top of page

Antibot.pw __exclusive__ -

Antibot.pw is a cloud-based service often utilized within phishing kits, such as 16Shop, to disguise malicious pages from security scanners and crawlers. By analyzing visitor metadata via an API, the tool directs bots to decoy pages while allowing human traffic to access the intended site. For a detailed technical analysis of how this service operates within a phishing framework, see the report from ZeroFox. 16Shop adds Paypal, American Express to their Catalog

The service has drawn significant attention from threat intelligence groups like due to its use in cyberattacks: Cloaking and Evasion antibot.pw

Step 4: Token Return If the client passes, the server returns a JWT (JSON Web Token) or a session cookie set for the .antibot.pw domain. This token is then submitted to the original website to prove humanity. Antibot

It didn't fight with brute force. It fought with intelligence. First, it mirrored the journalists’ server to a honeypot, feeding the botnet false data. Then, it injected a single corrupted packet into the botnet’s command channel—a reverse timestamp. The bots, confused, began attacking each other’s controllers. Within ninety seconds, the botnet fractured into screaming shards of zombie code. Your users are not expecting it: If you

When to block Antibot.pw immediately:

  • Your users are not expecting it: If you visit a standard news site and see a connection to antibot.pw, block it. Legitimate sites do not quietly load obscure anti-bot services.
  • Outbound traffic from a server: If your web server is making requests to antibot.pw, it is very likely compromised and part of a botnet.
  • You see .exe downloads: Any correlation between the domain and executable file downloads is a 100% block indicator.

Risks of Using Such Services

  • Produce a step-by-step automated workflow (Puppeteer/Playwright example) to execute the challenge and retrieve content for authorized testing.
  • Analyze a specific antibot.pw URL/response if you paste the HTML/headers (I’ll examine tokens, cookies, and scripts).
bottom of page