Facebook Account Recovery Phishing Kit 0e420f8

Detects a Facebook phishing kit, telling the victim to enter their details to reactivate their account.

References

Recent Detections

None found yet

We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:

IOK Rule (edit)

title: Facebook Account Recovery Phishing Kit 0e420f8
description: |
    Detects a Facebook phishing kit, telling the victim
    to enter their details to reactivate their account.

references:
  - https://urlscan.io/result/0e420f8e-1743-41dc-82cd-13f3a2b73d28
  - https://urlscan.io/result/e2a62f41-1aa9-4de9-8e64-d3b56dcf958d

detection:

  fontStylesheet:
    requests|contains: 'https://db.onlinewebfonts.com/c/0c5e6f133b0b25edfed47aca4ab57676?family=Segoe+UI+Historic'

  pageStylesheet:
    html|contains: 'styles.c9105ee458e38d6dd088.css'

  condition: fontStylesheet and pageStylesheet

tags:
  - target.facebook