: the standard level, which avoids blocking low-risk bots and devices, and an advanced level that blocks even slightly suspicious traffic.
For information about the above anti-bot services and how to protect phishing attacks, reach out to a SlashNext rep.