AT related malicious URL (red-block-531fly.clyde-e0f.workers.dev/common/oauth2/v2.0/authorize/)

SID: 6010695Rev: 11 views
Sourcejulioliraup/antiphishing
Fileantiphishing.rules
CreatedJune 4, 2026
UpdatedJune 4, 2026
Classificationsocial-engineering
alert http $HOME_NET any -> any any (msg:"AT related malicious URL (red-block-531fly.clyde-e0f.workers.dev/common/oauth2/v2.0/authorize/)"; flow:established,to_server; http.uri; content:"/common/oauth2/v2.0/authorize/"; startswith; fast_pattern; http.host; content:"red-block-531fly.clyde-e0f.workers.dev"; endswith; reference:url,openphish.com; reference:url,julioliraup.github.io/ET/signature.html?sid=6010695; classtype:social-engineering; sid:6010695; rev:1; metadata:signature_severity Major, created_et 2026_06_04;)

References

urlopenphish.com
urljulioliraup.github.io/ET/signature.html?sid=6010695

Metadata

signature severityMajor
created et2026_06_04

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!