From b71b4d977c5c5fa83e7c7d6ebeab14bbbf6fa1c2 Mon Sep 17 00:00:00 2001
From: IlluminatiFish <45714340+IlluminatiFish@users.noreply.github.com>
Date: Mon, 6 Nov 2023 01:14:21 +0000
Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=9A=80Create=20IOK:=20ionos-45d7f514?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Create ionos-45d7f514.yml
---
 indicators/ionos-45d7f514.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 indicators/ionos-45d7f514.yml

diff --git a/indicators/ionos-45d7f514.yml b/indicators/ionos-45d7f514.yml
new file mode 100644
index 00000000..fcf83d9e
--- /dev/null
+++ b/indicators/ionos-45d7f514.yml
@@ -0,0 +1,19 @@
+title: IONOS Phishing Kit 45d7f514
+description: |
+    This phishing kit targets `IONOS` customers.
+    It uses a unique IMGUR URL to host the IONOS 
+    logo image file.
+
+references:
+  - https://urlscan.io/result/45d7f514-ddb6-48e7-8d57-22b015af83ec
+  - https://urlscan.io/result/f1a005dd-8bc6-41fe-b9b4-aed1aa4134cc
+
+detection:
+
+    pageTitle:
+        title: "Webmail Login | IONOS by 1&1"
+  
+    ionosLogo:
+        requests|contains: "i.imgur.com/jyliqfL.png"
+        
+    condition: ionosLogo and pageTitle

From 415d64d64a5626623c45611538b6a3d16aacdc95 Mon Sep 17 00:00:00 2001
From: IlluminatiFish <45714340+IlluminatiFish@users.noreply.github.com>
Date: Tue, 7 Nov 2023 22:31:16 +0000
Subject: [PATCH 2/3] =?UTF-8?q?=E2=9C=A8Update=20ionos-45d7f514?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Prefix ionosLogo field with https scheme to prevent edge cases
---
 indicators/ionos-45d7f514.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/indicators/ionos-45d7f514.yml b/indicators/ionos-45d7f514.yml
index fcf83d9e..9e7ccaf6 100644
--- a/indicators/ionos-45d7f514.yml
+++ b/indicators/ionos-45d7f514.yml
@@ -14,6 +14,6 @@ detection:
         title: "Webmail Login | IONOS by 1&1"
   
     ionosLogo:
-        requests|contains: "i.imgur.com/jyliqfL.png"
+        requests|contains: "https://i.imgur.com/jyliqfL.png"
         
     condition: ionosLogo and pageTitle

From da2185e9bf01a6337ea99edfd9c301e68474dacf Mon Sep 17 00:00:00 2001
From: Bradley Kemp <bradleyjkemp@users.noreply.github.com>
Date: Wed, 8 Nov 2023 08:43:46 +0000
Subject: [PATCH 3/3] Apply suggestions from code review

---
 indicators/ionos-45d7f514.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/indicators/ionos-45d7f514.yml b/indicators/ionos-45d7f514.yml
index 9e7ccaf6..e827bff0 100644
--- a/indicators/ionos-45d7f514.yml
+++ b/indicators/ionos-45d7f514.yml
@@ -14,6 +14,6 @@ detection:
         title: "Webmail Login | IONOS by 1&1"
   
     ionosLogo:
-        requests|contains: "https://i.imgur.com/jyliqfL.png"
+        requests: "https://i.imgur.com/jyliqfL.png"
         
     condition: ionosLogo and pageTitle