AT related malicious URL (portal .yu3 .app/public/redirect/?u=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9 .eyJ0YXJnZXQiOiJVM0JoYlNCVlVrd2daR1YwWldOMFpXUTZJRk5QUTBsQlRGOUZUa2RKVGtWRlVrbE9Sdz09IiwiZXhwIjoxNzc4NDI3MDI5LCJpYXQiOjE3Nzg0MjY5Njl9 .CdHoUtFc-79l9hM1SBwN_9JUg9jbbja1s-d8CRJjOeAv5GFoARw95TwKjbPIRgiRfktr0VU6QsO3nbts4ExHQRoPfVuaJHo-yq_YIWo3c8itonBvJQbk20Cw17eoNqGxQ7TZvNQP-aKP9OjmGIsmTKMifn5TJVGmYHAMGVfFVvnql_EwZ7MxdL_gQViBVzZaOmGf-1H-16efQA0MVaEHs7kxlfxcWNLgW9Yu3aW5IWr-AgAx5iir3oiSfgNIuUkoFut1ys4zrZiy6OMn5qIDaN7Rm7YPS6YmMpxDnIeGr1PsDmo6sS44q61JDi_BLBuMc-R2q4ENhuyTc1WJ4pQKMQ&suspended=true)

SID: 6000340Rev: 20 views
Sourcejulioliraup/antiphishing
CreatedMay 22, 2026
UpdatedMay 22, 2026
Classificationsocial-engineering
alert http $HOME_NET any -> any any (msg:"AT related malicious URL (portal .yu3 .app/public/redirect/?u=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9 .eyJ0YXJnZXQiOiJVM0JoYlNCVlVrd2daR1YwWldOMFpXUTZJRk5QUTBsQlRGOUZUa2RKVGtWRlVrbE9Sdz09IiwiZXhwIjoxNzc4NDI3MDI5LCJpYXQiOjE3Nzg0MjY5Njl9 .CdHoUtFc-79l9hM1SBwN_9JUg9jbbja1s-d8CRJjOeAv5GFoARw95TwKjbPIRgiRfktr0VU6QsO3nbts4ExHQRoPfVuaJHo-yq_YIWo3c8itonBvJQbk20Cw17eoNqGxQ7TZvNQP-aKP9OjmGIsmTKMifn5TJVGmYHAMGVfFVvnql_EwZ7MxdL_gQViBVzZaOmGf-1H-16efQA0MVaEHs7kxlfxcWNLgW9Yu3aW5IWr-AgAx5iir3oiSfgNIuUkoFut1ys4zrZiy6OMn5qIDaN7Rm7YPS6YmMpxDnIeGr1PsDmo6sS44q61JDi_BLBuMc-R2q4ENhuyTc1WJ4pQKMQ&suspended=true)"; flow:established,to_server; http.uri; content:"/public/redirect/?u=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0YXJnZXQiOiJVM0JoYlNCVlVrd2daR1YwWldOMFpXUTZJRk5QUTBsQlRGOUZUa2RKVGtWRlVrbE9Sdz09IiwiZXhwIjoxNzc4NDI3MDI5LCJpYXQiOjE3Nzg0MjY5Njl9.CdHoUtFc-79l9hM1SBwN_9JUg9jbbja1s-d8CRJjOeAv5GFoARw95TwKjbPIRgiRfktr0VU6QsO3nbts4ExHQRoPfVuaJHo-yq_YIWo3c8itonBvJQbk20Cw17eoNqGxQ7TZvNQP-aKP9OjmGIsmTKMifn5TJVGmYHAMGVfFVvnql_EwZ7MxdL_gQViBVzZaOmGf-1H-16efQA0MVaEHs7kxlfxcWNLgW9Yu3aW5IWr-AgAx5iir3oiSfgNIuUkoFut1ys4zrZiy6OMn5qIDaN7Rm7YPS6YmMpxDnIeGr1PsDmo6sS44q61JDi_BLBuMc-R2q4ENhuyTc1WJ4pQKMQ&suspended=true"; startswith; fast_pattern; http.host; content:"portal.yu3.app"; endswith; reference:url,phishstats.info; reference:url,github.com/julioliraup/Antiphishing; reference:url,julioliraup.github.io/ET/signature.html?sid=6000340; classtype:social-engineering; sid:6000340; rev:2; metadata:signature_severity Major, created_et 2026_05_10, updated_et 2025_05_11;)

References

urlphishstats.info
urlgithub.com/julioliraup/Antiphishing
urljulioliraup.github.io/ET/signature.html?sid=6000340

Metadata

signature severityMajor
created et2026_05_10
updated et2025_05_11

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!