123 Reg phishing kit 63c26

123 Reg phishing kit containing a high-entropy CSRF token which should be a high quality indicator.

References

Recent Detections

  • hxxps://reg-a956e[.]web[.]app/#?t=1
  • hxxps://faint-butternut-leopard[.]glitch[.]me/bluuw.html#?t=1
  • hxxps://nutritious-tattered-bearberry[.]glitch[.]me/123reg.html#...
  • hxxps://thriving-marigold-e59ff1[.]netlify[.]app/

IOK Rule (edit)

title: 123 Reg phishing kit 63c26
description: |
  123 Reg phishing kit containing a high-entropy CSRF token which should be a high quality indicator.
references:
  - https://urlscan.io/result/cfd5fced-9400-4cbc-b729-fd58a944383e/

detection:
  csrfToken:
    # Extracted from <form action="https://www.123-reg.co.uk/order/basket/add" method="post"> <input type="hidden" name="X-CSRF-Token" value="63c2690a6e94180ff183110c4cd9ff7719014722" tabindex="-1">
    html|contains: '63c2690a6e94180ff183110c4cd9ff7719014722'

  condition: csrfToken

tags:
  - kit
  - target.123-reg