2021-03-18 17:44:15 +00:00
|
|
|
# Title: Phishing URL Snort2 Ruleset
|
2022-01-20 00:01:43 +00:00
|
|
|
# Updated: Thu, 20 Jan 2022 00:01:38 +0000
|
2021-03-18 17:44:15 +00:00
|
|
|
# Expires: 1 day (update frequency)
|
|
|
|
# Homepage: https://gitlab.com/curben/phishing-filter
|
2021-03-19 00:09:38 +00:00
|
|
|
# License: https://gitlab.com/curben/phishing-filter#license
|
2021-03-18 17:44:15 +00:00
|
|
|
# Source: https://www.phishtank.com/ & https://openphish.com/
|
2021-04-02 12:06:43 +00:00
|
|
|
|
|
|
|
# Notice: https://curben.gitlab.io/phishing-filter-mirror is moved to https://curben.gitlab.io/malware-filter
|
2022-01-08 12:01:34 +00:00
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"001.ammazu.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000001; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"002.amauna.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000002; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"003.amonazn.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000003; rev:1;)
|
2022-01-18 12:01:47 +00:00
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"02-billing-support.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000004; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"08863299.sso-secure-mail0454etr.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000005; rev:1;)
|
2022-01-20 00:01:43 +00:00
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"0988j.amazoozzcan.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000006; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"0bs.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000007; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"103.114.16.4"; content:"Host"; http_header; classtype:attempted-recon; sid:200000008; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"104.168.173.244"; content:"Host"; http_header; classtype:attempted-recon; sid:200000009; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"104.168.173.248"; content:"Host"; http_header; classtype:attempted-recon; sid:200000010; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"107.172.198.119"; content:"Host"; http_header; classtype:attempted-recon; sid:200000011; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"109edc5b.ssdtfgyb09.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000012; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"112358400702021.biz.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000013; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"113.164.17.147"; content:"Host"; http_header; classtype:attempted-recon; sid:200000014; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"121techyard.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000015; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"123sign-in567.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000016; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"13.87.80.223"; content:"Host"; http_header; classtype:attempted-recon; sid:200000017; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"130.211.30.154"; content:"Host"; http_header; classtype:attempted-recon; sid:200000018; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"14.98.234.77"; content:"Host"; http_header; classtype:attempted-recon; sid:200000019; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"149-210-143-165.colo.transip.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000020; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"149.210.143.165"; content:"Host"; http_header; classtype:attempted-recon; sid:200000021; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"15004083383734.data-store-company.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000022; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"154.30.211.130.bc.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000023; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"155.94.182.80"; content:"Host"; http_header; classtype:attempted-recon; sid:200000024; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"156.234.139.121"; content:"Host"; http_header; classtype:attempted-recon; sid:200000025; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"161.35.142.2"; content:"Host"; http_header; classtype:attempted-recon; sid:200000026; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"165.227.122.125"; content:"Host"; http_header; classtype:attempted-recon; sid:200000027; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"16park.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000028; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"173.82.100.27"; content:"Host"; http_header; classtype:attempted-recon; sid:200000029; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"173.82.154.253"; content:"Host"; http_header; classtype:attempted-recon; sid:200000030; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"178.128.108.233.dsl.dyn.forthnet.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000031; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"179.43.140.208"; content:"Host"; http_header; classtype:attempted-recon; sid:200000032; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"179.48.65.130"; content:"Host"; http_header; classtype:attempted-recon; sid:200000033; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1800poolservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000034; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"182.73.136.210"; content:"Host"; http_header; classtype:attempted-recon; sid:200000035; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"185-46-10-159.cloudvps.regruhosting.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000036; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"18sitedev.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000037; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"190854.8b.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000038; rev:1;)
|
2022-01-19 12:01:58 +00:00
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1inch.party"; content:"Host"; http_header; classtype:attempted-recon; sid:200000039; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1inhc.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200000040; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1inich.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200000041; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1ncih.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200000042; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2.136.95.251"; content:"Host"; http_header; classtype:attempted-recon; sid:200000043; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"20140301.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000044; rev:1;)
|
2022-01-20 00:01:43 +00:00
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2018.webontwerp.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000045; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2022-exodus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000046; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2022-girobanken-sparkassen.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000047; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2022.intrebrkprsonas.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000048; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"208.82.115.230"; content:"Host"; http_header; classtype:attempted-recon; sid:200000049; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"212.114.25.102"; content:"Host"; http_header; classtype:attempted-recon; sid:200000050; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"217651.8b.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000051; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"228.94.92.rev.sfr.net.gghost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000052; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"24611250.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000053; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2482689012.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000054; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"299kensingtonroad.my.webex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000055; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2ex2cfu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000056; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2fa.bthei.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000057; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2pil.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000058; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"34-212-207-52.cprapid.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000059; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"34-75-211-246.cprapid.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000060; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"343i.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000061; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"343t3dv9qdufp.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000062; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"345353555.byethost12.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000063; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"34543543535.byethost14.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000064; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"35.192.38.184"; content:"Host"; http_header; classtype:attempted-recon; sid:200000065; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"35.199.84.117"; content:"Host"; http_header; classtype:attempted-recon; sid:200000066; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"35.225.222.142"; content:"Host"; http_header; classtype:attempted-recon; sid:200000067; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3a10a178.s6t6sj4s46tu4sys54y5.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000068; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3b5de7bc.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000069; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3bvjh.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200000070; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3c5.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000071; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3ck.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000072; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3dprintersupplies.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000073; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3ff7c459-86b2-4f6d-b6b0-ba6402ef6cb0.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000074; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3j124.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000075; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"42.193.110.254"; content:"Host"; http_header; classtype:attempted-recon; sid:200000076; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"45.186.132.130"; content:"Host"; http_header; classtype:attempted-recon; sid:200000077; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"45.79.125.188"; content:"Host"; http_header; classtype:attempted-recon; sid:200000078; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"45.9.20.146"; content:"Host"; http_header; classtype:attempted-recon; sid:200000079; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4a14def9.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000080; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4c0mr.93.8934.easyflv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000081; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4hjjhdfjkr.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000082; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4lxkd.r.ag.d.sendibm3.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000083; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4r1un.app.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000084; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4season.com.kh"; content:"Host"; http_header; classtype:attempted-recon; sid:200000085; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4w8bmmjcw86e.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000086; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5.qarshishxtb.uz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000087; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"51.fi"; content:"Host"; http_header; classtype:attempted-recon; sid:200000088; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"52.148.252.166"; content:"Host"; http_header; classtype:attempted-recon; sid:200000089; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"52292936869418365.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000090; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"53vzxcnk6rwp.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000091; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"54-160-232-146.cprapid.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000092; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5739f264f369b1f6b615380542a2de2f.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000093; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5b0f6cb9-0485-4fc7-9775-eb74bb45bbf6.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000094; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5e841ae2.srvr-cloudmail-srvr6765e7tg.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000095; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"613707.selcdn.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000096; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"61da8ae6.6u6566hrrthsh45.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000097; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000098; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"654201.selcdn.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000099; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"657416.selcdn.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000100; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"666t.amazoonnro.vip"; content:"Host"; http_header; classtype:attempted-recon; sid:200000101; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"67lksxgjd.bttmassage-thai-tanger.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000102; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"69.49.245.141"; content:"Host"; http_header; classtype:attempted-recon; sid:200000103; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"6a7zu9he6mqh.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000104; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"6c7f0acc.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000105; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7766t.amazoonnraz.vip"; content:"Host"; http_header; classtype:attempted-recon; sid:200000106; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"78.108.89.240"; content:"Host"; http_header; classtype:attempted-recon; sid:200000107; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7wr4u.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000108; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7yu3v.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000109; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"8.215.32.173"; content:"Host"; http_header; classtype:attempted-recon; sid:200000110; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"8766ty.amazooaznco.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000111; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"87877joip.amazoozan.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000112; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"887.amozanziio.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000113; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"88776o.amazozcazn.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000114; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"887pp.amazoonnrwna.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000115; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"8899.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200000116; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"89ix7y0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000117; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"903750.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000118; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"92.rev.sfr.net.gghost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000119; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"92iqtna.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000120; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"94183655229293686.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000121; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"98yiujh.9peop5jzad1945.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000122; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"99w.amazozeczn.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000123; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"9bcba9ed.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000124; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"9d62cfee-59b3-42a8-9542-4b3a32692792.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000125; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"9faf19faf1.virkrupaengg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000126; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"9ftytucsh4ph.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000127; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.2827e82ca6640ef29594fb288383c901159970954a6ca74d562cd3aa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000128; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.insecurpage.recovery-safty.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000129; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000130; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a0570626.xsph.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000131; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a0623626.xsph.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000132; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a4d3b42c.chgmar-d8y.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000133; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a71843c1.mailssocloud-srvr65e5rd.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000134; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a894ec7f.46t33454t4.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000135; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aagamsteelcorporation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000136; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aaol02.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000137; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"abeermultimediadesign.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000138; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"abitis.my-free.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200000139; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"absaonline2021.website2.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000140; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"absolute-containers-sip.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000141; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"absolutepleasure.com.my"; content:"Host"; http_header; classtype:attempted-recon; sid:200000142; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"acacia.webdevonline.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000143; rev:1;)
|
2022-01-19 12:01:58 +00:00
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"account.herephyshy.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000144; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"account.verifications.help-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000145; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"accounts-autoscout24.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000146; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"acessobradesco.digital"; content:"Host"; http_header; classtype:attempted-recon; sid:200000147; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ach111.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000148; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"activartransferenciainternacional.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000149; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"activate-hulu-com-activate.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000150; rev:1;)
|
2022-01-20 00:01:43 +00:00
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adamfeber.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000151; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adcloudserver.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000152; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"admin-formserviceupdates.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000153; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"administraciondefincaspereznovo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000154; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adorablepomskyhome.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000155; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adoring-goodall.192-3-12-143.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200000156; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adpunemploymentclaims.sharefile.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000157; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adsmarca.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000158; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ae.macesoi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000159; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aeoncredit.co.ip.nxsenr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000160; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"affixsports.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000161; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"afreemart.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000162; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"africansecrets.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200000163; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agora.imb.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000164; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agrimetiersmartinique.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000165; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agriolainforma.agricolainf6.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000166; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agurimu-nagoya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000167; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ahhhh.pe.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000168; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aid-validation-human.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000169; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aircoach.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000170; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"airportprescreening.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000171; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aitsidihamh.my-place.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000172; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"akanksha3012.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000173; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aks34.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000174; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aksehirelittotel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000175; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aksjdkas.6icmtmbvlj5916.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000176; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aksjoeomraadet.no"; content:"Host"; http_header; classtype:attempted-recon; sid:200000177; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aktualizacja.jst.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000178; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alareentading-catalog.page.tl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000179; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alasadkarate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000180; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"albel.intnet.mu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000181; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aldana.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000182; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alemdad.edu.bd"; content:"Host"; http_header; classtype:attempted-recon; sid:200000183; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alerts.department.improvement.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000184; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aletihadcbc.ae"; content:"Host"; http_header; classtype:attempted-recon; sid:200000185; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alexxou.website2.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000186; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"algotextil.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000187; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aliciabot.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000188; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aliciavlinjury.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000189; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alkhalilgraphics.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000190; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl-3dsafe.id-43031.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000191; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl-3dseif.id-43051.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000192; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl-ns.id-43051.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000193; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl.id-43031.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000194; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alliancesuper.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000195; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alnajahh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000196; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aloun.ps"; content:"Host"; http_header; classtype:attempted-recon; sid:200000197; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alphabnkgre.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000198; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alqadi.ps"; content:"Host"; http_header; classtype:attempted-recon; sid:200000199; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alquilervillora.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000200; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alsofft.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000201; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amacardkey.cardupdatdas.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000202; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amacredit.amacardpkey.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000203; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amanzeiwgnehyerterlewr.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000204; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amaozn.ywcimei.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000205; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazne.kgjsdffk9.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000206; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amaznllo.co.jp.amauioda.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000207; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazoe.vfdfeyrt4.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000208; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazom.okmresa.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000209; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazom.supesn.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000210; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-gcatech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000211; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-interruption.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000212; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-jp.fris1o.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000213; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-jp.fris2o.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000214; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-jp.fris4o.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000215; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-jp.fris6o.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000216; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-ssr.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200000217; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.co.jp.3u.fit"; content:"Host"; http_header; classtype:attempted-recon; sid:200000218; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.co.jp.abaiaccounting.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000219; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.gousana.casa"; content:"Host"; http_header; classtype:attempted-recon; sid:200000220; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.works.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200000221; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazonhome.sfrmobiles.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000222; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazoon.co.op.nuveie.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000223; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazoon.co.op.o4j.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000224; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazou.nfghty7.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000225; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amberlyrobinson.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000226; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amc-training.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000227; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ameozom.jp.onaworks.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000228; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"americanexpress-auth.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000229; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amguevara.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000230; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amidabuli.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000231; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amlnov7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000232; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzma-jp.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000233; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzms1-jp.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000234; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amoazom.rm82j6-t8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000235; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amonzau_co_take.ktbf.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000236; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amosleh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000237; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amreeth.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000238; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"an.myjaeob.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000239; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anandsr-dev.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000240; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anarchitecturestudio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000241; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anbn.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000242; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"andersonstrategic.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000243; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"androapk.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000244; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"angiofsi.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000245; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anhduongjsc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000246; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anj-azakp.run.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000247; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anjalijha167.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000248; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"annacatania.com.mt"; content:"Host"; http_header; classtype:attempted-recon; sid:200000249; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anon-keep-admin-keep.rvsla.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000250; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ansr.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000251; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"antifrodeitalia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000252; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ao.myjmscb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000253; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolmailukhelplinecustomerservice.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000254; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolmailukhelplinecustomerservice.blogspot.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000255; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolxperience.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000256; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api.florense.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000257; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aplintec.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200000258; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000259; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app-bombcrypto-io-login-ab.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000260; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app-d2852d7c-af6a-46f2-a00d-d9fb621cfc47.cleverapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000261; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app-d46ced9f-c9f1-4b13-9370-c0dd5d93880b.cleverapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000262; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.bydn217.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200000263; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.duel.network"; content:"Host"; http_header; classtype:attempted-recon; sid:200000264; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.fiiber.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200000265; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.moneylinecreditcorporation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000266; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.pancadaoeletronicos.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000267; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.sugarsync.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000268; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appatualizecef.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000269; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appibsolicitud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000270; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appleid-check.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000271; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"applepichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000272; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"apply.aua.am"; content:"Host"; http_header; classtype:attempted-recon; sid:200000273; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appm0vildigital.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200000274; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"apps.esma-edu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000275; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aquaqualitas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000276; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arafathrumman.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000277; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arcacg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000278; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"archivio-supporto.sitoper.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000279; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"are.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000280; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"areueaom.gtpzcve.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000281; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"areueaom.gtva.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000282; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aromatic.webenliven.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000283; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arthamahotels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000284; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"artlux.com.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000285; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arub-service.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000286; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aruba.fatt.ids-sys.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000287; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"as.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000288; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"as.macesoi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000289; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"as.myjmscb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000290; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asaipestcontrol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000291; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ascom.co.tz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000292; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asd.9sw53wk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000293; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asdxa.p2x11pi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000294; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asgard-ampqy.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000295; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asian34new.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000296; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asistentetramitadordigitalda.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000297; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"askarmotorluaraclar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000298; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asrefanavary.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000299; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"assure.ameli.fr.jamaatul.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000300; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asureindirect.blogspot.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200000301; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"at-t-support-service1.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000302; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"at-t-yahoo.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000303; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"at563.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000304; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atc-saudiarabia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000305; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atento-fdi.plusoftomni.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000306; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ativacao-online73681.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000307; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atnr76dxku336szy.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000308; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atualizacao-online547864.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000309; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atualizarmodolo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000310; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atulrathore-dev.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000311; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aurumship.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000312; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aushotel.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000313; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"auth-task1-m.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000314; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"auth-webmailakeonetcom.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000315; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authnet47-netfx3.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000316; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authuxeehmutconjxmailssocl.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000317; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authxntico.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200000318; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autodiscover.ryder-dutton.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000319; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autoexprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000320; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autoranplususeremailprocessingupdate.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000321; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autoscurt24.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000322; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autumn-sun-4a21.paqesads-scure.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000323; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"avanzamosjuntoonly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000324; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"avelocidad.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000325; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"avertable-footings.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000326; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"avis-deces.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000327; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"avrorganics.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000328; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"awareness-training.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000329; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ax.xiguw.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000330; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"axieinfinity-supportwallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000331; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"axlr.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000332; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"az.macesoi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000333; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"azb3s.cf"; content:"Host"; http_header; classtype:attempted-recon; sid:200000334; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"azmznonos_co_long.akys.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000335; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000336; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b059c86968a6427389952025bcee9886.svc.dynamics.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000337; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b2u58pt2.myraidbox.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000338; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b4e921f0.sso-mailsrvr-4344e5teed.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000339; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b96f7f93.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000340; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000341; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bag-macben.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000342; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bakhai.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000343; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"balajihospital.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000344; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bamarfoundation.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000345; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banca-electronica1.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000346; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinterneinterbank.pe-bi.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000347; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet-interbark.pcriot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000348; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.interban.pe.magictourscancun.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000349; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.interbrnpe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000350; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.lnterbank.pe.aaseguros.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200000351; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.lnterbank.pe.studywithemoeles.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000352; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.lnterbank.pronductos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000353; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternetinterbank.pe-promocion.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000354; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporintrnet.interbnkperu.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000355; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.dominandoagestao.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000356; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.infinitegoldjewelry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000357; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.libertycanais.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000358; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.vortexoutdoorcenter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000359; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaprnternet-lnterbamk.elementfx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000360; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banclnternetpe-lbk4.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000361; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banclnternetpe-lbk8.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000362; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banco-galicia-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000363; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancoiinng.site44.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000364; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancooccidentalb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000365; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancpornternet-lnterbamk.elementfx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000366; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banki0wa.