Detects a phishing kit impersonating the Massachusetts Unemployment Insurance (UI) Online Application available at uionline.detma.org in an attempt to steal sensitive personal information from the victims. This was found as a result of this kit being deployed on Replit.
title: Massachusetts UI Online Application 5hGwWB
description: |
Detects a phishing kit impersonating the Massachusetts Unemployment Insurance (UI) Online Application available at uionline.detma.org in an attempt to steal sensitive personal information from the victims.
This was found as a result of this kit being deployed on Replit.
references:
- https://uionline.detma.org/Claimant/Core/Login.ASPX
- https://urlscan.io/result/2b7245f1-b6bd-4331-9277-77ff41812df2/
- https://urlscan.io/result/d5527770-0b11-439c-8b1b-76d530d8a4fa/
- https://urlscan.io/result/4aa8b015-5806-4e40-8cd8-46300f4cf267/
- https://urlscan.io/result/8a4fb2a9-f494-40a1-9759-b4a0a5f1277e/
- https://urlscan.io/result/a7416c6c-0254-4494-89b5-3775455be8b7/
detection:
css:
requests|contains|all:
- ControlLibrary.css
- ui.css
favicon:
html|contains:
- link rel="shortcut icon" type="image/x-icon" href="https://uionline.detma.org/favicon.ico"
logo:
html|contains:
- main_logo.gif
csrf:
html|contains:
- value="oPPd/MmJh8S2vBndhzQnxV9FJkjWRdgkiw=="
condition: css and favicon and logo and csrf
tags:
- kit
- target.massachusetts_ui_online_application
- target_country.usa