AT TLS SNI to suspicious domain - Phishing - Suricata Rule 6000001 (julioliraup/antiphishing)

AT TLS SNI to suspicious domain - Phishing

SID: 6000001Rev: 10 views

Sourcejulioliraup/antiphishing

CreatedMay 22, 2026

UpdatedMay 22, 2026

Classificationsocial-engineering

alert tls $HOME_NET any -> any any (msg:"AT TLS SNI to suspicious domain - Phishing"; tls.sni; dataset:isset,phishing_domains,type string; reference:url,github.com/julioliraup/Antiphishing; reference:url,julioliraup.github.io/ET/signature.html?sid=6000001; classtype:social-engineering; sid:6000001; rev:1; metadata:signature_severity Major, created_et 2025_02_19;)

References

url	github.com/julioliraup/Antiphishing
url	julioliraup.github.io/ET/signature.html?sid=6000001

Metadata

signature severityMajor

created et2025_02_19

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!