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000367; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bankocaoffo.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000368; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bannerbank.control-inc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000369; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bannerchampnyc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000370; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"baradua.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000371; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"baseddevs.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000372; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"baseddevs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000373; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"baseddevs.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000374; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"batmudaw.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000375; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"battlelastmont.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200000376; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bazhane-xyz.preview-domain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000377; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bazhane.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000378; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bc1.paiementervice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000379; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bconclutmjy.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000380; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bcp-marketing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000381; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bcpzonaseguirabeta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000382; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-home.web.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200000383; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bearmybrand.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000384; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beast-blog.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000385; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beijing.vfzfy1v.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000386; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bellsouth-upgrade-verification-admin-updatess-website.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000387; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"belovedaroma.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000388; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"berketurizm.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000389; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bexwebmailupdate.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000390; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beyondsmiles.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000391; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bghgcd.psuxscm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000392; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bharathi1809.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000393; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhavin0077.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000394; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhddf.uwe6ui0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000395; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.bdc9985.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000396; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.ryhk63.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000397; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.t18v2kr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000398; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.y0ai5w8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000399; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgcd.8h391um.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000400; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgcxz.00e5gfu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000401; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgd.48ud0ez.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000402; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgdd.qlljdgs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000403; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgxa.eo76sni.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000404; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhhcd.9bzuw49.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000405; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhhxaa.123qi7b.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000406; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhxas.rb0xts7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000407; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhxdd.2hllf8x.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000408; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bicicentroslezama.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000409; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biedronka-news.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000410; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biedronka-news.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000411; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biedronkainvest.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000412; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bienlinea.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000413; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bijoycity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000414; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bilacintatakk.institute-pagess.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000415; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bilasajaterjadii.institute-pagess.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000416; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"billingfailure-o2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000417; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bioenergyevitalite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000418; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"birlacitywaterpark.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000419; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biswap.fm"; content:"Host"; http_header; classtype:attempted-recon; sid:200000420; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biswapdapp.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000421; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitbaink.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000422; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitflye87.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000423; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitflyerfr.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200000424; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bithunnb.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000425; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitmexinc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000426; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitso.cm"; content:"Host"; http_header; classtype:attempted-recon; sid:200000427; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitsrflyer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000428; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bizlinktek.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000429; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blanchevetements.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000430; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blockchain-fix.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000431; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blockchains-tool.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000432; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blockchainwallet-tool.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000433; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.booxium.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000434; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.drmostafafouadivf.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000435; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.storrea.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000436; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.visionconsulting.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000437; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.weiwanjia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000438; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blowfish-ltd.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000439; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blslightinginc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000440; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blu-ivycarter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000441; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blue-tooth-4d84.majorhits214.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000442; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluewinch2.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000443; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bmcaporinternet-lnterbamk.elementfx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000444; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bn-seguridadperu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000445; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bnconacional.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000446; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bncre.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000447; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bncxz.9wx9b27.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000448; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bndigitalpersonas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000449; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"boaupdate.bfaoscr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000450; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bogdonovlerer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000451; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bokeptantesemokterbaru.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000452; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bokgabanesolutions.co.za"; content:"Host"; http_header; classtype:attempted-recon; sid:200000453; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bookfbs.evangsamuelministries.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000454; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"boxes.com.py"; content:"Host"; http_header; classtype:attempted-recon; sid:200000455; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"br622.teste.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200000456; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bradesco.netempresa.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000457; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bradesco.pjauxiliaempresas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000458; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brainlingual.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000459; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brasil-liveloponts.3utilities.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000460; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"breople.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000461; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brevardbartenders.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000462; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"briannatiffany.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000463; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brisksoupydivisor.accountsss.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000464; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-forrunning.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000465; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-justforjogging.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000466; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-move.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000467; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-ooke.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000468; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-runfarther.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000469; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-xsdaodab.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000470; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-xsdauofc.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000471; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-xsgdfaja.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000472; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks1984.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000473; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksair.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000474; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksale.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000475; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksboom.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000476; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksdiscount.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000477; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksnewmethod.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000478; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksnewsports.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000479; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksprime.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000480; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksrevel.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000481; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksrunble.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000482; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksrunshoeshopping.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000483; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksshopsft.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000484; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brookssoft.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000485; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bruno-genthial.mykajabi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000486; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btbroadbandddv2.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000487; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btbusinessbilling.wordpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000488; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btc.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200000489; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btclickpreview365pdf.1msite.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000490; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnect-103445.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000491; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnect-109798.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000492; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomelogindropboxinupdatetdropboxpdf-logss.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000493; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomelogindropboxlinkupdatetdropboxpdf-logs.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000494; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomeloginpdropboxupdatepdf-logsssss-websit.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000495; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomesloginpdropboxupdatepdf-logsssss-websi.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000496; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectsrevicre876.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000497; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bthak.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000498; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bthfkibttt.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000499; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bttalk21home.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000500; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bttellecommuication.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000501; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"budrimon.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000502; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"buecherinploen.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000503; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bufetemontoya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000504; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"builmon.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000505; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bujikena.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000506; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"busanopen.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000507; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-appeal-form-1892758.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000508; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-appeal-form108291.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000509; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-appeal-form198982.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000510; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-info-caseid192921.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000511; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-info-verification1251.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000512; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-pages-info198521.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000513; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-required-info199821.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000514; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"businessemailss.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000515; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"busrez.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000516; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.curiousmorty.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200000517; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.loveawaits.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200000518; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.mail.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000519; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c10012022j.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000520; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c1christine.tjelmeland2e.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200000521; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c2dc5b99.chgmar.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000522; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c6ebv708.caspio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000523; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cabmaster.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000524; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cabsiler.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000525; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cache.nebula.phx3.secureserver.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000526; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cadeau-orange.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000527; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caissesregionales.agricole.bombayheightsny.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000528; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caixa-app-enlinea.es.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000529; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caixagerenciador.gerenciadorcefempresas.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200000530; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caixaseguradora.quadientcloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000531; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caixxaicbo.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000532; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"callbox.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000533; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cammymiller.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000534; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"canadapost.reschedule.online.portal.services.parcel01868972.mh-group.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000535; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cancel-paymattempt-secure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000536; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"candidunfoldedgigabyte.flisjfsdkj.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000537; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"candle-iced-hide.glitch.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000538; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cann-life.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000539; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"capservice.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200000540; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caracasmateriais.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000541; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"carpediemxp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000542; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"carservicessaupdate.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000543; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cartamorin-geometres.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000544; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"carwash.tv"; content:"Host"; http_header; classtype:attempted-recon; sid:200000545; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"casbygroup.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000546; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caso1eb1118347493.atsnx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000547; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"catalogue-orange.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000548; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"catalystmedia.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200000549; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cateringfoodanddrinksupplies777.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000550; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"catus.cat"; content:"Host"; http_header; classtype:attempted-recon; sid:200000551; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caycos.beispielseite-wmka.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000552; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caymanreno.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000553; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cbmonlinegroups.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000554; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cc.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000555; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ccjrlaw.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000556; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cdas.nxzigco.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000557; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cdek.py-payl.pw"; content:"Host"; http_header; classtype:attempted-recon; sid:200000558; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cdsoa.wuefyta.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000559; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ce.macesoi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000560; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"celikoglumakina.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000561; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cema-fossano.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000562; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"centralconsulta.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000563; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"centraldigitalcr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000564; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"centre1.bubbleapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000565; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ceresgulf.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000566; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"certifica-montepaschii.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000567; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cete-zario-bverto.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000568; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chajra.loyalecat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000569; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatasapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000570; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatsapp-grupo-invitacion.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000571; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill1.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000572; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill10.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000573; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill11.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000574; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill12.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000575; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000576; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000577; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill15.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000578; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill17.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000579; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill18.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000580; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000581; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000582; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill20.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000583; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000584; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill22.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000585; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill23.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000586; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill24.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000587; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill25.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000588; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill3.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000589; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill4.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000590; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill5.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000591; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill6.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000592; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000593; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000594; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill9.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000595; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkkeyvip.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000596; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chefsenaccion.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000597; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chelk-logfb.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000598; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chikkuthomas.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000599; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chinmayavidyalayarspuram.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000600; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chiragrajoria.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000601; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chois.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200000602; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"christianrehabnetwork.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000603; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"christmas-dhl-express-delvr.hopekosmos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000604; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chronopostaws.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000605; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chunyi.crework.co.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200000606; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chutomen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000607; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cinemaleftech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000608; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"citagestionenlineabn.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000609; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"city-of-jazz.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000610; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claims-funds-enczj.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000611; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimshopee.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000612; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claro-link.brsafe.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000613; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claus.bz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000614; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"click-here-help.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000615; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000616; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clientid-ij66191jgbm96ujp40bz1gzmpc8iquhoff3ocmbrzs6g5i89t0.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000617; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clients.devtux.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000618; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clone-7473c.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000619; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"closingdocs9480.myportfolio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000620; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloud-object-storage-o9-cos-static-web-hocsx2.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000621; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloud.go4clients.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000622; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloud102.hostgator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000623; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clouddoc-authorize.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000624; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloudflare-rbnuo.run.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000625; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloudshare-account-auth.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000626; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloudtracker.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000627; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"club.quomodo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000628; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clubeamigosdopedrosegundo.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000629; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cms.time-investments.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000630; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cnbxa.1of2o6k.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000631; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cner283829.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000632; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cninflables.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000633; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cnqcxy.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000634; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co-d.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200000635; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.bh1fgg1.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000636; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.bzkgfzj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000637; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.clblrvh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000638; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.eiatphe.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000639; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.ghemivv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000640; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.guokkkh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000641; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.hivbdco.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000642; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.rsczkmd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000643; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.rukbcga.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000644; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.wrbqoty.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000645; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"codwarzonemobile.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000646; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"coinbase-wallet-defi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000647; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000648; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"collab-land.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000649; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"collabland.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000650; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"collablandfi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000651; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"colorfastinv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000652; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-rse.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000653; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000654; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000655; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000656; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"communterm.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000657; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"compila-sicurezza-europea-2021.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000658; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"completeegali.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000659; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"condescending-turing.20-115-17-40.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200000660; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"congresosba.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200000661; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"conhecaonlinedigital.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000662; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connect.au-login.0662smt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000663; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connectwallet.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000664; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connectwallets.herokuapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000665; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"conoscofaturahiiiper.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000666; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"conspect.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000667; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contabilidaderabello.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000668; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000669; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contapessoal.digital"; content:"Host"; http_header; classtype:attempted-recon; sid:200000670; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"content.av1.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000671; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"content.edgerockwealth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000672; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"content.meetmagic.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000673; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contoh-web-18.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000674; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contratodeparceria.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000675; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"controlpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000676; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"copyright-center-live.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200000677; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"correosdemexico-web.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000678; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"corta.ai"; content:"Host"; http_header; classtype:attempted-recon; sid:200000679; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cosemu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000680; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cottonwooddentalg.nimbusweb.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000681; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"courtcase.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000682; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"covid-foyyn.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000683; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cox0.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000684; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cp.digitalprocurements.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000685; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cp45362.tmweb.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000686; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cpanel10wh.bkk1.cloud.z.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000687; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cpcalendars.salesfocres.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000688; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cpcontacts.salesfocres.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000689; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cr24185.tmweb.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000690; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"crackfreekey.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000691; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cranetech.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000692; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creatorsverificationandsafetybusiness.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000693; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credcloud-object-storage-o9-cos-static-web-hocsd3d.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000694; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credicorp-capital.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000695; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credicorpfiduciariasa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000696; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credifinanciera.didacsis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000697; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"crediserfinanza.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000698; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditagricole-sudrhonealpes.blogspot.ba"; content:"Host"; http_header; classtype:attempted-recon; sid:200000699; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditagricole-sudrhonealpes.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000700; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditagricole-sudrhonealpes.blogspot.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000701; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditinternationalbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000702; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditiperhabbogratissicuro100.blogspot.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000703; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cresvin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000704; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"criticalcarevizag.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000705; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"crm.vihaantelecom.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000706; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"crypto-support.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000707; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptocars-official-game-paly-site.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000708; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptocarsme.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000709; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptscars-logs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000710; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"csa.ibrali-foundation.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000711; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"csdept.csassistant06.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000712; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"currentlyupgrade.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000713; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cusnas.366wuv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000714; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxas.bvd2q18.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000715; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxas.zk6w4dt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000716; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxasd.easghbl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000717; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxmnsa.04frh0w.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000718; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxnbas.nmkbmqk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000719; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxuahs.1wc9bxm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000720; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxueq5enajpf.kidsmania.com.tr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000721; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cyna.rkpmage.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000722; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"czechposta-cz.cz.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000723; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"czvon.4fan.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000724; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"czxasd.3ot975v.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000725; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"d.app32150.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000726; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000727; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"daatahomes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000728; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dabiastore.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000729; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailynutrition.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000730; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"daletrenholm.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000731; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"damp-f43e.recovery-page-secur.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000732; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"danitraseoexperts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000733; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappscoins.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000734; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappsiconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000735; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappsmainnetverify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000736; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappswalletliveauthenticate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000737; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappswallettconnectt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000738; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dasd.atio2tq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000739; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"datos-pichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000740; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"davidshopeaz.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000741; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"daycoval.contrato.srv.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000742; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"daycoval.facildepagar.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000743; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000744; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbho7wn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000745; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbs-internet.store"; content:"Host"; http_header; classtype:attempted-recon; sid:200000746; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbs.limited"; content:"Host"; http_header; classtype:attempted-recon; sid:200000747; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbs.login.dbs.online.webdbslistinonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000748; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbw.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000749; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dcm1.ae.iwc.static.tungmung.co.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000750; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dd90001.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000751; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"de.eurohome.civ.