123Reg phishing kit containing a high-entropy CSRF token which should be a high quality indicator.
title: 123 Reg Phishing kit 63c26
description: |
123Reg phishing kit containing a high-entropy CSRF token which should be a high quality indicator.
references:
- https://urlscan.io/result/cfd5fced-9400-4cbc-b729-fd58a944383e/
detection:
csrfToken:
# Extracted from <form action="https://www.123-reg.co.uk/order/basket/add" method="post"> <input type="hidden" name="X-CSRF-Token" value="63c2690a6e94180ff183110c4cd9ff7719014722" tabindex="-1">
html|contains: '63c2690a6e94180ff183110c4cd9ff7719014722'
condition: csrfToken
tags:
- kit
- target.123_reg