AT related malicious URL (drinkdar.click/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&dsh=S-1475405787%3A1779935590795510&followup=https%3A%2F%2Faccounts.google.com%2F&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&ifkv=AWa2Paufw5KHI2k9FsvO1y3l0V-8HkTbjpNUpjP1XVBfG-l3GQvlt4y3Hpy-tNPTJDdiA8z08Axk)
Sourcejulioliraup/antiphishing
Fileantiphishing.rules
CreatedMay 28, 2026
UpdatedJune 25, 2026
Classificationsocial-engineering
alert http $HOME_NET any -> any any (msg:"AT related malicious URL (drinkdar.click/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&dsh=S-1475405787%3A1779935590795510&followup=https%3A%2F%2Faccounts.google.com%2F&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&ifkv=AWa2Paufw5KHI2k9FsvO1y3l0V-8HkTbjpNUpjP1XVBfG-l3GQvlt4y3Hpy-tNPTJDdiA8z08Axk)"; flow:established,to_server ; http.uri; content:"/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&dsh=S-1475405787%3A1779935590795510&followup=https%3A%2F%2Faccounts.google.com%2F&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&ifkv=AWa2Paufw5KHI2k9FsvO1y3l0V-8HkTbjpNUpjP1XVBfG-l3GQvlt4y3Hpy-tNPTJDdiA8z08Axk"; startswith; fast_pattern; http.host; content:"drinkdar.click"; endswith; reference:url,openphish.com ; reference:url,julioliraup.github.io/AT/signature.html?sid=6008218 ; classtype:social-engineering; sid:6008218; rev:1; metadata:signature_severity Major, created_et 2026_05_28, updated_et 2026_06_25;)
References
Metadata
signature severityMajor
created et2026_05_28
updated et2026_06_25
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!