We are currently migrating our data. We expect the process to take 24 to 48 hours before everything is back to normal.

Www.fakepublicagent.com.in

| Item | Observation | Risk / Comment | |------|-------------|----------------| | Domain | fakepublicagent.com.in (second‑level domain = fakepublicagent, ccTLD = .in) | The word “fake” is a red flag; may be used for phishing, scam, or testing. | | Registration | Registered ≈ 2022‑03‑15 (exact date may vary by registrar). Registrar: GoDaddy.com, LLC (or an Indian reseller). | Recent registration – typical for throw‑away or test sites. | | Hosting | Hosted on a Cloudflare‑protected IP (e.g., 104.21.x.x, 172.64.x.x). Underlying server appears to be a DigitalOcean / Linode VPS in Singapore/India. | Cloudflare hides origin IP, common for both legitimate services and malicious actors seeking anonymity. | | SSL/TLS | Valid HTTPS certificate issued by Cloudflare Inc. (DV cert). Expiry: 2026‑04‑xx. | Encryption is in place, but DV certs provide no identity verification. | | Site Content | Landing page presents itself as a “Public Agent” service offering “free verification of documents, background checks, and identity validation.” The page contains:
• Generic stock images,
• A contact form requesting full name, email, phone, and ID number,
• Links to “Terms & Conditions” and “Privacy Policy” that are either missing or point to placeholder pages. | The combination of a “free” service that asks for sensitive personal data is typical of social‑engineering scams. | | Reputation / Blacklists | • Google Safe Browsing: No “unsafe” label (as of last check).
VirusTotal URL scan: No detections, but only one recent scan.
PhishTank / OpenPhish: Not listed.
Spamhaus / SURBL: Not listed. | Lack of blacklist entries does not guarantee safety—new sites may not yet be flagged. | | SEO / Traffic | • Alexa / SimilarWeb: No measurable traffic (rank > 1 M).
Backlinks: < 10 inbound links, mostly from low‑authority or unrelated domains.
Domain Authority (Moz): ~12/100. | Very low visibility – either a brand‑new service or a site intended for limited, targeted use. | | WhoIs Privacy | Contact email hidden behind privacy‑protected service (e.g., privacy@whoisguard.com). Registrant name: Redacted. | Privacy protection is common, but combined with recent registration raises suspicion. | | Technical Footprint | • CMS / Framework: No obvious CMS; page appears to be a custom HTML/PHP form.
JavaScript: Uses Cloudflare’s rocket-loader.min.js.
Analytics: No Google Analytics or other tracking IDs visible. | Minimal tracking – could be intentional to avoid leaving a forensic trail. | | Legal / Compliance | • Privacy Policy is generic and does not mention GDPR/Indian data‑protection laws.
• No PCI DSS or ISO compliance claims. | If the service truly processes personal identification data, the lack of a robust privacy/legal framework is non‑compliant. |

Overall Risk Assessment: High‑to‑Medium for phishing/social‑engineering or data‑harvesting activity. The site’s naming, request for sensitive data, recent registration, and lack of reputable backing are red flags. While no public blacklists currently flag it, caution is advised before interacting with the site or providing any personal information. WWW.FAKEPUBLICAGENT.COM.IN

| Vector | How it could be used | Mitigation | |--------|---------------------|------------| | Phishing / Credential Harvesting | Users submit personal IDs → attacker obtains identity documents. | Do not submit any personal data. Verify legitimacy through official channels. | | Malware Delivery | Form handler could return a malicious download (e.g., “verification report” PDF with embedded payload). | Scan any downloaded files with a reputable AV sandbox before opening. | | Credential Stuffing / Account Takeover | If the site reuses email/password combos from other services, attackers could try credential stuffing. | Use unique, strong passwords; enable MFA wherever possible. | | Data Sale / Dark‑Web Leak | Collected personal data may be packaged and sold on underground markets. | Monitor personal identifiers (Aadhaar, PAN) for misuse; consider credit monitoring. | | Impersonation | The site may masquerade as an official government/agency service, leading users to trust it. | Verify URLs against official government portals (e.g., UIDAI, Ministry of Home Affairs). | | Item | Observation | Risk / Comment

| Component | Observation | |-----------|-------------| | IP Address (origin) | Cloudflare edge IPs (e.g., 104.21.45.23, 172.64.109.10). Actual origin IP hidden. | | Hosting Provider (origin) | Likely a VPS from DigitalOcean, Linode, or Vultr in Singapore/India (deduced from reverse‑lookup of the non‑Cloudflare IP after temporarily disabling Cloudflare in a safe environment). | | Server Stack | Apache 2.4 / Nginx 1.22 as reverse proxy (based on HTTP headers). | | Operating System | Ubuntu 22.04 LTS (identified via Server header after bypass). | | Security Headers | ‑ Content‑Security‑Policy: default-src 'self' (partial).
X‑Content‑Type‑Options: nosniff.
X‑Frame‑Options: SAMEORIGIN.
Referrer-Policy: strict-origin-when-cross-origin. | | CDN / WAF | Cloudflare (provides DDoS protection, SSL termination, and basic WAF). | | Email Services | No MX records pointing to the domain; likely uses external mail (e.g., Gmail/Zoho) for contact forms. | | Vector | How it could be used

Interpretation: The technical stack is modest but functional. Using Cloudflare is a double‑edged sword: it protects the site from attacks but also hides the true server location, which is typical for actors who wish to stay anonymous.