Banco Davivienda Phishing Kit 067fef0

Detects a Banco Davivienda phishing kit deployed often on replit.com.

References

Recent Detections

hxxps://daviplata[.]verificacionx[.]repl[.]co/

urlscan.io
hxxps://daviplata[.]miseguridad[.]repl[.]co/

urlscan.io
hxxps://daviplata[.]appsegurida[.]repl[.]co/

urlscan.io
hxxps://bancodaviviendadaviplatacom[.]bancodaviplata[.]repl[.]co...

urlscan.io
hxxps://re[.]activardavip1at[.]repl[.]co/

urlscan.io
hxxps://daviplata-informativo[.]daviplatacomuni[.]repl[.]co/

urlscan.io

IOK Rule (edit)

title: Banco Davivienda Phishing Kit 067fef0
description: |
    Detects a Banco Davivienda phishing kit deployed often on replit.com.

references:
  - https://urlscan.io/result/067fef0d-b8b5-4281-89d8-463fcf2dcc13
  - https://urlscan.io/result/ade64f60-f1c5-4369-bb58-fa3797cb6983
  - https://urlscan.io/result/f40f7c49-7fc6-40b5-913f-b4272fb71aa5

detection:

  fakeLogo:
    requests|contains: 'https://www.easygameitems.com/egi19wp/wp-content/uploads/2019/09/egi-mp-daviplata.png'
    
  otherFakeLogo: 
    requests|contains: 'https://seeklogo.com/images/D/daviplata-logo-750F0FC1B7-seeklogo.com.png'

  backlinkReference:
    html|contains: '<a class="logo" href="https://loaosanjjdda.lusamarilla.repl.co/#" target="_blank">'

  condition: fakeLogo and otherFakeLogo and backlinkReference

tags:
  - target.bancodavivienda
  - target_country.colombia