vei сказал(а):
you don't need to know their IP, generate a specific token for them, like example.com/token?=xxxxxx and when spamming, you can create specific urls.
so say you SMS spam, you do this for each number.
lets say you're spamming to 123-123-1234,
you create a specific url for it: example.com/xxx and when they visit, display the malicious site and you can now also connect the visitor to the phone number for future phishing, etc. once done, remove that xxx redirect token from the db. all visitors that visit example.com/bbbb and bbbb token doesn't exist for example, show different safe site.
after 12 hour, clear the entire db of all tokens as anyone who would have clicked would have done so by now and any visitors now are researchers or AVs. during initial spam, clear a token after user submits the data and token is finished for that user, or if they visit and don't enter data after 30 minutes of visiting (so they cannot share link with anyone else. if they were going to enter data into phish, they would have done so before 30 min expires anyway).
on an additional note, verify your phish domain with google by adding to the DNS a TXT verification record. let google index and display the 'safe' version of the site, but remember to make it related to whoever company you are phishing. like, if you are phishing Citizens, make your safe version be Foreign Banking Consultation Company or Accounting Firm... etc
Нажмите, чтобы раскрыть...