Submission + - Cloudflare, Netlify and Vercel with new toys for phishers and threat actors (cloudflare.com)
Cloudflare, Vercel, and Netlify have all launched their own “Drop” services: upload a zip, get a live site instantly on their edge networks.
Authentication and abuse protection? That’s for later. Right now it’s pure vibes.
This is peak industry brain rot. In a world already drowning in phishing, malware, and scam sites, these platforms just rolled out the easiest, fastest way for bad actors to host malicious content.
Drag-and-drop phishing kits on workers.dev, instant fake login pages on Vercel, malware droppers on Netlify — all live in seconds with zero friction.
No real verification. No serious upfront checks. Just “move fast and let the internet clean up our mess."
The hopium these web bros are smoking must be nuclear grade quality. They’ve spent years building trust in their platforms, only to turn them into free malware CDNs for anyone with a zip file.This isn’t democratizing the web.
This is handing phishers and scammers the keys with a smile.
Brilliant strategy, truly.
Nota bene — apparently real world bad actors beat red teams in abusing those new "services".
Slow clap
Apparently all the web bros are drinking the same hopium-flavored cool aid, where no phishers, c2s, implants and bad actors exist whatsoever.
https://cloudflare.com/drop/
Same concept from vercel and netlify
https://vercel.com/drop
https://app.netlify.com/drop
https://x.com/JCyberSec_/statu...
Try a DAP.LIVE or URLSCAN.IO query to see abuse and workers.dev (and pages.dev and r2.dev for that matter) — for each valid deployment, there are hundreds of confirmed fraud scams.
Nice statistics, which will only get worse now.
Good job.