AiTM phishing and cloaking: why clean URL scans are misleading

TL;DR: An AiTM phishing-as-a-service kit paired with cloaking can steal session cookies, bypass MFA, and make automated URL analysis return clean but misleading results, according to Abnormal AI’s analysis of Blacksite; the service is sold with pricing, capacity slots, and buyer reviews, which lowers the attacker skill bar. Clean scanner verdicts must now be treated as inconclusive, not safe.

NHIMG editorial — based on content published by Abnormal AI: Blacksite pairs AiTM phishing with cloaking to evade scanners

By the numbers:

• Blacksite is offered at $600 to $1,000 per month, with seven of twenty slots already filled.

Questions worth separating out

Q: How should security teams respond when a phishing URL scans clean?

A: They should treat the result as inconclusive until they know how the scan was performed and whether cloaking or fingerprint checks could have altered what the scanner saw.

Q: Why do AiTM phishing kits still succeed against MFA?

A: AiTM kits succeed because they capture the authenticated session, not just the password.

Q: What do identity teams get wrong about phishing-resistant controls?

A: They often focus on the login ceremony and forget that compromise can happen immediately after authentication.

Practitioner guidance

• Treat clean URL verdicts as provisional When a link is delivered through unfamiliar infrastructure, classify a clean scan as inconclusive if the page is cloaked, fingerprinted, or selectively blocked for cloud sources.
• Inspect message context before user interaction Prioritise pre-click analysis of sender reputation, lure language, domain age, and redirect behaviour, because cloaking can hide the live page from sandbox detonation.
• Monitor post-authentication session behaviour Flag impossible geography, rapid cookie reuse, browser fingerprint shifts, and unusual session continuity after MFA success, because stolen cookies are the decisive artefact in AiTM attacks.

What's in the full article

Abnormal AI's full analysis covers the operational detail this post intentionally leaves for the source:

• Forum listings, pricing structure, and capacity-slot evidence that show Blacksite is a commercial phishing service rather than a one-off kit
• The full cloaking workflow, including ASN blocking, JA3 and JA4 fingerprint filtering, and the AI-generated white-page decoy logic
• Examples of observed lure domains, scan results, and dashboard views that illustrate how the infrastructure behaved in practice
• The researchers' broader threat-intelligence context on how productized AiTM and cloaking services are changing attacker operations

👉 Read Abnormal AI's analysis of Blacksite, AiTM phishing, and cloaking →

AiTM phishing and cloaking: why clean URL scans are misleading?

Explore further

View Full Forum →  |  NHI Foundation Course →