Instagram Phishing Kit Ag0sOJ

Detects a phishing kit targeting Instagram. Talks to "hizliresim.com" to fetch an image. Commonly deployed on Freenom domains.

References

Recent Detections

None found yet

We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:

IOK Rule (edit)

title: Instagram Phishing Kit Ag0sOJ
description: |
    Detects a phishing kit targeting Instagram. Talks to "hizliresim.com" to fetch an image.
    Commonly deployed on Freenom domains.


references:
    - https://urlscan.io/result/73dcc5cc-f6a2-4ed6-a924-bfad336eb83c/
    - https://urlscan.io/result/ad3ac1dd-da2d-4bfe-b879-286843bf5de6/
    - https://urlscan.io/result/5085f9ce-15a9-4f26-b488-b0889cb5f83b/

detection:

    css:
      requests|contains|all:
        - bootstrap.min.css
        - material-design-iconic-font.min.css
        - util.css
        - main.css
        - all.css

    logo:
      html|contains:
        - img src="images/logo.svg" width="80"

    img:
      html|contains:
        - img src="https://i.hizliresim.com


    condition: css and logo and img

tags:
  - kit
  - target.instagram