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000752; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"de22c9kukppr.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000753; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deactivemsnon-8k98-l9k8-98j8-98j78u.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000754; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealmegood.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000755; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deborahholland.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000756; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"debuil.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000757; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"declicgestion.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000758; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"decorcenter.com.pe"; content:"Host"; http_header; classtype:attempted-recon; sid:200000759; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dehiscent-overload.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000760; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dejpaad.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000761; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"delacproperties.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200000762; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"delezhen.mashalezhen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000763; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"delhiescort69.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000764; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"delivery-infos.tedgrover.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000765; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deltaairlinecourier.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000766; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dem-factopro.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000767; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demallplot-tra.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000768; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demiregalos.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200000769; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demo.bradescocontrol.vertitecnologia.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000770; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demo2.cloudwp.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000771; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dep453t707.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000772; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deregister-lbpayee.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000773; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"desejoourocard.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000774; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"designerlakehouse.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000775; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev-nadaj.orlenpaczka.ce5.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000776; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev-secu-credit-union.pantheonsite.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000777; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev-www.orlenpaczka.ce5.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000778; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev.shivaxi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000779; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"devicepichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000780; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"devops.help"; content:"Host"; http_header; classtype:attempted-recon; sid:200000781; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dfdd5g5h.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000782; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dfdffg5g.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000783; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dfdg4g5.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000784; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dfdg4g6h.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000785; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dfdgg5gbf.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000786; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dffdg45g45g.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000787; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dfg4g4gh.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000788; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dfg54g4d.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000789; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dfgfg5h5fg5.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000790; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgf5h5h.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000791; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgfg4g4f.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000792; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgfg4g4ffg5.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000793; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgfg54g55dg5.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000794; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgfg5g55.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000795; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgfg5h6jfbt.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000796; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgi.is"; content:"Host"; http_header; classtype:attempted-recon; sid:200000797; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgmepunjab.gov.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000798; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgotour.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000799; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgsh2ws45.lovestoblog.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000800; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dhanushr24.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000801; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dhl-event.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000802; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dhl-tracking-au.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000803; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dicsords.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000804; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"die-post-swiss-id-19782635812.psd2any.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000805; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diepost.ship-a.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000806; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diginto.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000807; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diminua.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000808; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diplocom.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000809; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"directclientsocialsecur-9e8ce4.ingress-florina.easywp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000810; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"directqpuprozaakp.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000811; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"disckord.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200000812; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"discrde.gift"; content:"Host"; http_header; classtype:attempted-recon; sid:200000813; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"discrods.gift"; content:"Host"; http_header; classtype:attempted-recon; sid:200000814; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dispositivoapp.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000815; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"disreale.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200000816; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"distinctivei.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000817; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"distrial.ec"; content:"Host"; http_header; classtype:attempted-recon; sid:200000818; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"divinasoutfit.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000819; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diwanautocare.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000820; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"djdjbds.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000821; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"djfh.wmfc241.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000822; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dkb-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000823; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dkbtan07.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000824; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dkglobaljobs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000825; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dl.9xu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000826; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dlink.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000827; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dmaxpesca.com.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000828; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"doclab-console-auth.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000829; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docs-verify-c671.thajetiase.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000830; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docs.revv.so"; content:"Host"; http_header; classtype:attempted-recon; sid:200000831; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docsharex-authorize.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000832; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docuservice.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000833; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docusign-lnc.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000834; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domaincontroller.pmeimg.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000835; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa136.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000836; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa152.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000837; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa156.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000838; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa178.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000839; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa18.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000840; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa217.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000841; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa242.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000842; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa279.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000843; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa287.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000844; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa292.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000845; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa335.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000846; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa381.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000847; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa390.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000848; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa409.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000849; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa410.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000850; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa412.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000851; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa479.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000852; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa557.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000853; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa569.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000854; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa571.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000855; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa675.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000856; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa789.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000857; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa828.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000858; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa87.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000859; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa873.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000860; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa912.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000861; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa954.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000862; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa966.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000863; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"doooog.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000864; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dorouscom.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000865; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"douuodwoman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000866; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dowaba-s2dhl.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000867; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"doz.tode.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000868; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dpasdasfasfasfas.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000869; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dpd-redelivery-uk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000870; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dpmasdaskj.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000871; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dr-joannepeeler.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000872; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dr3aq.byethost32.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000873; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dreamotion-jp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000874; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dret.myofficeaccounts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000875; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"drivingschoolglasgow.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000876; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"drmarciovaleriano.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000877; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dropboxsharing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000878; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"drothy.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000879; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dsgcbeonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000880; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dsp2codemdp.t.justns.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000881; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dsts.ssk.in.th"; content:"Host"; http_header; classtype:attempted-recon; sid:200000882; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000883; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dtrpsystasfasgas.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000884; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dukhovnist.in.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200000885; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"durecorpperu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000886; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dwrat.andalous.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000887; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dwvwq.cwfc.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000888; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dydex.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000889; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dyn.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000890; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dynastyclinic.ae"; content:"Host"; http_header; classtype:attempted-recon; sid:200000891; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e-cassare.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000892; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e.maseori.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000893; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e4ff557e.sso-secure-mail04wtwdw4.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000894; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e4ra.byethost8.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000895; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e63q45f9h5fr.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000896; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eagleeyeapparel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000897; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"earth01.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000898; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eastviewvolleyball.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000899; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"easywalletsfix.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000900; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eba0200d0c.nxcli.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000901; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ebay-de.ad49103.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000902; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ebay.com.dashboard-seller.center"; content:"Host"; http_header; classtype:attempted-recon; sid:200000903; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eberhardtedwige.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000904; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ecogreenjanitorial.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000905; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ecomcrew.staging.wpengine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000906; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ecosteelsolution.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000907; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"edje.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000908; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"edukickmexico.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000909; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ee-sms.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000910; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ee.macesoi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000911; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"efarms.com.ng"; content:"Host"; http_header; classtype:attempted-recon; sid:200000912; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eharmonyservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000913; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ekabel.hu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000914; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ekbofexjlnsdsfaqxbcfpnfift-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000915; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ekobebe.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000916; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"electrocoolhvacr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000917; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"electronicanehuen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000918; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"elektroonline.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000919; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"elioraaa2.hyperphp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000920; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ellatinodigital.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000921; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"elomo.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000922; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eluniversallatinworld.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000923; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"email302.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000924; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emailsettings.webflow.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000925; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emailwebaccess.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000926; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"embarquefloripa.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000927; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emberlingerie.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000928; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emlink.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000929; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emojis.bons.bar"; content:"Host"; http_header; classtype:attempted-recon; sid:200000930; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emojis.dels.bar"; content:"Host"; http_header; classtype:attempted-recon; sid:200000931; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emsi-lobo.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000932; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"en-template-accounta-16424235497423.onepage.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200000933; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"en-template-restaura-1642420369816.onepage.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200000934; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"en-template-solicito-16414253314897.onepage.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200000935; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"enate.ibrali-foundation.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000936; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"enbolivia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000937; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"encryptdrive.booogle.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000938; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"engcamp.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000939; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"enoman.fqzsdgtg.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000940; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"entp-ezlto-tpenzo-emllp.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000941; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ershamshad.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000942; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"es-caixabanks-online-park.es.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000943; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"es-caixabanks-online-ytrz.es.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000944; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"escortinraipur.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000945; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eseax.ws"; content:"Host"; http_header; classtype:attempted-recon; sid:200000946; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eservicebits.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000947; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"esfdesentakip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000948; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eshetkari.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000949; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"esholehuva.cf"; content:"Host"; http_header; classtype:attempted-recon; sid:200000950; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"esi-texas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000951; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"esinnovativeinteriors.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000952; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"espace3concept.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200000953; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"espo.loving-benz.172-245-8-50.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200000954; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"establecimientoscolonia-uy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000955; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"estorneaqui.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000956; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-co-jp.f2ss.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000957; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-co-jp.f3ss.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000958; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-meisai.jploginsd8fd9dhv0.foreverhome.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000959; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-meisfrq.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000960; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-uhfjk.monster"; content:"Host"; http_header; classtype:attempted-recon; sid:200000961; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.jp.anzhanfrp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000962; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.kcjis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000963; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.oxqk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000964; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eth-coinwallet.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000965; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eth.coinscout.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200000966; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ethnictrendz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000967; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ets.jwr.pa-fakfak.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000968; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eucriomeumundo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000969; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eugnerally-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000970; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eusa-lombo.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000971; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"evashoes.com.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200000972; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"even-ff-terbarugratisgarenaff2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000973; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"even-ffgarena.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000974; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"event-freefire728.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000975; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"everestmotors.com.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200000976; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"evo-revolutioncups.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000977; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"evolbithman.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000978; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"evolveksa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000979; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"excel-cloud-document-2021.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000980; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"excelengbd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000981; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"excelhana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000982; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exchangedictionary.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000983; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exciting-leavitt.23-95-231-131.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200000984; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exocdus.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000985; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodlus.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000986; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodus.com-wallet-signin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000987; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodus.com-web-wallet-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000988; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exoduspool.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000989; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodusweb.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000990; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exondus-lokin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000991; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exploretrace.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000992; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"extracash-interlbankonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000993; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"extracloud.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000994; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ezblox.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000995; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ezssausage.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000996; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"f9w1lned0ruqblxi6jahwotak.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000997; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"faccebook.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000998; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook--videos----app----today.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000999; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook-accts.pages-recovery.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001000; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook-login.tbit.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001001; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com.vitale-plus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001002; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.eventspinff.wtf"; content:"Host"; http_header; classtype:attempted-recon; sid:200001003; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebooks.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001004; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facsehkfhgydh.dynamic-dns.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001005; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facture-proofxmail-orange7.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001006; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"faizankhan0408.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001007; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"falling-scene-3ac3.updatelogaccountprogramedrfwerwrdhskk.workers.dev#winnie@soupro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001008; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fan-web-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001009; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fancy-rain-22bf.vakagew948.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001010; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fantech.co.il"; content:"Host"; http_header; classtype:attempted-recon; sid:200001011; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fanxtv.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001012; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fassilneit.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001013; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fassilnet.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001014; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fassilnet5.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001015; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fax.gruppobiesse.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200001016; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb-case-id-28031803-fcdc-48af.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001017; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb-pages.proteksion-help.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001018; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb-wiadomowsciwszystkie.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001019; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb.expressturkeyi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001020; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb7927.bget.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001021; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fbpagescommunitydetectedabuseissues.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001022; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fclproperties.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001023; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fdasd.2e4jept.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001024; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fdhgf.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001025; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"federalaccesscredit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001026; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fedner.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001027; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fer-brooks.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001028; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ferienhof-gempel.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001029; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fevecot.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001030; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff-freeitemold.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001031; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff-member-garena-vn.tokyo"; content:"Host"; http_header; classtype:attempted-recon; sid:200001032; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff-membershipz-garena.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200001033; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff.member-gaarena.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001034; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ffgfhg6h6.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001035; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgf5g4g56h.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001036; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgf5h5h6.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001037; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgfg4g4gdg5.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001038; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgfg4g4gf.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001039; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgfg4g5gfg.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001040; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgfg5g54g.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001041; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgfg5g5h55.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001042; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgfg5gt5h5.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001043; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgfg5h55h5.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001044; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgfg6h6h.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001045; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgfh5h5h.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001046; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgg5gr5g6hj.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001047; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fgh5gh5g.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001048; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fghgh54g54g.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001049; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fghjr74rhudfguhtfguji.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001050; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fghkdjkjhlk.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001051; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fhgh54g4.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001052; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fi.uy"; content:"Host"; http_header; classtype:attempted-recon; sid:200001053; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fiber10.iaasdns.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001054; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fidelitybank-mn.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001055; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fighting40s.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001056; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fileundelete.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001057; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"filtrosmil.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001058; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"finalfantasyguide.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001059; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"firstsourcesbus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001060; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fixi.rest"; content:"Host"; http_header; classtype:attempted-recon; sid:200001061; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fixingtodaymailuserupdates.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001062; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"flcancer39-px.rtrk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001063; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"flotis.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200001064; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fluksrv.mycpanel.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200001065; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fmwebapp.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001066; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foliar.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001067; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foma-ura-lote.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001068; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foresta-mod.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001069; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"formbuddy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001070; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"forms.formium.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001071; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"formtools.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001072; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fortonor-online.preview-domain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001073; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"four-spotty-coffee.glitch.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001074; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fpalpha.myportfolio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001075; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fpmaam.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001076; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fr-europe564598-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001077; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"frankfurtertsparkasse.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001078; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-covid-19-stimulus-bonus.nethouse.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001079; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-fire-event-super.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001080; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-fire-free-hadiah-menarik-spin-grati.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001081; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-fire-ind-bagi-hadiah-gratis-menarik.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001082; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-firecoderedem.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001083; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-mail4.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001084; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freefire.pontorecargajogo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001085; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freegiftlimited.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001086; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freeliker.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001087; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freeroid.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001088; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"frefire-membership-garena.sukienfreefire2021.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001089; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freg-nine.pt"; content:"Host"; http_header; classtype:attempted-recon; sid:200001090; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"friendsofnechockey.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001091; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fripjobs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001092; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-ca.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001093; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-exchangex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001094; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-me.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001095; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-register-pro.world"; content:"Host"; http_header; classtype:attempted-recon; sid:200001096; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-register.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001097; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-register.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200001098; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-signup.click"; content:"Host"; http_header; classtype:attempted-recon; sid:200001099; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-vwy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001100; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001101; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx.cool"; content:"Host"; http_header; classtype:attempted-recon; sid:200001102; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftxbonus.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001103; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fullcloudy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001104; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"funiswap.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200001105; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"furgonetka-1.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001106; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"furgonetka-2.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001107; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fusionrestobar.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001108; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fxhalifax.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001109; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001110; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"g-mtcc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001111; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"g.greatsubstance.com.my"; content:"Host"; http_header; classtype:attempted-recon; sid:200001112; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ga.teesmith.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200001113; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gabrielamims.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001114; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gagaclinic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001115; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001116; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gallciaonllne.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001117; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"garena-xacminhtaikhoan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001118; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gastronomimeslekkursu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001119; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gasunige.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200001120; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gdpcambodia.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001121; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gedfdfsd.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001122; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"geg.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200001123; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gegenev436.typeform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001124; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"generali-italia-ag.hrweb.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200001125; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"generalwebsecurityupdates-t5wgg.ondigitalocean.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001126; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"genie-alba.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001127; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gentlescollections.com.ng"; content:"Host"; http_header; classtype:attempted-recon; sid:200001128; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getapps.vip"; content:"Host"; http_header; classtype:attempted-recon; sid:200001129; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getitapprovedacceptourterms2021.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001130; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getlikesfree.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001131; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getpancakeswap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001132; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gfhgh5hg5g.