None found yet
We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:
Detects a Suncoast Credit Union phishing kit that uses the same commented out JS and static VIcurrentDateTime value on all domains.
None found yet
We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:
title: Suncoast Credit Union Phishing Kit 4c74e401
description: |
Detects a Suncoast Credit Union phishing kit that uses the same commented out JS and static VIcurrentDateTime value on all domains.
references:
- https://urlscan.io/result/4c74e401-5e7b-4c4b-89e4-2ebf29a086a8/
- https://urlscan.io/result/6d788603-dedb-4ecc-85fc-2b8ff6dcef05/
- https://urlscan.io/result/ecaa79cf-e514-48f4-a169-40446a3830c9/
detection:
commentedOutJS:
html|contains: '<script async type="text/javascript" src="ajax/css/images/custom/suncoast/sed-suncoast-46110420.js" id="_imp_apg_dip_" _imp_apg_cid_="sed-suncoast-46110420" _imp_apg_api_domain_="https://us.gimp.zeronaught.com"></script>'
VIcurrentDateTime:
html|contains: '<meta name="VIcurrentDateTime" content="637791568414341755">'
condition: commentedOutJS and VIcurrentDateTime
tags:
- target.sccu