AT related malicious URL (citibankonlline .com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 .eyJhdWQiOiJKb2tlbiIsImV4cCI6MTc3ODU1MTE2OCwiaWF0IjoxNzc4NTQzOTY4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMm5hZ2s2cnFkcDY2dmswcTA2ZzRyczEiLCJuYmYiOjE3Nzg1NDM5NjgsInRzIjoxNzc4NTQzOTY4MDk2NzcwfQ .n9PwIBN3pKTDAATlqQDG0prdcarrdjiC5UfcxV_UObY&sid=6001698dcb287-4d95-11f1-911d-2ded4648c92c)

SID: 6001698Rev: 20 views
Sourcejulioliraup/antiphishing
CreatedMay 22, 2026
UpdatedMay 22, 2026
Classificationsocial-engineering
alert http $HOME_NET any -> any any (msg:"AT related malicious URL (citibankonlline .com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 .eyJhdWQiOiJKb2tlbiIsImV4cCI6MTc3ODU1MTE2OCwiaWF0IjoxNzc4NTQzOTY4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMm5hZ2s2cnFkcDY2dmswcTA2ZzRyczEiLCJuYmYiOjE3Nzg1NDM5NjgsInRzIjoxNzc4NTQzOTY4MDk2NzcwfQ .n9PwIBN3pKTDAATlqQDG0prdcarrdjiC5UfcxV_UObY&sid=6001698dcb287-4d95-11f1-911d-2ded4648c92c)"; flow:established,to_server; http.uri; content:"/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTc3ODU1MTE2OCwiaWF0IjoxNzc4NTQzOTY4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMm5hZ2s2cnFkcDY2dmswcTA2ZzRyczEiLCJuYmYiOjE3Nzg1NDM5NjgsInRzIjoxNzc4NTQzOTY4MDk2NzcwfQ.n9PwIBN3pKTDAATlqQDG0prdcarrdjiC5UfcxV_UObY&sid=6001698dcb287-4d95-11f1-911d-2ded4648c92c"; startswith; fast_pattern; http.host; content:"citibankonlline.com"; endswith; reference:url,openphish.com; reference:url,github.com/julioliraup/Antiphishing; reference:url,julioliraup.github.io/ET/signature.html?sid=6001698; classtype:social-engineering; sid:6001698; rev:2; metadata:signature_severity Major, created_et 2026_05_12;)

References

urlopenphish.com
urlgithub.com/julioliraup/Antiphishing
urljulioliraup.github.io/ET/signature.html?sid=6001698

Metadata

signature severityMajor
created et2026_05_12

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!