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001133; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gfxx.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001134; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ghorana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001135; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"giantblock.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001136; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gibsanapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001137; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gicin95242.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001138; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"giris-papara.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001139; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"girleatsworld.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001140; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"girls-tube.mobi"; content:"Host"; http_header; classtype:attempted-recon; sid:200001141; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gjg5h5gh5h.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001142; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gkjx168.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001143; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001144; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"globalunitytv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001145; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"glogo.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001146; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"glsword.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001147; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gmailposteingangi.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001148; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gmgroupllc.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001149; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gmxmailme.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001150; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"go.simplify.co.nz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001151; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"go24link.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001152; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"goldenlasgidi10.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001153; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"golkondaresorts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001154; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gomdinfgvs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001155; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"goo-gl.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001156; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"good12345.tripod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001157; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"goodtimeforme.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001158; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gosafes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001159; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"govanalyze.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200001160; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gramarcales.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001161; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"greekinfra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001162; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"greenclasses.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001163; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grosshandel-mevida.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001164; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"groupalbinali.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001165; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"groworldinternational.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001166; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grp02.member.mycld-rakuten.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001167; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-whatsapp2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001168; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupanamia.001www.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001169; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupofsp.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001170; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupopaublete.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001171; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gruposanpio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001172; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gscommunityspirit.greenschool.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001173; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gstsolutions.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200001174; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gumtree-pay.order174362546.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001175; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gunatanahku.perkimtan.sumbarprov.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001176; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gurukanth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001177; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gwenet.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001178; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"habbocreditosparati.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001179; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haftteam.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200001180; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hahdaeupdate.es.tl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001181; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hairstylegreececonteaddidas.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001182; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"halaisabudhabi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001183; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"halifax-securelink.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001184; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haliuk-secure-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001185; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hamiltontruckingtransportation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001186; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"handakai.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001187; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hangovertest1.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001188; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hans-ledlite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001189; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hardcore-lovelace.198-23-207-203.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200001190; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"harm45ari.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001191; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haroldhazard1-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001192; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hasseanhannitybeenwaterboarded.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001193; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haunlimited.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001194; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hcnprdvz.azureedge.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001195; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"heinthu1.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001196; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hellenic-postbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001197; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help-identity-recoveri-support-center.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001198; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help.insecur.saftyalert.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001199; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help.validation-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001200; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"henan.vxim58i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001201; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"herdot-online.preview-domain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001202; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hgda.db0u4hs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001203; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hgdaa.lfoxcct.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001204; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hghgda.erjl0hx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001205; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hgsbakiyeyuklucenmitrptt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001206; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hgsvezneyukle.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001207; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hhdd.mzhemfi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001208; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hi.switchy.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001209; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hidzzs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001210; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly01721.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001211; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly06356.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001212; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly31916.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001213; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly32053.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001214; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly38926.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001215; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly39091.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001216; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly61215.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001217; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly71191.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001218; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"himalayansherpa.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200001219; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"himbauane.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001220; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hitman71hd-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001221; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hm.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001222; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hmf.at"; content:"Host"; http_header; classtype:attempted-recon; sid:200001223; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hockian.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001224; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"home.ei1ns.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001225; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"home.myfairpoint.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001226; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"homepichilinea2.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001227; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"homesinlogin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001228; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hostnix.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001229; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotbrooks.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001230; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotel-pontos.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200001231; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotelcatur.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001232; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hoteltigerplus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001233; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotgirlz.mobi"; content:"Host"; http_header; classtype:attempted-recon; sid:200001234; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotlady.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200001235; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hounbvc-c7661.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001236; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"houseofscotland.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200001237; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001238; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpplotters.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001239; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hs-giveaways.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200001240; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ht-cargo.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001241; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"htlgroup.com.my"; content:"Host"; http_header; classtype:attempted-recon; sid:200001242; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpeugnerally-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001243; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-con04.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001244; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-srv02.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001245; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-srv06.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001246; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-srv08.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001247; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hubcare.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001248; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hulu-com-activate.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001249; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hulu-hulu-com-activate.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001250; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hulu.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001251; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"humc.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001252; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hutoknepper.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001253; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"huxleyfran.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001254; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"huynguyen2k.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001255; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hype-squad.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001256; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypegames.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200001257; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"i-ask332.dga.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200001258; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"i.canyonmtgcorp.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001259; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"i.violationspage.validationspege.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001260; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001261; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iban.leboncoinplacement.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001262; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ibf.tw"; content:"Host"; http_header; classtype:attempted-recon; sid:200001263; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ibpm.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001264; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"icloud-map-live.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001265; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"icy.martulangbelulalng.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001266; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"identifiez-vous-avec-votre-compte.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001267; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"identifiez-vous598.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001268; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"identify.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001269; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"idhuman-verification.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001270; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iframejld.avent-media.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200001271; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ighk.umjlrs7uci2751.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001272; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iipvit.by"; content:"Host"; http_header; classtype:attempted-recon; sid:200001273; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijcda.bukkats.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001274; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijhca.0gb0h7z.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001275; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijjd.h8nmtcc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001276; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijmna.p2y00vd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001277; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijmnc.x7o1tut.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001278; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijnssa.w005zmk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001279; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijsa.x3585z7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001280; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikcda.a2g5xvs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001281; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikcsa.ajiqvjf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001282; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikdff.jmo904i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001283; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikja.lbanwqp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001284; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikjcd.p1z98hl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001285; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikjd.uk0xnp8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001286; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikjgd.rg6bzk7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001287; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikmcd.u4jdbxm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001288; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikmxaa.qcqxlrq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001289; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ilooksrare.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001290; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ilpconnect.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001291; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"imersao.impulseingles.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001292; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001293; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"imobiliaria-cardinali-com-br.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001294; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"in.deraya.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001295; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"info-runescape.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001296; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"info.lionnets.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001297; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infopichinchaweb.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001298; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"informations.recovery.confiryourpage.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001299; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infos00001.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001300; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infosecplace.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001301; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infosprologinmatrisemomols.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001302; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ing.ingdirect-app.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001303; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ingaveiculos.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001304; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inicia-bancalnterbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001305; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inna.cedymll.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001306; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"innca.ol90k56.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001307; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"innovasjon.as"; content:"Host"; http_header; classtype:attempted-recon; sid:200001308; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inpost-pl.567791.space"; content:"Host"; http_header; classtype:attempted-recon; sid:200001309; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inpost-pl.id-43031.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001310; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inpostpl.rost-ikk.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200001311; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inps-ep.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001312; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"instagram-com-voting.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200001313; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intapp.ibrali-foundation.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001314; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intellidata-analytica.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001315; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbamk-bancaporinternelcom.seleccionpersonaonlineperu.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001316; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbank-pe-iphone12pro.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001317; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbankempresahomeweb.chotsales.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001318; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbankempresahomeweb.dolcesrealestate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001319; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbankempresas.pe-il.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001320; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbanklhomeperu.ibk-rlz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001321; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbankperu-extracash.ibk-rlz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001322; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"international-formulier.91-218-65-223.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200001323; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"internetbankinghelp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001324; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"internetservicetech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001325; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intexargentina.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200001326; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inthewildproductions.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001327; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intoli.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001328; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intranet.sztpe.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001329; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"investorshub.net.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001330; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"investpl.work"; content:"Host"; http_header; classtype:attempted-recon; sid:200001331; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"invictushr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001332; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iomindvsf.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001333; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ionos-mein.webmail.de.flick-fix.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001334; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ip144.ip-146-59-43.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001335; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iplogger.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001336; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iqwea.soxr0u1.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001337; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ironmantech.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200001338; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"irs-gov.us-get-payment-submission.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001339; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"irs-informationsubmitinfo.ge-information.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001340; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"irs.gov-us-economic-impact-payment-coronavirus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001341; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ise.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200001342; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"isecuredappsconnection.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001343; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"isetan.vip"; content:"Host"; http_header; classtype:attempted-recon; sid:200001344; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"isfirsatibul.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001345; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ismamorlin.my-place.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200001346; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"istudyalumni.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001347; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"it-europe564598-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001348; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"it.melnikhotels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001349; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"itcentralsupport.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001350; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"itcontentcurationchannel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001351; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"its.tikkycloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001352; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"itsmdshahin.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001353; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iuhkj.r4f4vmtlso.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001354; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iuhs.tyopfhn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001355; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iujdas.yfwxlc9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001356; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iuyydd.ebeg6uk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001357; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"j9w77d0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001358; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001359; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001360; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacobliston.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001361; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacss.co.jp-service-tramid-0001-00001m.o0bk8j9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001362; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacss.co.jp-service-tramid-0001-00001m.zl6d6ja.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001363; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jadaart.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001364; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jam-023d.gitlab.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001365; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"james8.aidaform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001366; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jasa-antar-jemput-12.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001367; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"javarockingland.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001368; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jax.bz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001369; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jdangs902vsvfop164dfaldg53.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001370; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jeanbaileyrobor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001371; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jeomafiotor24-9ec8a0.ingress-bonde.easywp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001372; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jerinja.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001373; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jetser-electrical-supply.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001374; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jett.gator.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001375; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jfgkfghfghff.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001376; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jflkp.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001377; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001378; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhda.wfdyk9p.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001379; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhdd.fjcslad.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001380; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhff.93oe0u9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001381; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhnd.0drhnjk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001382; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jindai.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200001383; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jiwanramchemical.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001384; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jj98.amazooaznma.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001385; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jjelectricservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001386; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jjhcd.27ke98i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001387; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jk99j.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200001388; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jlogine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001389; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jmcna.jiwayjc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001390; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jncba.diiqsmm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001391; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jnnc.grnxkoj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001392; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"job-type.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001393; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jobs.job.com.bd"; content:"Host"; http_header; classtype:attempted-recon; sid:200001394; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joecamera.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001395; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"john-ashley.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001396; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joingrubterbaru28.001www.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001397; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joshsarangal.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001398; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jossa.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001399; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jow-japan.or.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200001400; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joyeriajireh.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200001401; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jp-ama.iomainnasoryouraue.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200001402; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jppny.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001403; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jptechdocsign.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001404; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jrhayley.plus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001405; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"juandfar.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001406; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"juscook.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001407; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"justgot.gonevis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001408; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"justsayingbro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001409; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jvk.zultifarza.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001410; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jyeue43rm95p.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001411; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jz2bab.webwave.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001412; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"k3ja6d.webwave.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001413; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ka31263jtj.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001414; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kaamwalibais.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001415; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kafelah.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001416; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kamdhenurealities.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001417; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kapfkkkngv.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001418; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kargonova.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001419; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kartaltepespor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001420; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kasba.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001421; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kasumigaura-zouen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001422; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"katanaroninchains.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001423; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kbstitchdesigns.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001424; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kcas.ygvlrlo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001425; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kdhdf34j6dfh.dealerwebsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001426; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kdlscaffolding.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001427; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kecc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001428; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kecmanijada.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001429; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001430; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001431; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001432; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kenogin.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001433; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kevinsmovingservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001434; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kex81.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200001435; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"key-drcp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001436; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kghm-invest.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001437; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ki89.pckmlc0cus5667.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001438; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kienthucykhoa.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001439; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kindergartenwutai.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001440; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kingseryal5.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001441; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kissapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001442; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kitsor-uno.preview-domain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001443; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kjda.td0k2jn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001444; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kjhdda.tetfeec.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001445; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kleinsigns.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001446; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"klockorochsmycken.se"; content:"Host"; http_header; classtype:attempted-recon; sid:200001447; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kmgc.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001448; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"knocktheskool.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001449; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"koerich-c-empresarial.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001450; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"koji.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200001451; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kone-ali123-mon-site-web-cheetah-5.cheetah.builderall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001452; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"konfirmasi-identitas-2022.webnode.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200001453; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"konnect2kamadhenu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001454; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"konyahizlicilingir.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001455; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"koteng.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001456; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kr-bithumb.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001457; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kraalbus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001458; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"krishnfoundation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001459; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"krupije.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001460; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"krx887.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001461; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kuchkuchnights.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001462; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kundenlogin-dkb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001463; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kurier24-1.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001464; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kurier24-2.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001465; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kurier24-3.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001466; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kurortnoye.com.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200001467; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"l-abe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001468; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"l-q.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001469; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lambdaweb.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001470; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"landauinsurance.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001471; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"laposada.roncesvalles.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200001472; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lapotosinaexpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001473; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"larindbr.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001474; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"larvalab.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200001475; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lasyaja.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001476; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latelevitation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001477; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latest-recharge-reorder.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001478; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latinotravel.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001479; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"laundry-ade-ashar-883.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001480; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lbce.lecservilbc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001481; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lbk-web.oportunidad.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001482; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ldsplanettt.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001483; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"le-diablotin-rouen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001484; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leadershipmail.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001485; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"learningimpactmodel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001486; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leboncoin.delivery01588.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001487; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leboncoinpaiement.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001488; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leboncoinsecurise.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001489; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lemeiesta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001490; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lenagruessdich.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001491; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leroycu.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200001492; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lettertracing4kids.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001493; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lg-onecom-io.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001494; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"liberasrl.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200001495; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"limitlesstechnology.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200001496; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lingid.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200001497; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"liongear.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001498; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"liooksrare.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001499; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lirc.cep.edu.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001500; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"little-frost-1a15.chrisc11004842.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001501; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"little-rain-39c4.newdhlacceslogins.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001502; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"little-wood-23ca.abssupdatedlogin.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001503; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"litty.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200001504; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"liusanchuan.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001505; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"live-site.hopto.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001506; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"live.rawfednews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001507; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"livechat-ronin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001508; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"livecryptolab.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001509; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"livelifelimitless.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200001510; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"livewalletvalidate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001511; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ljkds.hvkmjdq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001512; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lkjds.nlmwjta.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001513; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbank-accountbreach.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001514; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbank-secure-customers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001515; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbank-support-team.