id: figma-phish

info:
  name: figma phishing Detection
  author: rxerium
  severity: info
  description: |
    A figma phishing website was detected
  reference:
    - https://figma.com
  metadata:
    max-request: 1
  tags: phishing,figma,osint
http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Figma: The Collaborative Interface Design Tool'

      - type: status
        status:
          - 200

      - type: dsl
        dsl:
          - '!contains(host,"figma.com")'
# digest: 490a00463044022027fe9088c2c17ab7eb8701d281a0ecd3a906f9a5a360f4b2edea0b0ab8ac23de022066ee340b05ebd19a4f5ae08b9fddd30fe0733e6645e7d601beebc765d65072ec:922c64590222798bb761d5b6d8e72950