Github.io Phishing -> Facebook

Url: https://itsmdshahin.github.io/facebook/

In my opinion some guy just tried to recreate the Facebook login page, since I’ve looked at the source code and the data doesn’t get sent anywhere.

why the guy should recreate facebook login page if is not for phishing purposes.

Also, I don’t know if it’s just me, but the page isn’t marked as deceptive anymore.

Idk, but as I already said, the data doesn’t get sent anywhere. The page doesn’t even have any JavaScript!

1 Like

I totally agree.
Some people just want to recreate facebook logins to learn how to code and for exercises.

then Google safebrowsing detected it.


are you sure?

I’m using Firefox, which also uses Google Safe Browsing, and the warning doesn’t show up. Either way, this site is not phishing. I have reported a false positive to Google. And also, if it was phishing, GitHub would’ve taken it down pretty fast.

google detects it.

poor google.

Either Google wrongfully detected it or someone reported it, which in my opinion is more likely.

blocked by safebrowsing for me too:

It’s down.

…no? I’ve tried on Tor Browser (which by the way deletes all data after you close it) and it’s still up.


Its probably not phishing, the site doesn’t even work.

Greetings everyone,

Click here:
Github Repo for Facebook site

Simple facebook login page, i’m almost sure that this site is just for testing and nothing else. (Atleast i hope so :wink: )

After sending some random login and password, we get a 405 HTTP Status Code which means METHOD NOT ALLOWED.

When you log into Instagram for example, when you’ll enter your login and password into that login form, your browser sends POST Request to instagram server which checks if your login and password are correct and if the password and login is true, it would return your browser a token or something else that will allow you to log in.

In this case, github server simply disallows sending POST Requests to that app that he’s hosting
and returns 405 error code OR he didn’t set up this phishing page propely!

If there’s any more phishing sites using the same template, we can easily check hashes of this index.html file so we can prevent phishing!

Thanks for sharing, reported to GitHub.

bac5772f86a5a8afca0c83bc381f38e2b6699b73402aee58ecd03fd783319af3

I make this code just for practice and nothing else! I’m not a thief :wink: I don’t know why you discuss about it :frowning:
Btw Thank You all
itsmdshahin
Programmer,Web developer & CEO (gamehuntnews & careyourbaby)

1 Like

May I ask you? why you made recreation of login pages for practice instead create your own login page. This is possible Google Safebrowsing detect malicious activity.