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001516; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbanking-securelogin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001517; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydsbank.deregister-payee-secure-auth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001518; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydsbank.secure-online-deregister.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001519; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydsbank.secure-personal-device-login.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001520; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloyduk-newdevice-registered-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001521; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001522; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lmuorn7lhf2jo8rzeyxqww-on.drv.tw"; content:"Host"; http_header; classtype:attempted-recon; sid:200001523; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lnkd.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001524; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lnterbancape-lbk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001525; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lnterbank.pe.starneonsignsug.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001526; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"localdepotservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001527; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lockpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001528; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loengregkuetngferu.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200001529; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lofon-add.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001530; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loftywallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001531; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001532; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-live.com-s02.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001533; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001534; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-postfinance.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001535; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login.privategold.uytrtyuhij987.gowithapex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001536; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"logindhlaccess.dhlupdatelogin.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001537; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loginmailionos2702200352313bc05944519035231.primapower.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001538; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"logverify-df12e-verify-1230-eu.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001539; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loinesports.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001540; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lomadesarrollos.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200001541; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lombard11.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001542; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lopezlandscapingandlawnservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001543; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lot-lp-x.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001544; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lovives.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001545; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lp.vp4.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001546; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ltdv1signinui.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001547; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"luciolee17.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001548; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lucky-glitter-f89f.jimmysitt.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001549; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lucy-walker.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001550; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"luisoutlet.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200001551; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lunugrcpujwcfnajuctkojawrh-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001552; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lydab.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001553; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.fancy-bush-cf01.marhabitas.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001554; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.help.insecurpage.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001555; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.maseocoad.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001556; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.protc.safty-pege.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001557; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.recovery.safetyacount.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001558; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.recovery.saftypageupdate.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001559; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m42club.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001560; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m9afaf8232rjhfjafas.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001561; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"machineryzoneservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001562; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"macjakarta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001563; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"macst.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200001564; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"madens.com.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001565; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"madrhinoconsulting.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001566; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maestro.my.prod.dfg152.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001567; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mahikapur.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001568; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mahud.globizsapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001569; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-account-verify-f4723.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001570; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-gmxaktualisierung.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001571; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-ovhcloud.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001572; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-ssocloud-srvr67yhguh.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001573; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.enrollmoreclientsbootcamp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001574; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.ims-fe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001575; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.kuttabalfatih.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001576; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.printingbannerscheap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001577; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.santepluspharma.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001578; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.updateinfo-billingo2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001579; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.wheel1factory.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001580; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.zenstream.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001581; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck1.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001582; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck11.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001583; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck12.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001584; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001585; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck15.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001586; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck16.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001587; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck17.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001588; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001589; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001590; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck20.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001591; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck5.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001592; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck6.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001593; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001594; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001595; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck9.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001596; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailgmxaktualiisieren.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001597; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maillgmxaktualisieren.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001598; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailplusrolerequestedprivatemailupdates.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001599; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailserver7656566.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001600; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr161.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001601; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr162.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001602; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr163.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001603; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr164.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001604; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr165.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001605; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr166.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001606; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr167.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001607; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr168.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001608; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr169.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001609; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr170.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001610; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr171.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001611; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr172.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001612; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr173.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001613; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr174.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001614; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr175.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001615; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr176.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001616; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr177.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001617; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr178.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001618; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr179.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001619; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr180.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001620; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr181.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001621; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr182.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001622; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr183.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001623; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr184.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001624; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr185.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001625; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr186.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001626; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr187.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001627; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr188.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001628; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr189.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001629; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr190.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001630; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr191.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001631; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr192.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001632; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr193.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001633; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr194.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001634; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr195.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001635; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr196.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001636; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr197.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001637; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr198.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001638; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr199.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001639; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailservervalidationr200.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001640; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee12.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001641; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee16.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001642; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001643; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001644; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee24.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001645; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee27.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001646; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee29.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001647; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee34.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001648; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee35.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001649; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee40.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001650; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee6.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001651; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001652; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mainmobilerectify.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200001653; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maintoken.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001654; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"makcts-go.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001655; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"make-anon-keep-past.rvsla.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001656; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"makers-kind-happens-differently.trycloudflare.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001657; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mala-riba.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001658; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"malaprontaargentina.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001659; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"malehaenterprises.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001660; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"malthy.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001661; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"malukutenggarakab.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001662; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mandaguacucouros.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001663; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mankouguy079.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001664; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"manualsync.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001665; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mapsa.com.pe"; content:"Host"; http_header; classtype:attempted-recon; sid:200001666; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marbisaniha.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001667; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace-axieinfinity.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001668; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace-axlelnfiniity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001669; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplaceaxieinfiniity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001670; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"masdas0932.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001671; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"masum.lawyer"; content:"Host"; http_header; classtype:attempted-recon; sid:200001672; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"match.lookatmynewphotos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001673; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"match.procarematch.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001674; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"matchoklahoma.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001675; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"matelamsiska.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001676; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"matiruys.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001677; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maxclinic.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001678; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maxis-winner-2020.webs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001679; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mayormoveis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001680; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mboutique.cfd"; content:"Host"; http_header; classtype:attempted-recon; sid:200001681; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mccarthyelectrical.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001682; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mcconcep.cluster005.ovh.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001683; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mchganistore.solofolio.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001684; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mckennittfamily.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001685; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mdex.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200001686; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mdurucan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001687; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"me.iveva.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001688; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medelinahealth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001689; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medeniyetakademisi.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001690; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mednungtanpoudan-acvwe3.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200001691; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medo.world"; content:"Host"; http_header; classtype:attempted-recon; sid:200001692; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medtamr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001693; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meeting-23900123090123.bitbucket.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001694; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mego.yourgetpayments.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001695; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meinedk.cleverapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001696; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meinedkb16012022.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200001697; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mercani.pomyt.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001698; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meremanovegabana.website2.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001699; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mbxryj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001700; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mcjwdpv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001701; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mczqhx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001702; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.meujxjt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001703; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mfcoodw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001704; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mglsffs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001705; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mjrsrfo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001706; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mlzjgwh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001707; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mmsfzys.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001708; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mtlrnzu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001709; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mwsmws.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001710; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericorci-shop.er2h36s.rkpe1u41.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001711; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mermsersf.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001712; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"messagerie-or-business02.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001713; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestertignseekjet4.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001714; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestertignseekjet5.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001715; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestertignseekjet6.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001716; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestredaobra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001717; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metalurgicagiom.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001718; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamasc.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200001719; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-connect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001720; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-connect.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001721; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-extension.com.hsurge.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001722; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-wallets-protection.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001723; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-wallets.yahoosites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001724; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.cam"; content:"Host"; http_header; classtype:attempted-recon; sid:200001725; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.game"; content:"Host"; http_header; classtype:attempted-recon; sid:200001726; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.io-php.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001727; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.kiwi"; content:"Host"; http_header; classtype:attempted-recon; sid:200001728; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.onlineconfirmation.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001729; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.security-information.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200001730; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.social"; content:"Host"; http_header; classtype:attempted-recon; sid:200001731; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.wallets-reauth.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001732; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamaskdownloadandroid.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001733; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamassklogins-us.tumblr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001734; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metrocrestbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001735; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meusabor.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001736; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexce.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001737; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexce.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200001738; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexce.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001739; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexce.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200001740; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexce.vip"; content:"Host"; http_header; classtype:attempted-recon; sid:200001741; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexce.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001742; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexch.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200001743; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexch.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001744; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexch.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001745; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexch.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001746; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexch.vip"; content:"Host"; http_header; classtype:attempted-recon; sid:200001747; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mexch.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001748; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mfacebook.blogspot.com.cy"; content:"Host"; http_header; classtype:attempted-recon; sid:200001749; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mfacebook.blogspot.lt"; content:"Host"; http_header; classtype:attempted-recon; sid:200001750; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mfacebook.blogspot.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200001751; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mgointerpreter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001752; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mibancocrece.com.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001753; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"micacd.elshov.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001754; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"micard.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200001755; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"michaelabreha.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001756; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"michiyado.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001757; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"microcav.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001758; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"microsoftonline.mcommon.authorize.homeauth.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001759; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"microsoftonline.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001760; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"microsoftwebserver.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200001761; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"micuenta01.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001762; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"midasbuuys-id.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001763; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"milanobet301.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001764; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"militarybikers.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001765; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"minasokak.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001766; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mingming20160152.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001767; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mintsea.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001768; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"miozpro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001769; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"miracdoviz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001770; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"miss-paym02.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001771; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"missionshashank.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001772; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjayme9jdg9izxixmjeydgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001773; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjayme9jdg9izxiymjnyza.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001774; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1heta1dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001775; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetezmtj0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001776; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetgym3jk.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001777; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetizmtl0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001778; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetqymhro.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001779; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetu3dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001780; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetuymhro.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001781; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu5vdmvtymvymji5dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001782; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu5vdmvtymvymtexdgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001783; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymuf1z3vzdde4mtf0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001784; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymufwcmlsmde5dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001785; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bhk0mtf0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001786; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bhk1mtr0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001787; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bhkzmtn0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001788; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bmu0mtf0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001789; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bmuymzfzda.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001790; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymuphbnvhcnkxmzv0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001791; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymurly2vtymvymjiyn3ro.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001792; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymvnlchrlbwjlcjizmxn0.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001793; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mk2.ge"; content:"Host"; http_header; classtype:attempted-recon; sid:200001794; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mmtmk2436.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001795; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mnbxa.73kfer9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001796; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mnbxcas.zm7wwar.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001797; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mncxx.qbeepor.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001798; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mnnbx.r1rpj09.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001799; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mnncxa.fwffsyt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001800; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200001801; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobile-orange-forever.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001802; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobile-portail.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200001803; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobile.hedgesportst.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001804; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"modelossecra.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200001805; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mon-token.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001806; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mon.espace.lcl.fr.certosini.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001807; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monbudri.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001808; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mondrive.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001809; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monedri.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001810; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monirshouvo.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001811; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monomobileservice.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001812; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monprofilclient.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001813; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"montenegrolandscape.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001814; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"montrealidiomas.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001815; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monyeward.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001816; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"moonstandcu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001817; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"moovere.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200001818; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"morfybox.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001819; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mpserviciosintegrales.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001820; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mqzlsim.mindlogicinfotech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001821; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mrinalkantimajumder.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001822; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mrpitchman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001823; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"msc-doelsach.at"; content:"Host"; http_header; classtype:attempted-recon; sid:200001824; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mscc1s.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001825; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"msnserviceverifivation.wordpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001826; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"msofficemessagescenter-1.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200001827; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mtngifts2021.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001828; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mtron.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001829; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mtsn1kotabekasi.sch.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001830; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"muddy-credit-ea7b.0fflce-mlcr0sfot-online-supposrts3jp-tokcloud.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001831; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mudraloans.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001832; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mxrr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001833; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-bithumb.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001834; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-gmail.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200001835; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-site219.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001836; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.jcpwb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001837; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.paidy.com.cutav.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001838; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.paidy.com.theqeen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001839; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.paidy.com.wlhkd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001840; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.paydi.login-index-home.x4typfc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001841; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mygoogleaccount.stantrade.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001842; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myjcb.thxpj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001843; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mymbg-aa2e2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001844; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mymweb-owner.at.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200001845; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mynabsecure-log.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001846; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myshedbuilder.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001847; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mytheamsauthecent.wapgem.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001848; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myupdates-mynetflix.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001849; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mywalletsvalidation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001850; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mzdyyds.qmdqdku.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001851; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n-naoko-0319.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001852; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n.mostarcarcoamd.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001853; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n26.sa-france.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200001854; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n7orton.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001855; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"na-coin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001856; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nab-alert.mobi"; content:"Host"; http_header; classtype:attempted-recon; sid:200001857; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nab-www.303.si"; content:"Host"; http_header; classtype:attempted-recon; sid:200001858; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nabsecureau.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001859; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"najboljeuslugezavas.betterservicesforyou.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001860; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nanjing.itud167.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001861; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"napgamelienquan.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001862; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natalflrescruz.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001863; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natdev15.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001864; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"native-possession-josh-asks.trycloudflare.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001865; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"naturalrocksand.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001866; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.nwolb-login-auth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001867; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.secure-auth-personal-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001868; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.secured-online-verify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001869; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.secured-personal-verify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001870; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"navigator-mail-lonos.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001871; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nayameehomes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001872; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nayanielectronics.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001873; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcc.0bit08a.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001874; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcd.xiu58rl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001875; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcvs.gd65y69.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001876; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcxa.lctlfdq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001877; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcxas.551awvr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001878; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbhjxa.hblhi96.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001879; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbnonres.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001880; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxaa.b1b6nac.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001881; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxas.uabzfbm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001882; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxasd.rm625b.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001883; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxha.74zdws.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001884; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxza.giodzij.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001885; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbyhgfhv0899.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001886; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbyut75n.herokuapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001887; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ncgroup.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200001888; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"necessitymag.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001889; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nedbankqa.flowblocks.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001890; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nedriw.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001891; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"negociebra.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001892; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"neptuneinnovations.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001893; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nerestera.onrender.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001894; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netciti.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001895; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netflix-techarmy.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001896; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001897; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netwcosmos-7ac59.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001898; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"neversencommun.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200001899; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newellinnovations.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001900; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newlifenursery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001901; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newrydramafestival.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001902; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsletter.pagueonlinebra.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001903; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsodisha.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001904; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"next-sharepoint-p.