decioMay 9

⚠️ Le 🎣 #phishing du jour : nouvelle vague d'attaques contre les gestionnaires de mots de passe 1Password

Le piège est classique mais efficace : créer l’urgence avec une “nouvelle connexion”, puis pousser le destinataire à se connecter sur le site controlé par les cybercriminels avec la procedure habituelle du gestionnaire via QR code.

Une fausse alerte de connexion pousse vers un lien SendGrid, qui rebondit via AWS S3 puis vers une fausse page 1Password sur un domaine look-alike "réveillé" pour l'occasion

[Chaîne observée+IoC signalé]
👀
⬇️
https://lookyloo.circl.lu/tree/11bdcec1-6c93-4e7c-827a-8d0e5ca16621

#CyberVeille #1Password #Lookyloo

Alexandre DulaunoySep 9, 2025

After seeing a workshop using a crappy pseudo/proprietary forensic web capture toolkit for law enforcement, I was disappointed by the lack of open source tooling to have a sane forensic collection for web capture. Following a discussion with @rafi0t he did an implementation to add web forensic acquisition in @lookyloo including timestamping using DFN timestamping service. Thanks @dfncert

#lookyloo #forensic #dfir #webforensic #cyberforensic #lea #opensource

Online version: https://lookyloo.circl.lu/ (under action menu after the capture)

Source code:
https://github.com/Lookyloo/lookyloo

Martin Boller     Jun 20, 2025

There's some cool sounding training on its way from @circl

CIRCL - Virtual Summer School (VSS) 2025

https://www.circl.lu/pub/vss-2025/

#MISP #AIL #LookyLoo #Lacus #Pandora #Kunai #DFIR #ThreatHunting #FlowIntel #Cerebrate #VulnerabilityLookup #GCVE

CIRCL » CIRCL - Virtual Summer School (VSS) 2025

CIRCL - Virtual Summer School (VSS) 2025

CIRCL - Old accountMar 5, 2020

#lookyloo from @circl_lu is an interesting tool to scrape a website, then display a tree of related domains:

https://github.com/CIRCL/lookyloo 
@_RyanBenson #unfurl is also great for visualizing URL data:

https://github.com/obsidianforensics/unfurl …

Both are super easy to spin up with #Docker
#DFIR

CIRCL/lookyloo

Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other. - CIRCL/lookyloo

Rysiekúr (old account)Mar 22, 2018

We deployed #LookyLoo yesterday and boy is it fun to use. Exploring phishing links has never been easier!

A huge thank you to nice people at #CIRCL for creating it: https://github.com/CIRCL/lookyloo

Keep in mind it's a simple solution and should most definitely not be deployed out in the wide Internets. Doesn't handle multi-user too well, and you really shouldn't throw a complicated site at it with Depth > 2. But for phishing links it's amazing.

Here's how it looks for mastodon.social.

#InfoSec

CIRCL/lookyloo

Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other. - CIRCL/lookyloo