Detects a different Banco de Galicia phishing kit deployed often on replit.com.
title: Banco de Galicia Phishing Kit npy0f6km
description: |
Detects a different Banco de Galicia phishing kit deployed often on replit.com.
references:
- https://urlscan.io/result/ae6ab5a8-6965-4b44-996a-248636849607
detection:
favicon:
html|contains:
- link rel="icon" type="image/gif/png" href="fis/titulo.png"
title:
html|contains:
- <title>Galicia</title>
css:
html|contains|all:
- href="./fis/default.min.css"
- href="./fis/customcarousel.min.css"
form:
html|contains:
- form action="index2.php" method="post" id="form1"
img:
requests|contains|all:
- fis/titl.png
- fis/tecl.png
- fis/logo.png
- fis/burbu.png
condition: favicon and title and css and form and img
tags:
- kit
- target.banco_de_galicia
- target_country.argentina