EXPLORE
Sign In
← Back to Explore
sublimeExclusion

NINJIO phishing simulation

Identifies phishing simulations sent by NINJIO and excludes the message from live analysis.

Detection Query

type.inbound
and any(headers.ips, .ip in (
  "168.245.68.235", "69.72.33.74", "198.244.55.48")
)
and sender.email.domain.root_domain in (
  "securegateway-access.com",
  "secure-scores.co",
  "secure-paymentlink-auth.com",
  "passlink-secure.com",
  "net-link-secure.com",
  "mypasschange.com",
  "mycartcheck-out.com",
  "media-sharer.com",
  "ez-sendfile.net",
  "encryptiaportal.net",
  "drive-signin.org",
  "csatsafety-training.org",
  "cybersecurityawarenesstraining.com",
  "myportalonline.org"
)

Data Sources

Email MessagesEmail HeadersEmail Attachments

Platforms

email
Raw Content
name: "NINJIO phishing simulation"
description: "Identifies phishing simulations sent by NINJIO and excludes the message from live analysis."
type: "exclusion"
source: |
  type.inbound
  and any(headers.ips, .ip in (
    "168.245.68.235", "69.72.33.74", "198.244.55.48")
  )
  and sender.email.domain.root_domain in (
    "securegateway-access.com",
    "secure-scores.co",
    "secure-paymentlink-auth.com",
    "passlink-secure.com",
    "net-link-secure.com",
    "mypasschange.com",
    "mycartcheck-out.com",
    "media-sharer.com",
    "ez-sendfile.net",
    "encryptiaportal.net",
    "drive-signin.org",
    "csatsafety-training.org",
    "cybersecurityawarenesstraining.com",
    "myportalonline.org"
  )