"Deceptive site ahead" Without even using the fake

[Prussian82]

I have noticed that google somehow detects proxifed requests, i have installed evilginx, generated url, for google visited it 1 time in browser to see if it works, then after i woke up about 10 hours later, i got the message

"Deceptive site ahead

Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards."

And site with vps ip appeared in blacklists. Is there any way i can proxify requests from evilginx to google with a dummy domain, so that google will see the request made from that domain and not the actual where evilginx is set up ?

[tgalyean]

For what its worth Google is probably using the X-Forwarded-For header to detect proxied requests. When you go through a proxy, the IP address of each proxy is appended to the header. By the time it reaches the destination web server it will look something like this (or possibly in reverse):

192.168.1.23, 192.168.1.1, 1.1.1.1

You might be able to get around this by using proxy_set_header to explicitly state what the X-Forwarded-For header should be.

https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/ https://en.wikipedia.org/wiki/X-Forwarded-For

[DB2121]

Evilginx is dead. Doesn’t work effectively anymore sadly

[gfctam]

I'm facing the same issue in here. Is there any workrounds ? Appreciate that

[SandeepSrinivasan]

https://transparencyreport.google.com/safe-browsing/search?url=sandy.lol

Check your website here

If it's found a malicious by this site, you can report the issue and it will resolved asap