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001905; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nextgensoftbd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001906; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhattinsteel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001907; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbcd.40ggify.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001908; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbcd.xitgfmh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001909; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbcda.g4g5mgc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001910; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbd.yl7g7qz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001911; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbdd.ncoavvx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001912; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhfactor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001913; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhgcs.ugvvluf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001914; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhhvd.zb06w77.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001915; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhri.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001916; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"niagarapower.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001917; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nic-home.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001918; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nizotchauffage.bilty.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200001919; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nmbtimesnmbtimesnmbtimes.diskstation.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001920; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nn.myjaeob.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001921; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nodesconnection.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001922; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"northoakcondobyminto.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001923; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"notife.help.institutepages.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001924; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"notification-fb.secure-pages.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001925; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"notificationmember.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001926; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nour-ala-nour.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001927; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"novobracelets.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001928; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"novolimitenu.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001929; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nrasproperties.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200001930; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nserviceserviceat.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001931; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nslg8.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001932; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nt.embluemail.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001933; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nueva-01.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001934; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nueva-acropolis.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001935; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nutroquin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001936; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nw-securedfailure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001937; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ny989.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001938; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nyhet.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200001939; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nyirlimuzin.hu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001940; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o.macesoi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001941; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o.myjmscb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001942; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2-failure-billing-update.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001943; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2-updatebillingvia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001944; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2billingauth-update.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001945; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oanmce.hjwxkugs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001946; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oauth2.infra.cluster.kznexpess.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001947; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ocareportesweb.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001948; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ocaxvefific.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001949; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oceantires.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001950; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ocioturismogalicia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001951; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oco.or.tz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001952; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oddplug.cfd"; content:"Host"; http_header; classtype:attempted-recon; sid:200001953; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"odiasamaj.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001954; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ofact-prosav.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001955; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"offic365.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200001956; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"offic4046217.sitebuilder.name.tools"; content:"Host"; http_header; classtype:attempted-recon; sid:200001957; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"officeee.bubbleapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001958; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialevent.way.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200001959; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialliker.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001960; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialtopoftheroc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001961; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oghands.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001962; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ogrodywlochy.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001963; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oiasasca.asiocsacszc.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001964; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oiasd.herorny.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001965; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oicm.oobqrxh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001966; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oidda.5s2iamp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001967; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oijcd.qvjcddv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001968; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikca.smwceku.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001969; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikcas.6b914ty.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001970; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikcd.uf27ce8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001971; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikcxa.zvvx01z.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001972; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oiyq.viunckf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001973; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okayama-tyumonjc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001974; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okcs.qj8yua.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001975; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okds.bbtlcve.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001976; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okexcoint.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001977; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmca.8xcrn6w.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001978; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmca.bxkfham.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001979; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmca.uwudagu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001980; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmxa.lfgpror.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001981; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okpwtu.webwave.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001982; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"olk.us7apye.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001983; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"olmnxa.wc2ikux.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001984; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"omesqiwines.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001985; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oncopharma-ae.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001986; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"one.devicemng.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001987; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"one.emblem.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200001988; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"one.kauf.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200001989; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onecreator.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001990; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onedrive.zhaoge.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001991; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onee-a0488.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001992; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oneisallandone.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001993; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oneone-19cd8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001994; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oneone-a38ef.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001995; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"online-sistem.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001996; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineasesor01.hostfree.pw"; content:"Host"; http_header; classtype:attempted-recon; sid:200001997; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineffn2.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001998; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlinemtbank0001.dd-dns.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001999; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlysportplus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002000; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ooijxas.v1d0u7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002001; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ooxvocalor.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002002; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"op.nuveie.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002003; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"opansea.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002004; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"open24.ie-tsb.email"; content:"Host"; http_header; classtype:attempted-recon; sid:200002005; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"opensaeb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002006; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"opera-mps-sicuro-com.preview-domain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002007; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"opsomdinbs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002008; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ora-n.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002009; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orabu.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200002010; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange-dcr.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002011; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange-security.cloud.coreoz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002012; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange.iobeya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002013; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange.sphinxonline.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002014; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange2k22.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002015; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orangess.contactin.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200002016; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"org-nr.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002017; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orlen-inve.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002018; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ormantencs112.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002019; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"osis.world"; content:"Host"; http_header; classtype:attempted-recon; sid:200002020; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"osminojka.gkb3.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002021; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"otomoto-h229.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002022; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"otomoto3452.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002023; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002024; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ourgarden.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200002025; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"outlook1541489.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002026; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"outlookcom119.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002027; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"overovani.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002028; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002029; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"p.maseori.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002030; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"p1c.servleboncoinser.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002031; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"package2021.blogspot.ba"; content:"Host"; http_header; classtype:attempted-recon; sid:200002032; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"package2021.blogspot.bg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002033; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"package2021.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002034; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"page-restrict-case22456548.help"; content:"Host"; http_header; classtype:attempted-recon; sid:200002035; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-1008009999700022199021.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002036; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-alert-facebook.ezyro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002037; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-community-standart-2022.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002038; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-marvelous-project.webflow.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002039; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-support-office-2021.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200002040; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-support-office-2021.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002041; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages.secure-accts.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002042; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pagos.sinpemovil.cr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002043; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paidpapers.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002044; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"palmm.ps"; content:"Host"; http_header; classtype:attempted-recon; sid:200002045; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancaakesvap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002046; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancake7wop.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002047; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakesfinances.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002048; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakesvvap-finance.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002049; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.finance.tradechange.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002050; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.men"; content:"Host"; http_header; classtype:attempted-recon; sid:200002051; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.multi-wallet.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002052; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.salsasourcing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002053; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapes.company"; content:"Host"; http_header; classtype:attempted-recon; sid:200002054; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexcgn.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002055; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexch.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002056; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexchage.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002057; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexchg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002058; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswappshop.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002059; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancaku-swap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002060; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancalteswap.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002061; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"panckaceswap.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002062; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaskin.ru.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002063; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"panelweb-4cae2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002064; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pankaceeswap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002065; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pankaceswapes.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002066; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pankakeswap.ledgity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002067; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pantazisezopiiuurmail1.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002068; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pardot.assemblecommunities.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002069; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pasarbta.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002070; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"passionfruit4576261.brizy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002071; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pateltutorials.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002072; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"path.faithbible.institute"; content:"Host"; http_header; classtype:attempted-recon; sid:200002073; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pathospitals.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002074; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"patient-cell-40f5.updatedlogmylogin.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002075; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"patmacdougall.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200002076; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"patwise.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002077; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pavisse-radioastronomy-sewerless.s3.us-west-004.backblazeb2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002078; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paws.org.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002079; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pay16-olx.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002080; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paymentnotificationnow.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002081; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paypal-online-2deposits-paymentaccept.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002082; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paypal-opladen.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200002083; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paypalforex.co.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002084; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"payplsupport37925464785.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002085; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdf-cloud-document.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002086; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdf-sharefile-doc.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002087; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdflogincnvwo.app.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002088; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdfsecured.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002089; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pencakecwap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002090; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"perfectliker.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002091; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"peringatanakunfb2k214.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002092; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pge-dep.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002093; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pge-inwv.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002094; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pge-max.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002095; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phantam.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002096; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phantom-walletweb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002097; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phantomaa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002098; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phantonm.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002099; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phishingloginmicrosoftonlinecom.zerotrustcorp.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002100; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phlexx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002101; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phreshphoto.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002102; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"picclubstore.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002103; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos1.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002104; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos2.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002105; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos3.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002106; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos5.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002107; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchabank.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002108; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchacomfi.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002109; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchaecori.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002110; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchauser.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002111; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchverify.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002112; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"picnic.industries"; content:"Host"; http_header; classtype:attempted-recon; sid:200002113; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pics.lookatmynewphotos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002114; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pienetwork.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002115; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"piffvancouver.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002116; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pikaresailing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002117; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pikay13.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002118; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pinchinchaverify.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002119; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pirana.co.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002120; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pitchou-rez4.webnode.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002121; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pjdhxpa.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002122; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pla1060604.nichost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002123; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plan-o2-monthlypayments.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002124; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"planetaamor.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002125; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plasticaindia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002126; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"platinumserviceac.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002127; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"playgirlgold.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002128; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plugmailextraexpiredoldpolicynotificationscenter.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002129; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plwiadomowsciwszystkie.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002130; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"po-package-redeliver.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002131; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poc-rewards-program-c2dfc.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002132; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"podpiska-darom.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002133; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pokajca.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002134; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pokcda.lnizi9c.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002135; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poklsa.slodddz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002136; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polcas.et0bgyf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002137; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polcd.op59bk5.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002138; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polcda.qcgjwj7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002139; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poldf.gejzesp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002140; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polds.gmj6f2.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002141; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poligrafiapias.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002142; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polkadot-france.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002143; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polkastarter.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002144; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polsd.pa0cpof.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002145; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polska-platform.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002146; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polxa.uh8dg67.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002147; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polygon-pro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002148; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polygon-secure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002149; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polygon-technologyes.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002150; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pomnxaa.181gh1c.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002151; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"popostdelivrych.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002152; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-ch-de.34224.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002153; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-ch-de.65241.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002154; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-ch.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002155; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-track.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200002156; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"posta-romana.cameleon-digital.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200002157; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postalbankk.tmweb.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002158; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postaledsp2.conexion.fr.savealifemw.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002159; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postalfees-uk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002160; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postalukservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002161; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postch9192.cargo.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002162; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postechsuivre.ileanamlaw.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002163; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postoffice-attempt-by-driver.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002164; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poww.6hkjmb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002165; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ppnnttcc.ppcnthsc.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002166; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"preg.dspearhead.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002167; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"preg.marketingvici.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002168; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prepaid-leboncoin.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002169; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"preppingconfidence.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002170; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prernaindustries.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002171; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prime-picked.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002172; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primeaprop.sslblindado.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002173; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primeassi5.sslblindado.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002174; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primecentral.jihanjiaopo6.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002175; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primecentral.jixinggaozhao2.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002176; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primecentral.qiourn.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002177; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primeone.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002178; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primerospasosco.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002179; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"printtoner.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200002180; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"privacy-update-page-prtections-association-recovry-secu.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002181; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"privacy-update-secu-recovry-page-protection-4565544.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002182; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"privacy-update-secu-recovry-page-protection-comunity-45.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002183; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"priyankasandokar1606.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002184; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pro.icloudremovaltool.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002185; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"procservautomatizacion.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002186; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.anon-rest-keep-reset.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002187; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.anon-step-keep-object.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002188; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.calm-limit-671e.ralph2481.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002189; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.dry-snow-ddc20ffice.deuceice2.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002190; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.keep-paper-account.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002191; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.lively-salad-1c42.updatelogaccountprogramedrfwerwrdhsmc.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002192; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.passtruth-truth-5df4.pass-morn-reset-todaybringsjoy.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002193; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.steep-poetry-1ba3.updatelogaccountprogramedrfwerwrdhscsw.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002194; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.try-murpheos-keep.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002195; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002196; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"project1-df3e9.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002197; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"projectlovewell.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002198; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promashoppe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002199; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promehedinti.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200002200; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promeric-guatemal.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002201; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promerica-sv.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002202; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promericalinea01.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002203; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promo.mycorporate-rewards.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002204; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosmate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002205; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosxsiuser.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002206; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosys.poweredbygravit-e.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002207; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"protecpagurszzz.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002208; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"protect-4d56vca.surge.sh"; content:"Host"; http_header; classtype:attempted-recon; sid:200002209; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"protibimbo.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002210; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ptxx.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002211; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pubgmobilevn.mobi"; content:"Host"; http_header; classtype:attempted-recon; sid:200002212; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"publ.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002213; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"publish-p43452-e180057.adobeaemcloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002214; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"puffing.com.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002215; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pulsex-sacrifice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002216; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"puroxymembrane.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002217; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pvr0k.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002218; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pydttuxozmzjmjqxayxfxhycfr-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002219; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pyvee.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002220; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qbocd.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002221; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qevwisdfztymporlndsckabdil-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002222; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qf3nt.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002223; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qfw.tosex35238.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002224; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qhj39hfxqftr.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002225; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002226; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qiqpro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002227; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qmzza.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002228; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qomsomfin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002229; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qqqplan.co.za"; content:"Host"; http_header; classtype:attempted-recon; sid:200002230; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qsh74pekkv5e8.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002231; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qssa.x5yrlr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002232; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"quinaroja.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002233; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"quotex-qx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002234; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qwas.nfi71vw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002235; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qwea.wvhee0w.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002236; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qweas.hi5g95r.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002237; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qweas.p6rhddj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002238; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qweas.zwfaclq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002239; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"r3c31v30n3-1d3nt1ty.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002240; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabcppb.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200002241; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabellartz.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002242; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabofree.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002243; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabofree.blogspot.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200002244; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabqaud.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200002245; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rackenfordlabs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002246; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rackteamservice.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002247; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"racuten.nuef.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002248; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"radhikamd.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002249; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"radiometric-element.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002250; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raezkyu.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002251; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raipurrussianescorts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002252; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten-card.buogfbizkugf.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200002253; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten-card.bycsaxwdqunhh.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200002254; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten-card.motpefhnpvyz.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200002255; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten.potex.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002256; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuten.awjoadc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002257; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rareelements.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002258; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rasohvc.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002259; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ratanakar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002260; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ratewatch.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002261; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raycargo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002262; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raydiom.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002263; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rbcmontgomery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002264; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"re-direct-me.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002265; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"re-redirection-acc-id923872635122.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002266; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"re.macesoi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002267; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"real-anon-keep-passing-word.rvsla.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002268; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"realestate-page-10843446024.expresspestcontrol.co.nz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002269; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"realindiatravel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002270; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reconfirmpost287846656.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200002271; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recover-pages-media-problems-secur-782.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002272; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recovery-fb.secure-acct.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002273; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"red-limit-db0e.chseonlinelogins.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002274; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"redbysfrgroupebox.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002275; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"redeem-microsoft-code.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002276; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rediractionid547012016089540218057.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002277; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"redpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002278; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reg-3da7f.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002279; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reg.chaindaohang.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002280; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"regisdrive.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002281; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"register-my-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002282; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"registerdrive.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002283; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reglic.