AT related malicious URL (klelnanzeigen-deutch.gain399.live/receive/order/eR9qeC1dbL-?r=0x3&__cf_chl_rt_tk=htTZHVODnyzwSyMfASpTjK_WmfVP.jmEMJLmC9ATtFE-1779618481-1.0.1.1-R068VS85oekEyG8u8rqiwK9G.JRg5NGCKMg7eA3MQX4)

SID: 6006572Rev: 11 views
Sourcejulioliraup/antiphishing
CreatedMay 24, 2026
UpdatedMay 24, 2026
Classificationsocial-engineering
alert http $HOME_NET any -> any any (msg:"AT related malicious URL (klelnanzeigen-deutch.gain399.live/receive/order/eR9qeC1dbL-?r=0x3&__cf_chl_rt_tk=htTZHVODnyzwSyMfASpTjK_WmfVP.jmEMJLmC9ATtFE-1779618481-1.0.1.1-R068VS85oekEyG8u8rqiwK9G.JRg5NGCKMg7eA3MQX4)"; flow:established,to_server; http.uri; content:"/receive/order/eR9qeC1dbL-?r=0x3&__cf_chl_rt_tk=htTZHVODnyzwSyMfASpTjK_WmfVP.jmEMJLmC9ATtFE-1779618481-1.0.1.1-R068VS85oekEyG8u8rqiwK9G.JRg5NGCKMg7eA3MQX4"; startswith; fast_pattern; http.host; content:"klelnanzeigen-deutch.gain399.live"; endswith; reference:url,phishstats.info; reference:url,julioliraup.github.io/ET/signature.html?sid=6006572; classtype:social-engineering; sid:6006572; rev:1; metadata:signature_severity Major, created_et 2026_05_24;)

References

urlphishstats.info
urljulioliraup.github.io/ET/signature.html?sid=6006572

Metadata

signature severityMajor
created et2026_05_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!