Generic Email ec34bc68

A generic email phishing kit loading CSS from an appspot project using a hard-coded access token.

References

Recent Detections

  • hxxps://u13749939[.]ct[.]sendgrid[.]net/ls/click?upn=X67CH1U18jC...
  • hxxps://ikpusarambaraisbaejustdeyhalasincehiskindshebangamwellan...
  • hxxps://fleek[.]ipfs[.]io/ipfs/QmZ9EXHAxhLLeFqf7nKx4uaDJjTPqjoMs...
  • hxxps://elpluribonyeomamalakijadkwezuonuosewouriasantesanaciapon...
  • hxxp://elpluribonyeomamalakijadkwezuonuosewouriasantesanaciapong...
  • hxxp://ikpusarambaraisbaejustdeyhalasincehiskindshebangamwellano...
  • hxxps://u14511627[.]ct[.]sendgrid[.]net/ls/click?upn=oGQNUT-2FE-...
  • hxxps://storageapi[.]fleek[.]co/68630c1b-8de9-4c37-9b02-a399843f...
  • hxxp://2008cupqsvid2nts479gha8bpdv63id59acm3pasb0avmod0um9qgj8[....
  • hxxp://2001tid7rdhlne5e3752npot4vbs4ri2bv2c3qt4ieu23qjirkc49s8[....

IOK Rule (edit)

title: Generic Email ec34bc68
description: |
  A generic email phishing kit loading CSS from an appspot project using a hard-coded access token.
references:
  - https://urlscan.io/result/67743b55-f830-49e6-b71e-2fc71e4b8914/
detection:
  bootstrapToken:
    requests|contains: 'bootstrap.min.css?alt=media&token=ec34bc68-b721-48e5-a02a-8deed9a44325'

  condition: bootstrapToken