Conversation

Notices

1. Embed this notice
   Fellows (fellows@cyberplace.social)'s status on Saturday, 22-Feb-2025 08:41:56 JST Fellows

   Recently I’ve seen a number of good looking malicious emails pretending to be from various orgs, all with included company logos.

   Looking over the HTML of the emails I noticed an image URL common to all of them, logo.clearbit[.]com. It was in the image tag for logo.

   It’s a company logo API that uses logo.clearbit[.]com/“domain.whatever” for logo creation.

   Might be a domain you want to start filtering for, as the API is clearly being abused thanks to it being absolutely free.

   #ThreatIntel

   • Embed this notice
     Fellows (fellows@cyberplace.social)'s status on Saturday, 22-Feb-2025 09:14:46 JST Fellows

     in reply to

     • G :donor: :Tick:
     • Kevin Beaumont

     @cirriustech @GossiTheDog Thanks for the info! From their site: “The Logo API is offered as a free, legacy product and is unsupported at this time”. Good chance that means it’s not monitored for abuse! Hopefully they’ll EOL it before December 1st.

   • Embed this notice
     G :donor: :Tick: (cirriustech@infosec.exchange)'s status on Saturday, 22-Feb-2025 09:14:47 JST G :donor: :Tick:

     in reply to

     • Kevin Beaumont

     @fellows @GossiTheDog It’s being sunsetted on December 1st 2025 BTW: https://help.clearbit.com/hc/en-us/articles/6987867587607-Legacy-Logo-API-I-FAQ