AT related malicious URL (ersfilter-my .sharepoint .com/personal/nradonich_ersfilter_com/_layouts/15/doc .aspx?guestaccesstoken=t6T%2FHN1dKbYHlYX%2BeIMbaZufA43rrGZ6%2FaAAewNocDI%3D&docid=1_18168db23429e45f29fdf2e7be120efc4&wdFormId=%7BB9970F62-44C3-4D09-9929-6E1EB652DA57%7D&action=formsubmit&CID=7c889288-793f-4e2b-b7c4-fed5506273ef)

SID: 6000323Rev: 20 views
Sourcejulioliraup/antiphishing
CreatedMay 22, 2026
UpdatedMay 22, 2026
Classificationsocial-engineering
alert http $HOME_NET any -> any any (msg:"AT related malicious URL (ersfilter-my .sharepoint .com/personal/nradonich_ersfilter_com/_layouts/15/doc .aspx?guestaccesstoken=t6T%2FHN1dKbYHlYX%2BeIMbaZufA43rrGZ6%2FaAAewNocDI%3D&docid=1_18168db23429e45f29fdf2e7be120efc4&wdFormId=%7BB9970F62-44C3-4D09-9929-6E1EB652DA57%7D&action=formsubmit&CID=7c889288-793f-4e2b-b7c4-fed5506273ef)"; flow:established,to_server; http.uri; content:"/personal/nradonich_ersfilter_com/_layouts/15/doc.aspx?guestaccesstoken=t6T%2FHN1dKbYHlYX%2BeIMbaZufA43rrGZ6%2FaAAewNocDI%3D&docid=1_18168db23429e45f29fdf2e7be120efc4&wdFormId=%7BB9970F62-44C3-4D09-9929-6E1EB652DA57%7D&action=formsubmit&CID=7c889288-793f-4e2b-b7c4-fed5506273ef"; startswith; fast_pattern; http.host; content:"ersfilter-my.sharepoint.com"; endswith; reference:url,phishstats.info; reference:url,github.com/julioliraup/Antiphishing; reference:url,julioliraup.github.io/ET/signature.html?sid=6000323; classtype:social-engineering; sid:6000323; rev:2; metadata:signature_severity Major, created_et 2026_05_10, updated_et 2025_05_11;)

References

urlphishstats.info
urlgithub.com/julioliraup/Antiphishing
urljulioliraup.github.io/ET/signature.html?sid=6000323

Metadata

signature severityMajor
created et2026_05_10
updated et2025_05_11

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!