Hello and welcome to the Thursday, September 22nd, 22nd, 22nd, 22ndt, StormCast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Xavier today took a look at fishing pages that are not hosted on compromised servers,

but instead they take advantage of free services

to host various components of the fishing kit. In particular, Xavier is looking at some

resources that may not be as well known as, for example, Google Forms. One example is catbox.m.O.E.

A simple free file hosting site, as often, it does allow files up to 200 megabytes.

By the way, if anybody knows why, this is sort of a common limit, let me know.

And that's, of course, sufficient for most HTML and collateral

like images and such that you may need to create a fishing page. Of course, where Google Forms

still shines here is that you also get sort of that form submission part. Well, there are other

services that allow you to take care of this. Formsubmit.C.O

is one that Xavi has observed being used for fishing sites. It also does actually do the

submission for you. So it turns the form submission in an email, so you don't have to write any code.

I mentioned before, I think about two weeks ago, IPFS.io.

That's another service that allows you to sort of create forms and host them essentially

in their IPFS cloud.

This provides a little bit more work, but still quite effective, and of course, doesn't

have that annoying disclaimer that you have on all Google forms that basically tells people that

this is not a legitimate login page and that you shouldn't submit any passwords. But the real

lesson here is that any free service like this will be abused. So if you

offer a free service like this, you may have good intentions, but please come up with some kind

...