Shopify phishing kit f7ejw

Shopify phishing kit containing a high-entropy CSRF token (and a CSP nonce!) which should be a high quality indicator.

References

IOK Rule (edit)

title: Shopify phishing kit f7ejw
description: |
  Shopify phishing kit containing a high-entropy CSRF token (and a CSP nonce!) which should be a high quality indicator.
references:
  - https://urlscan.io/result/bafbb146-c90d-4f19-891e-db6d332be29a

detection:
  csrfToken:
    html|contains: '<meta name="csrf-token" content="f7EjwKRXeUkAp9TxjMR9koiEDewrY9iooSlNrJ67DtV7xk3YG670riERA1yG9bWmS7UCMEdN6tdUPOe1dhM3rg">"'

  nonce:
    html|contains: 'nonce="OVNRlWz7CUGKZN3C2p1cfJiPQfLab8lEY/5N/VdloUw="'

  condition: csrfToken or nonce

tags:
  - kit
  - target.shopify