ActionForms is a service that takes HTML form submissions and sends the results to an email address.
It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.
title: Exfiltration using ActionForms
description: |
ActionForms is a service that takes HTML form submissions and sends the results to an email address.
It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.
related:
- id: getform-io
detection:
formAction:
html|contains: "action=\"https://www.actionforms.io/e/r/"
condition: formAction
tags:
- exfiltration