urlscan.io

Check out this cesspool of filth 44 new #PredatorTheThief URLs have appeared within the last two weeks. @urlscanio has 268 domains archived. IPs rotate but all sit on AS35278 belonging to @sprinthost. #Malware @JAMESWT_MHT @James_inthe_box @malwrhunterteam @MaelSecuritypic.twitter.com/vGK9LDGbQp

#G3NTL3MAN #phishing kit targeting PayPal. https://urlscan.io/result/d5bcb72e-a597-4ec6-9875-3ef418e4c833 …pic.twitter.com/dorDj3BvW7

Writeup of a sandbox run today for a #trickbot gtag mor85 sample. Just so happened to drop cobalt strike from: hxxps://sophosdefence[.]com:80/agergbvafdsvgbrt #DFIR Get the breakdown: https://laskowski-tech.com/2020/01/29/is-that-really-your-av-company-trickbot-gtag-mor85/ … Thanks as usual to @urlscanio for helping catalogue these payloadspic.twitter.com/8l9sj3Whjm

Has anyone found a way to circumvent the Cloudflare phishing detection splash screen when scanning a domain in @urlscanio? Help: @CloudflareAbuse @hascj @xxdesmus I appreciate the good work you do; but sometimes, I really need to see the source of the site pic.twitter.com/6GJj9HvCfF

#Phishing against @Huawei. Multiple URLs from the same kit "modify by #cwx341547" IoC List: https://pastebin.com/J5g5LuTQ  Second kit with same actor fingerprint but also contains a HTTrack artifact. Complex @urlscanio pivot https://bit.ly/2U286Mf  IoC List: https://pastebin.com/kjKxLh5E pic.twitter.com/RdO8adkTsc

#EKFiddle Version 0.9.5 - New contextual menus and items - Added @urlscanio as a lookup source - Added 'Force CORS' option (Rules -> Force CORS) https://github.com/malwareinfosec/EKFiddle …pic.twitter.com/MCTkDZwIRI

Just written a new script to enhance data in @urlscanio. I now upload new found malware panels with tags for the type for ease of use. I hope people find this valuable and if you're hunting panels you can utilise these submissions. Next step is to automate the script running!pic.twitter.com/DyMTHcBFmj

@USDOT #phishing site transportation[.]gov.p-qo[.]cc resolves to 107.180.3[.]238 (AS26496 @GoDaddy); likely phisher's emails *{at}bid-dotgov[.]us cc: @USCERT_gov @urlscanio Ref: https://urlscan.io/result/ea3bf957-a200-4552-a85f-327b3947feb3/ … #threatintelpic.twitter.com/mkOwm8PCvR

Pivoting on @urlscanio results show a failed request to google-analytics[.]online related to known #badtidings actor Anwr Abdu (wwvvcc2013{at}gmail[.]com) from "Yemen", according to historical Whois records and previous @Anomali reporting @SaudiDFIR @KSAMOFA @MOISaudiArabiapic.twitter.com/U4DXxXhXBn

The brand new @AskAmex #16Shop flavor Panel: https://urlscan.io/result/805275bf-23bf-4098-8da9-04c8edd3b9a7 … cc @ninoseki @ANeilan @tiketiketikeke @JCyberSec_ @urlscanio @nullcookies @teachemtechy @KB_Intelpic.twitter.com/xitVflVbVd

Saw some unique #Phishing last using google's reCaptcha service. Wrote a walk through of the targeted user experience and pivoted using @urlscanio to find 10 more sites based off of a single site we saw. https://laskowski-tech.com/2020/01/15/club-phish/ … #DFIRpic.twitter.com/bvjp7Ic2KY

NEW: Google to phase out user-agent strings in Chrome * UA strings to be replaced with Client Hints * Move is part of the larger Privacy Sandbox project * UA string freezing and deprecation to take place between Chrome 81 and 85 https://www.zdnet.com/article/google-to-phase-out-user-agent-strings-in-chrome/ …pic.twitter.com/tI3goGmRRO

New #16shop layout and C2 confirmed, both for Amazon and Apple. https://urlscan.io/result/d6f800b5-9313-40e8-9b51-991cf21f3ae1 … cc @ANeilan @ninoseki @tiketiketikeke @sagar_ruta @KaiDamon @JCyberSec_ @urlscanio @nullcookies @teachemtechypic.twitter.com/MQ9tqUzXBN

and now this... #FreakzBrothers @amazon kit with panel, complete with @Firebase backend apiKey: "AIzaSyBBjUZLoZpuo0edYuKlAcrb9CO6bGUR4Wo" https://urlscan.io/search/#hash%3Ae2fee706c713177279dd33cb77a3ccf2fff7c64aa7148af0533a14eb39427c18 … cc @ANeilan @olihough86 @nullcookies @urlscanio @ninoseki @dyngnosispic.twitter.com/ozO2TEIAjM

#ForeverYoung #phishing kit targeting Amazon users. https://urlscan.io/domain/www.accountsecurityverificationid.serveuser.com …pic.twitter.com/w0F962kmBA

New Slack channel :: Magecart Intel Sharing If you're engaged in hunting or protecting against #Magecart then come join. Split into with different TLP areas to enable effective intel sharing and allowing for collaborative working amount peers. DM me for an invite now.pic.twitter.com/JgjH7szx6S

#Phishing against@Rabobank cc @RaboDevTeam @RaboUtrecht https://rabobank‧nl-1‧me/ Domain 28-Dec-2019 @Namecheap VPS @DataWagon AS27176 [104.219.232.58] SSL 03-Jan-2020 Note the previous scams on the same host! @ActorExpose @JayTHL @Spam404Online @JCyberSec_pic.twitter.com/es1nk4DhZs