Shopify phishing kit NCv2F

Shopify phishing kit containing a high-entropy CSP nonce which should be a high quality indicator.

References

Recent Detections

  • hxxps://g0cer[.]com/tdars/shopify.com/
  • hxxps://fklri9875yfjkdsnmwsdewer[.]azureedge[.]net/
  • hxxps://fklri9875yfjkdsnmwsdewer[.]azureedge[.]net
  • hxxps://dfbrteyjkuayjethetyuwryjtehrgfa[.]azureedge[.]net/
  • hxxps://dk39jd9kwp39kew0ps[.]azureedge[.]net
  • hxxps://decantos[.]jenjibre[.]com/store
  • hxxps://3dflsjoaslfhkcb[.]azureedge[.]net/
  • hxxps://confirm-yourac-----0srdfuiokuyszxsdfyu[.]azureedge[.]net...
  • hxxps://yujikolewdfsexcfcedfmukiuj[.]azureedge[.]net/
  • hxxps://6k5hjklkmnbvrcesws[.]azureedge[.]net/

IOK Rule (edit)

title: Shopify phishing kit NCv2F
description: |
  Shopify phishing kit containing a high-entropy CSP nonce which should be a high quality indicator.
references:
  - https://urlscan.io/result/63289b3a-190b-494d-8f58-fca3394dc2c9

detection:
  nonce:
    html|contains: 'nonce="NCv2FFfdPZWddG+A/Zi5yTs/nZJyLqZDkwaDP81TGJ4="'

  condition: nonce

tags:
  - kit
  - target.shopify