AT related malicious URL (49 .51 .43 .12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts .google .com&%3Bifkv=AWnogHe_pDujLaO-hl3d_3DQFjS6PW6JGM3LRrD13mxmiaQWTJuHz9b6nwmaSIh76M5SMOelnJex7g&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts .google .com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWa2Pav4a5xoguuXZ6e9hTNmmZY1TsU4p8yfdfgL3ZFGkdYyazY9GZ7HWCwc_rPmUAIRlzJ1o40ggQ&dsh=S1963348150%3A1778385692872888)
Sourcejulioliraup/antiphishing
CreatedMay 22, 2026
UpdatedMay 22, 2026
Classificationsocial-engineering
alert http $HOME_NET any -> any any (msg:"AT related malicious URL (49 .51 .43 .12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts .google .com&%3Bifkv=AWnogHe_pDujLaO-hl3d_3DQFjS6PW6JGM3LRrD13mxmiaQWTJuHz9b6nwmaSIh76M5SMOelnJex7g&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts .google .com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWa2Pav4a5xoguuXZ6e9hTNmmZY1TsU4p8yfdfgL3ZFGkdYyazY9GZ7HWCwc_rPmUAIRlzJ1o40ggQ&dsh=S1963348150%3A1778385692872888)"; flow:established,to_server; http.uri; content:"/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts.google.com&%3Bifkv=AWnogHe_pDujLaO-hl3d_3DQFjS6PW6JGM3LRrD13mxmiaQWTJuHz9b6nwmaSIh76M5SMOelnJex7g&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWa2Pav4a5xoguuXZ6e9hTNmmZY1TsU4p8yfdfgL3ZFGkdYyazY9GZ7HWCwc_rPmUAIRlzJ1o40ggQ&dsh=S1963348150%3A1778385692872888"; startswith; fast_pattern; http.host; content:"49.51.43.12"; endswith; reference:url,phishstats.info; reference:url,github.com/julioliraup/Antiphishing; reference:url,julioliraup.github.io/ET/signature.html?sid=6000328; classtype:social-engineering; sid:6000328; rev:2; metadata:signature_severity Major, created_et 2026_05_10, updated_et 2025_05_11;)
References
Metadata
signature severityMajor
created et2026_05_10
updated et2025_05_11
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!