Generic Email ec34bc68

A generic email phishing kit loading CSS from an appspot project using a hard-coded access token.

References

Recent Detections

  • hxxp://bafybeidbs2qbm5v6eim7y5xou24gtxhj3aynqsommjirdu2jjttzx5rk...
  • hxxps://zpr[.]io/fFsiyYAjPdbC#info%40putin.ru
  • hxxps://zpr[.]io/Z8iPMsYRW3Dp
  • hxxps://zpr[.]io/FJ48epiRw8jX
  • hxxp://bafybeihubmhdb3o5blurwgoxv7jigwcfnpldlta4ey3howrbsx25ihkw...
  • hxxps://zpr[.]io/FJ48epiRw8jX
  • hxxps://bafybeia2ndf4ga2sd7exlcyzlejwf374thrh2v5d735cz4u4qzxk2na...
  • hxxps://hdrive118147933264[.]blob[.]core[.]windows[.]net/xpwpge/...
  • hxxps://bafybeibvzbuwl6bw2mqkxtmdchltk7iv5iq6hdtaw4rk4l4yynb5dgw...
  • hxxps://sendermailers24[.]web[.]app/

IOK Rule (edit)

title: Generic Email ec34bc68
description: |
  A generic email phishing kit loading CSS from an appspot project using a hard-coded access token.
references:
  - https://urlscan.io/result/67743b55-f830-49e6-b71e-2fc71e4b8914/
detection:
  bootstrapToken:
    requests|contains: 'bootstrap.min.css?alt=media&token=ec34bc68-b721-48e5-a02a-8deed9a44325'

  condition: bootstrapToken