IOK Rules: exfiltration

Exfiltration using formpost.app

formpost.app is a service that takes HTML form submissions and sends the results to an email address. It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.

Exfiltration using ActionForms

ActionForms is a service that takes HTML form submissions and sends the results to an email address. It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.

Exfiltration using getform.io

getform is a service that takes HTML form submissions and sends the results to an email address. It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.

Exfiltration using formspree.io

Formspree is a service that takes HTML form submissions and sends the results to an email address. It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.

Exfiltration using submit-form

submit-form is a service that takes HTML form submissions and sends the results to an email address, online dashboard, or webhook, depending on the threat actor. It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.

Exfiltration using Form2Chat

Form2Chat is a service that takes HTML form submissions and sends the results to an email address or instant messenger service. It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.

Exfiltration using FormSubmit.co

FormSubmit is a service that takes HTML form submissions and sends the results to an email address. It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.

Exfiltration using NoCodeForm

NoCodeForm is a service that takes HTML form submissions and sends the results to an email address. It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.