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002284; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"regularsweeps.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002285; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reignbike.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002286; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reikisadhna.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002287; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reinforcementdetail.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002288; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"relevant.systems"; content:"Host"; http_header; classtype:attempted-recon; sid:200002289; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"relicofficial.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002290; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"remittance369297292749.goshly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002291; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"renew.trusted-travelers-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002292; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"renovkonstruksi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002293; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"repl-mess.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002294; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reservatuequipoaca.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002295; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"restaurant-newport.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200002296; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"restore.exodusapp.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002297; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retadadieta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002298; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retiro-extracash.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002299; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retiro.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002300; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retrospectiveplanningenforcementwestsussex.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002301; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retrouve-particulier-mailaccord.globaltvnepal.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002302; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rev.sfr.net.gghost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002303; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"revenueonlinepayment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002304; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"review-mynew-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002305; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reviewbook.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002306; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"revistametro.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200002307; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reyyonceeeusa.diskstation.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002308; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rhasolutions-doc-signin.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002309; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rhasolutions-doc.cf"; content:"Host"; http_header; classtype:attempted-recon; sid:200002310; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rightrak.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002311; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"riptide-operation.ru.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002312; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"riptide2022.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002313; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"riveroflife.org.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002314; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rizarichempire.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002315; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rizkyinterior.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002316; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rkanet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002317; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rlink.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002318; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roadgo.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002319; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"robloxrun.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002320; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002321; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rockstarllc.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002322; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roisnoob.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002323; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rokulinktechnology.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002324; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rolinadd.surveysparrow.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002325; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rondalowa.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002326; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ronin-help.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002327; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roninwallet-connect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002328; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roninwallet.cm"; content:"Host"; http_header; classtype:attempted-recon; sid:200002329; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roninwalletsupports.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002330; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roundcube-2c46f.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002331; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roundcube-production-cf.tx1.mailhostbox.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002332; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"routeksa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002333; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"royalwindsorpub.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002334; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002335; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rplg.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002336; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002337; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"runescape-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002338; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"runescapebonds.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002339; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"runescapeevents.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002340; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ruth.martulangbelulalng.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002341; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rzjpct.square44.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002342; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s-sarfati.co.il"; content:"Host"; http_header; classtype:attempted-recon; sid:200002343; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002344; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s.macesoi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002345; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s787v.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002346; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sadervoyages.intnet.mu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002347; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"safty.summarycheck.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002348; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sagawa-exw.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002349; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saintbarkleyshoes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002350; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saitadobrasil.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002351; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saldospc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002352; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"salesfocres.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002353; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saliksnas.lojaintegrada.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002354; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"salmanfarsi01.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002355; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saludypension.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002356; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"samarahonda.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002357; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"samihalyaman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002358; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"samvoktor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002359; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sanasunty.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002360; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sandeeppk03.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002361; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sandhu.codebucketitsolutions.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002362; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sanjilkumar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002363; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sankei.lastmessage.rip"; content:"Host"; http_header; classtype:attempted-recon; sid:200002364; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sankyo-rz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002365; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sanru.cd"; content:"Host"; http_header; classtype:attempted-recon; sid:200002366; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"santepluspharma.eclatmediasolution.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200002367; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"santoshdangi.com.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200002368; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saritapariyar.com.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200002369; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"satay-secur.reconfimations.pagedisabled.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002370; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"satemi.com.ve"; content:"Host"; http_header; classtype:attempted-recon; sid:200002371; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"satonteams.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002372; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"savingsfordentalcare.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002373; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sbi.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200002374; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sbs-siebanlagen.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002375; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sca.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002376; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"scrrhkgscrrhkgscrrhkg.diskstation.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002377; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sdgvsdvsdvs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002378; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seansmith.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002379; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sebat-dhl.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002380; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sebene27.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002381; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-bellsouth-email-verifications-website.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002382; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-connection-svaa.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002383; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-connection-svag.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002384; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-connection-svai.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002385; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-connection-svaj.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002386; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-halifax-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002387; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-mobile-onlinebanking1.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002388; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-mynew-devices.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002389; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-runescape.xgm.rnp.mybluehost.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002390; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.legalmetric.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002391; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-ak.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002392; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-as.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002393; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-az.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002394; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-cl.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002395; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-co.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002396; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-cu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002397; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-cv.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002398; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-or.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002399; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-oz.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002400; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-rse.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002401; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-vs.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002402; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure01d.login.account.ketzaly.com.sv"; content:"Host"; http_header; classtype:attempted-recon; sid:200002403; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure03achasecom.salesfocres.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002404; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure300.inmotionhosting.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002405; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure303.inmotionhosting.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002406; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure55.webhostinghub.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002407; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"securegateway-ovhcloud.csl-sl.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002408; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"securelloyd-help-app.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002409; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"securipa33.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002410; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-page-community-standards.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002411; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"security.advisory.ocbc-online.banking.ocbc-singapore.ycybest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002412; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seen-pool-trout.glitch.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002413; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seguridad-bancariasoporte-tecnicobancanet3-0.webnode.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200002414; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seguridad-oca.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002415; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"selector26.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002416; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"selector28.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002417; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"selfishvibrantpiracy.scotitoursmetts.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002418; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"selimgiray.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002419; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sem.my-drs.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002420; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sen-manole.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002421; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sendo-meso.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002422; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sendung.eyecatch.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200002423; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"serapve-opro.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002424; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"serene-lederberg.107-175-240-120.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002425; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sertyxese.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002426; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"server-networksolutions.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002427; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck103.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002428; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck104.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002429; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck105.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002430; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck107.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002431; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck108.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002432; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck111.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002433; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck112.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002434; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck117.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002435; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck118.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002436; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck121.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002437; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck122.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002438; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck123.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002439; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck126.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002440; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck127.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002441; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck129.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002442; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002443; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck130.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002444; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck134.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002445; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck135.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002446; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck137.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002447; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck138.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002448; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck139.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002449; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002450; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck140.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002451; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck142.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002452; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck143.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002453; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck145.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002454; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck149.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002455; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck155.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002456; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck207.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002457; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002458; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck23.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002459; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck334.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002460; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck36.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002461; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck410.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002462; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck429.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002463; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck442.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002464; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck443.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002465; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck46.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002466; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck54.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002467; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck60.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002468; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck70.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002469; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck736.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002470; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck74.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002471; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck75.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002472; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck77.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002473; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002474; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck87.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002475; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck995.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002476; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-lkdn2020.gacconstrutora.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002477; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"serviceobs.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002478; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servicepage.service-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002479; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servicepichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002480; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"services.runescape.com-as.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002481; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"services.runescape.com-rse.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002482; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servicesbancaire.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002483; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servicesob.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002484; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"serviciosbndigitales.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002485; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servics.validationsecuradm.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002486; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servinform.quadientcloud.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002487; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"setupmynorton.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002488; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seul.unilurio.ac.mz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002489; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sevinctekstil.com.tr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002490; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sevoudryserviciobomail.dudaone.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002491; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seyyds.advisory.ocbc-online.banking.ocbc-singapore.ycybest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002492; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfc.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002493; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfex12sec.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002494; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfrpanel.lws.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002495; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfsanpara.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002496; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sgtbalde991-dot-still-dynamics-321006.ue.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002497; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shafischools.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002498; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shamajastore.co.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002499; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shanky0.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002500; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shanza.epos.com.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002501; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"share-eu1.hsforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002502; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shared-file.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002503; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sharedfax815201376.wordpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002504; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sharedtris.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002505; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sharepoint-download-9d80d.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002506; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sharepoint-download-d54df.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002507; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shayvardphoto.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200002508; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shesowavyhair.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002509; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shghf.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002510; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shinex.lk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002511; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shiye666.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002512; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shop.cmfurnituremall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002513; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shop.ewerest-stroi.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002514; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopeecoins.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002515; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shrutidhall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002516; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sidneyfcuorg.freshy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002517; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sign-trk.empressmd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002518; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002519; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"signin-payeer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002520; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"silverberrygroup.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002521; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sim1.no-replies.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002522; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"simpkk.karanganyarkab.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002523; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sindarspen.org.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002524; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"siporados15585.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002525; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sirak.se"; content:"Host"; http_header; classtype:attempted-recon; sid:200002526; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sisranchi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002527; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site-4403463-3995-6112.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002528; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site.appcompleto.dynv6.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002529; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9423623.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002530; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9423773.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002531; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9434107.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002532; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9548676.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002533; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9551459.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002534; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9552191.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002535; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9606042.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002536; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder152832.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002537; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder152851.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002538; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder152935.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002539; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder152998.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002540; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder153771.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002541; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder153911.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002542; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder153925.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002543; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitemodify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002544; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"situs-facebook-resmi21.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002545; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"situs-layanan-pemulihan4.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002546; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"situs-pemulihan-resmi0.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002547; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"six-group.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002548; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sk128.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002549; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skidropcgames.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002550; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sklepkody.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002551; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skolmozh-site.preview-domain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002552; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skradvanidance.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002553; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skybttv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002554; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skygobank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002555; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skymavis-accountupdate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002556; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skymavis.center"; content:"Host"; http_header; classtype:attempted-recon; sid:200002557; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skymavisupport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002558; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slavamel.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002559; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sleepmaskz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002560; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slickparties.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002561; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slmkufeckf.jon-jensen.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002562; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slowlinebag.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200002563; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sm777.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002564; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartfixconnect.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002565; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbc-accout.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002566; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbc-creditcard.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002567; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbc-veaiana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002568; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbc.login.soaurmansg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002569; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbcwodeqingguoshoujicojp.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002570; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smeo.org.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200002571; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smgolamalif.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002572; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smkkesehatanjember.sch.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002573; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smmsvocal.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002574; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sms-bns.2ooi.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002575; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sms-shorter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002576; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsenligne.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002577; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsorangephonemail.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002578; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsorangesmsmessage.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002579; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smspccpa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002580; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smss-mms.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002581; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsverificationmms.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002582; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smwam.coms.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200002583; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"snowy.martulangbelulalng.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002584; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"snrsystem.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002585; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soaringskiesrentals.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002586; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soci-molen.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002587; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"socialpinch.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002588; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sofe-firma.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002589; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soft-cell-8148.updateloginprogram.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002590; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soft-grass-1edd.acc-update.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002591; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sognointerno.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002592; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soladsnft.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002593; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"solicitarfirmaelectronica-sv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002594; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"solorecovery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002595; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"solyanayakomnata.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002596; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sopac.org.py"; content:"Host"; http_header; classtype:attempted-recon; sid:200002597; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"souaxwaoh.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002598; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soude-masi.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002599; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soufsont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002600; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soulocaredirect.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002601; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soumya252000.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002602; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sounddirections.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002603; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"souravtech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002604; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-hardy-magpie-334101.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002605; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-manifest-design-330523.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002606; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-my-project-90086352.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002607; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-noted-minutia-330211.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002608; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sp39987.sitebeat.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002609; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sp477389.sitebeat.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002610; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sp701876.sitebeat.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002611; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spacemanagerent.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002612; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spark.shaheenwrites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002613; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sparkasse-vereinsbanken.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002614; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sparxinteriors.co.zw"; content:"Host"; http_header; classtype:attempted-recon; sid:200002615; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"specialnotice.pricesamazonlogincard.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002616; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spectrumstorageaccess.yahoosites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002617; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spentamultimedia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002618; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spidertvapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002619; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spirit.gtwozone.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002620; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spk-entsperren.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002621; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spk-secure-de.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002622; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sport.protected-secur.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002623; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sportshoes.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002624; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sportybetpremium.wapka.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002625; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spring-pond-62c4.autocreative.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002626; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spring-pond-62c4.autocreative.workers.dev#eimaste@stinpriza.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002627; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sprw.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002628; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"square64.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002629; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sr.maseori.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002630; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"srisritextiles.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002631; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"srvr-cloudmail-srvr5s5wd3.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002632; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ss.myjaeob.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002633; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ss.myjmscb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002634; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssdaz.sqqaepr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002635; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssdjhfierlerkmdjsiehomw.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002636; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sse.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002637; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssia.org.sg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002638; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssl.dsl.isl.mll.2kdkex.ravishamrah.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200002639; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssl.dsl.isl.mll.aqmst6.stockestan.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200002640; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sso-garena.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002641; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sswebmail-4w5twsr.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002642; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stage.vannaryfowler.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002643; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"staging.eliteautomotive.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002644; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"standardupdatesupportandhelpcenter2021.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200002645; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"staratlas.world"; content:"Host"; http_header; classtype:attempted-recon; sid:200002646; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starforsure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002647; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starliker.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002648; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starrcanvas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002649; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starsoftheindustry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002650; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starttsboxfile.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002651; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"static-promote.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002652; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"statues.mikaa5.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002653; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stclarechurch.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002654; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steamcommunites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002655; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steamncommuunniity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002656; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steampoweredtrades.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002657; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stephenmain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002658; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemadden-sverige.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002659; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemaddenbutik.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002660; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemaddenserbia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002661; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemaddenshoe.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002662; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevencrews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002663; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stgrp.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002664; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"still-star-c948.updatelogaccountprogramedrfwerwrdhsjy.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002665; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stimulus-claim.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002666; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stimulus-funds.