Shopify phishing kit YgjX6

Shopify phishing kit containing a high-entropy CSP nonce which should be a high quality indicator.

References

Recent Detections

  • hxxps://antoniabaires[.]com/wp-admin/network/gross/verification/...
    urlscan.io
  • hxxps://antoniabaires[.]com/wp-admin/network/gross/verification/...
    urlscan.io
  • hxxps://giggs[.]azureedge[.]net/
    urlscan.io
  • hxxp://vistamed[.]ru/wp-content/plugins/virtu/verification/A1E7E...
    urlscan.io
  • hxxps://internetshub[.]com[.]ng/angelpeeo/verification/C651M8300...
    urlscan.io
  • hxxps://internetshub[.]com[.]ng/angelpeeo/verification/5BEB242N6...
    urlscan.io
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...
    urlscan.io
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...
    urlscan.io
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...
    urlscan.io
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...
    urlscan.io

IOK Rule (edit) 

title: Shopify phishing kit YgjX6
description: |
  Shopify phishing kit containing a high-entropy CSP nonce which should be a high quality indicator.
references:
  - https://urlscan.io/result/a6cfccfc-0f7e-4609-9f29-4d14276813f1

detection:
  nonce:
    html|contains: 'nonce="YgjX6ESY7Epmq2JvWnoY7nPjsTKrDju2KP3CtnBB+ds="'

  condition: nonce

tags:
  - kit
  - target.shopify