So I tested out the extension..
First the extension spammed me with "login required"..
So I click the notification to be taken to a login page..
Great? Now I have to create an account and verify a link..
Now I can test how great this is against a "fresh" facebook phishing page being actively promoted via Facebook Ads..
If I click "Deep scan".. I see a screenshot blob being sent over..
response: {
"classification": "phish",
"reasons": [
"Our system has previously flagged this webpage as malicious."
]
}
So if the site were already flagged, why does the "light" scan not show that?
hxxps://r7ouhcqzdgae76-fsc0fydmbecefrap.z03.azurefd.net/new2/?utm_medium=paid&utm_source=fb&utm_id=6900429311725&utm_content=6900429312725&utm_t erm=6900429314125&utm_campaign=6900429311725
The "extension" did a "scan". {"url":"https://r7ouhcqzdgae76-fsc0fydmbecefrap.z03.azurefd.net/new2..."}
response: {"classification":"clean"}
great work?
If I click "Deep scan".. I see a screenshot blob being sent over.. response: { "classification": "phish", "reasons": [ "Our system has previously flagged this webpage as malicious." ] }
So if the site were already flagged, why does the "light" scan not show that?