nuclei-templates/http/osint/phishing/anydesk-phish.yaml

id: anydesk-phish

info:
  name: anydesk phishing Detection
  author: rxerium
  severity: info
  description: |
    An anydesk phishing website was detected
  reference:
    - https://anydesk.com
  metadata:
    max-request: 1
  tags: phishing,anydesk,osint
http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'The Fast Remote Desktop Application – AnyDesk'

      - type: status
        status:
          - 200

      - type: dsl
        dsl:
          - '!contains(host,"anydesk.com")'
# digest: 4a0a00473045022100f959c458333177ccf4e406a0c934cc1382f90b05f9c9a8273b8a4ce21f799ede02204fa59cf1c73c41062418c390b51467bdc90b80c5e93636ba69de4e544b8ba257:922c64590222798bb761d5b6d8e72950
-												more templates
											
										
										
											2024-02-17 19:59:25 +00:00
+								id: anydesk-phish
-												initial templates
											
										
										
											2024-02-16 20:27:33 +00:00
-												TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot:

											
										
										
											2024-03-23 09:28:19 +00:00
+								info:
 								  name: anydesk phishing Detection
 								  author: rxerium
 								  severity: info
 								  description: |
 								    An anydesk phishing website was detected
 								  reference:
 								    - https://anydesk.com
 								  metadata:
 								    max-request: 1
-												updated osint tag

											
										
										
											2024-03-08 07:16:17 +00:00
+								  tags: phishing,anydesk,osint
-												initial templates
											
										
										
											2024-02-16 20:27:33 +00:00
+								http:
 								  - method: GET
 								    path:
 								      - "{{BaseURL}}"
 								    host-redirects: true
 								    max-redirects: 2
 								    matchers-condition: and
 								    matchers:
 								      - type: word
 								        words:
-												more templates
											
										
										
											2024-02-17 19:59:25 +00:00
+								          - 'The Fast Remote Desktop Application – AnyDesk'
-												initial templates
											
										
										
											2024-02-16 20:27:33 +00:00
 								      - type: status
 								        status:
 								          - 200
 								      - type: dsl
 								        dsl:
-												Auto Template Signing [Fri Mar  8 08:09:59 UTC 2024] :robot:

											
										
										
											2024-03-08 08:09:59 +00:00
+								          - '!contains(host,"anydesk.com")'
-												Auto Template Signing [Mon Mar 25 11:57:16 UTC 2024] :robot:

											
										
										
											2024-03-25 11:57:16 +00:00
+								# digest: 4a0a00473045022100f959c458333177ccf4e406a0c934cc1382f90b05f9c9a8273b8a4ce21f799ede02204fa59cf1c73c41062418c390b51467bdc90b80c5e93636ba69de4e544b8ba257:922c64590222798bb761d5b6d8e72950