None found yet
We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:
ipapi is a GeoIP service allowing you to get the country code and other information from an IP address. It's regularly used by phishing kits which want to hide themselves to analysts outside the country they're targeting.
This is a very naive approach (often the entire phishing site is loaded but then immediately redirected away from), but is often enough to evade basic sandboxes.
title: ipapi
description: |
ipapi is a GeoIP service allowing you to get the country code and other information from an IP address. It's regularly used by phishing kits which want to hide themselves to analysts outside the country they're targeting.
This is a very naive approach (often the entire phishing site is loaded but then immediately redirected away from), but is often enough to evade basic sandboxes.
detection:
ipapiLookup:
html|contains: "https://ipapi.co/"
condition: ipapiLookup
tags:
- cloaking