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002667; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stjohnmarol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002668; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stjudes.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002669; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stock.mipowersite.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200002670; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stolizaparketa.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002671; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stollgroup.coms.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200002672; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"storage.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002673; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"storenike365.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002674; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stranfaoussa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002675; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stuartsfiddles.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002676; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"studio-lol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002677; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stupefied-bell-71d6f6.netlify.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002678; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stylifehomedecors.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002679; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stz-fmba.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002680; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"submit.irs.mnageaccnt-id-765535234.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002681; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"submit8099.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002682; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"successgroup.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002683; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sucuvirtcolba.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002684; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suelunn.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002685; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suiviticket.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002686; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sultan-raza.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002687; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"summary.dentyraworld.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002688; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sumpandtankcleaners.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002689; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunbeltfp.ibrali-foundation.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002690; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunbeltmembers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002691; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suncity-ye.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002692; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunge-ode.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002693; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunshineteam.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002694; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"super-dawn-3035.ddahluwalia.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002695; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"supermilhas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002696; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"supotsstunes.servehttp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002697; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"supp-mey-web.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002698; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suppliers.bitshepherd.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002699; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-axiewallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002700; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-dapps.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002701; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-parcel-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002702; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-verify-mydevices.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002703; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support.io-php.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002704; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"supportpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002705; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"survey18-aws.surveycenter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002706; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"survey18-aws.toluna.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002707; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suspend-metamask.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002708; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suumc-one.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002709; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"svelte-kdy6dk.stackblitz.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002710; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swanholm.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002711; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swap.elena.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002712; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swappauto.staging.lcsolutions.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200002713; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sweet-carson.34-125-14-205.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002714; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swisscom.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002715; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swisscomag.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002716; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sxb1plvwcpnl489779.prod.sxb1.secureserver.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002717; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"synaxisreadymix.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002718; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncdappconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002719; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmultidapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002720; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"syr.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200002721; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sysm5rn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002722; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"szfzxvzds.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002723; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taher-mohamed-ahmed-saad.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002724; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taoistw345ie.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002725; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tarik-fitness.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002726; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tarjeta-presentacion.ibox.red"; content:"Host"; http_header; classtype:attempted-recon; sid:200002727; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tax-irsgovservice.serveftp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002728; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taxcare.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002729; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taxopus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002730; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tb915hdh89.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002731; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tby.eb-sites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002732; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tcaconnect.ac-page.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002733; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"team-help-page-identity.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002734; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teamgameswild.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002735; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teamgoogle125590.psee.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200002736; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teamomni4life.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002737; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tebapit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002738; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tecmachine.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002739; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tecnominproductos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002740; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tedhostedhostedhos.diskstation.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002741; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teekitstorage.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002742; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tejalashikaindiagrocery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002743; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"telecredutobcp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002744; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"telegramsecurityhelp.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002745; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tellmeliu.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002746; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"templat65sldh.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002747; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"temporary-url.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002748; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"terpelsicumple.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002749; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.bayoucitybadges.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002750; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.bitflye87.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002751; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.dxbproductions.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002752; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.webclient4.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002753; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"texasfreedomrun.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002754; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tgpafasfsakkk.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002755; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theaceofspaeder.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002756; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theapexstoneindia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002757; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theavon.co.zw"; content:"Host"; http_header; classtype:attempted-recon; sid:200002758; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thebakeshop.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002759; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thebeachleague.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002760; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thechillipicklecanteen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002761; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thedecorindia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002762; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thedom.kg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002763; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theinsaneworkoutprogram.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002764; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theironinnparlour.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002765; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theneontree.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002766; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thepointcj.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002767; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thespiritualtransformation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002768; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thetimecenter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002769; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thomasdentalcentre.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002770; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"three-retail-live.devicetradein.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002771; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tight.zone"; content:"Host"; http_header; classtype:attempted-recon; sid:200002772; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tikitaps.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002773; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tipografieonline.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200002774; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tirozhjewelry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002775; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"titelinedrillingintl.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002776; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tktrailerparts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002777; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tlatx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002778; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"to-ken.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002779; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"toanhoc247.edu.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002780; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"toddler-town.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002781; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tongdaiviettelbienhoa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002782; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tooljerejin.airsite.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002783; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"top10songsnews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002784; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"topearnersafrica.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002785; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"topskills.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002786; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"torccolborrachas.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002787; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"touchidea.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002788; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tovowhuqeojweawmubmaqmqlv.hofferflow.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002789; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tpayleboncoin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002790; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tplex.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002791; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"traders-joesxyz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002792; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tradeswarehouse.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002793; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"train-and-ride.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002794; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trams.mot.go.th"; content:"Host"; http_header; classtype:attempted-recon; sid:200002795; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"triangarena-membership.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200002796; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tribratanewsbondowoso.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002797; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tribunbalikpapan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002798; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"truegrip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002799; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustinpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002800; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustpress.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002801; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustwalletdesk.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002802; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustypichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002803; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trwes.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002804; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"turntekcnc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002805; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"twitch-rust.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002806; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002807; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"typedream.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002808; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"typesmartlyocr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002809; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tyrecentre.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002810; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u18741649.ct.sendgrid.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002811; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u24244477.ct.sendgrid.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002812; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u827857uw6.ha004.t.justns.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002813; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ualsemantic.dualsemantics.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002814; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uat-hsbc-membersite.podiumrewards.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002815; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ucbonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002816; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ug7jv.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002817; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhasd.au6bu8m.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002818; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhdss.xkrx0o.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002819; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhfddsa.t0xpo42.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002820; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhhd.rox847t.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002821; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhhff.cnza7b8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002822; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhna.5m4zhvd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002823; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnas.ib8b40d.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002824; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnca.yrk1du9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002825; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhncd.g7ug14s.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002826; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhncd.n26k1al.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002827; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhncda.xmilwwp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002828; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhndd.9943s82.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002829; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhns.mxyzy7i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002830; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnsa.sdmpo0s.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002831; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnxa.d23xsru.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002832; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnxa.q83itv9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002833; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnxas.rvw56l.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002834; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujcd.um2nlru.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002835; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujdaa.fn3m4en.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002836; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujds.5e8tn13.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002837; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhca.nld5y8t.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002838; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhca.oioqmsh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002839; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhca.xsevdat.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002840; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhcd.8burgvo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002841; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.21k0qik.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002842; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.c0c4m46.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002843; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.j419kr0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002844; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.kdsiuuc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002845; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.zkshmxt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002846; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhdca.mdwclcb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002847; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhdd.cotf8p5.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002848; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhf.m45h2q0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002849; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhff.nkxefqp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002850; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhs.o2klowf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002851; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujnca.wxuqxb7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002852; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujnca.zgbo0g.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002853; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujncd.kzi68ra.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002854; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujncd.lw2djbm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002855; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujnxas.vj135ih.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002856; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ukcare.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002857; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"umbrellaclubla.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002858; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unam.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002859; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unbxa.byjmcpy.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002860; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"undefinedtrack.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002861; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unga.c76sioq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002862; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniassessoria.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002863; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unicreditaustria.ucs.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002864; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unifacema.edu.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002865; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unifiedsmartsync.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002866; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unionheightsresidental.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002867; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unisons.store"; content:"Host"; http_header; classtype:attempted-recon; sid:200002868; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unisonsouthayr.org.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002869; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.bike"; content:"Host"; http_header; classtype:attempted-recon; sid:200002870; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200002871; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.com.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002872; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.openwallet.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002873; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002874; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.seal.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002875; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.token.im"; content:"Host"; http_header; classtype:attempted-recon; sid:200002876; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.trading"; content:"Host"; http_header; classtype:attempted-recon; sid:200002877; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.v2.testnet.pulsechain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002878; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswapfinancing.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002879; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswaps.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002880; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitedalliance-online.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002881; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitus.mk.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200002882; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"universidadsanjuan.ac"; content:"Host"; http_header; classtype:attempted-recon; sid:200002883; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unnca.bbh672u.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002884; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unnxa.pqpchqo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002885; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unpocodearte.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002886; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unregpayee-lb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002887; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unsub.listhandlr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002888; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"upbeat-lamarr.172-245-185-136.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002889; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updateinfo-billingo2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002890; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updateseason.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002891; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatestory2022.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002892; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatevoda-billing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002893; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"upgrade-25gb-email.thecornerstudio.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002894; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uploadpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002895; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uploads.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002896; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uppledpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002897; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"urgent-halifaxlogin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002898; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"url.m1n.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002899; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"url.xcode.no"; content:"Host"; http_header; classtype:attempted-recon; sid:200002900; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"urlzp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002901; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"userboitevocalweb.flazio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002902; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"userinformationstoreupdatesmail.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002903; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"usfn.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002904; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uspso.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002905; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"usuariosunicos.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002906; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uswowgame.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002907; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"utente-mps-sicuro-com.preview-domain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002908; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"utkalmerchandise.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002909; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uueer.7jgy5xe.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002910; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uuid-validation.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002911; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uukx0h0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002912; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uuy7.amazooznza.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002913; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uyhnxx.urpzkva.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002914; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uyqw.dykowec.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002915; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uz154.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002916; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"v.myjmscb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002917; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002918; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vaccine-status-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002919; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vaiddzed.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002920; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"valax-wallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002921; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"valenciaoptometry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002922; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"valenteplay.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002923; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"validacionpichincha.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002924; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"validate-solana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002925; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"validator-fzkiy.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002926; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vallion.motiffliterature.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002927; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vcz.gmoqkzu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002928; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"velvish.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002929; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vendorcentral.amazon.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002930; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ventas.lnterbarnk.pe.vortexoutdoorcenter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002931; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"veri-pichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002932; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verificacion-cuenta-1-9ea2e1.ingress-comporellon.easywp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002933; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verification.fb-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002934; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verificationmessage.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002935; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifikasi-akun-anda0011.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002936; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifikasi-akun-facebook0022.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002937; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifocaoffa.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002938; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vgiuhkjnm.b9u6vh5l7g1797.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002939; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"victorarath99.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002940; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"videobigo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002941; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vietlime.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002942; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vietschi.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002943; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"viettel-com-dot-c2c01-531c7.uc.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002944; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"view.cykdlln.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002945; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"viguohilkasdsd.izwe6g6lyc.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002946; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vilaanimalviana.pt"; content:"Host"; http_header; classtype:attempted-recon; sid:200002947; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002948; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vinivet.mk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002949; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vinted-pl.567791.space"; content:"Host"; http_header; classtype:attempted-recon; sid:200002950; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vioekavpaeass.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002951; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vip9-grub-53.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002952; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vipfbtools.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002953; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"virginia-spi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002954; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"virtual1dattss.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002955; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vis-stort.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002956; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"visione.co.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002957; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"visionproperty.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002958; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vk-babyyss-gerlls.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002959; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vk-golosvanie.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002960; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vk-vhods.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002961; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vkjbm.4nt4nb464e6113.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002962; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vodaupdatepayment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002963; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"volvocarskc.us1.list-manage.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002964; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vps56290.servconfig.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002965; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vqed.5xcv81zrx0530.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002966; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vqwd.soboja1994.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002967; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vr-banking-app.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002968; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vr-system98622.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002969; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vtekllc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002970; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vtxmail2018.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002971; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vugik.mecil33784.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002972; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vv.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002973; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vvpaes-me-index.egvtpp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002974; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vvvvv.barndoorreflections.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002975; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vxcas.a35570.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002976; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vxdse.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002977; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"w2.deraya.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002978; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"w3wwvoeapeoss.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002979; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud"; content:"Host"; http_header; classtype:attempted-recon; sid:200002980; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wahed-koudsi2001.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002981; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walkers-dot-composite-store-326315.uk.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002982; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walldesign.com.tr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002983; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet-connect012.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002984; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet-moonriver.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002985; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet-reconnection.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002986; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet.silesiacoin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002987; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletconnect-tool.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002988; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletconnectonline.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002989; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletconnectors.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002990; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletconnecttbot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002991; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walleterrorsupport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002992; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletfixdapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002993; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsconnex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002994; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsliveconnects.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002995; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsynclive.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002996; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletvalidation.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002997; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletvalidators.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002998; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wana78420.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002999; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wangluofuwu.webnode.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003000; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitffybtcer.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200003001; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitffybtcer.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003002; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitflyer.plus"; content:"Host"; http_header; classtype:attempted-recon; sid:200003003; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitflyer.venus.kim"; content:"Host"; http_header; classtype:attempted-recon; sid:200003004; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.btcffybtcer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003005; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"warbonus.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003006; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"warningshadows.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003007; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"warsa.bandungkab.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003008; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wasites.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003009; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"we-exodus-wallet.yahoosites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003010; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wealthpathbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003011; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-armas.royale-freefire1garena-bonus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003012; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-b4119.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003013; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-e1f6d.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003014; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-exoduss.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003015; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-f6612.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003016; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-ml01.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003017; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi01.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003018; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi02.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003019; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi03.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003020; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi04.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003021; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi05.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003022; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi06.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003023; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web.bredbanque.trans.sylog.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003024; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web.royale-freefire1garena-bonus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003025; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webb-irs-gov-us.third-payment-assistance-funds.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003026; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webbbb.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003027; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webbl.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003028; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webdappsconnection.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003029; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webdatamltrainingdiag842.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003030; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webdesecure.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003031; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webdisk.salesfocres.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003032; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webip.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003033; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail-1.amidatakahashi.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003034; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail-2aaa0.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003035; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail-sso8uyg.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003036; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail.desguacesboyaca.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200003037; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail.gourmer.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003038; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail.login.access.docs67.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200003039; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail.salesfocres.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003040; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmailadmin0.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003041; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmailstoragesrvr4567-supportdev.codeanyapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003042; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webpres.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003043; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webregular.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003044; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"websitefun.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200003045; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webstories.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003046; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webvalidity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003047; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"westmountjka.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003048; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"weteachbh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003049; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wetransfer-file-aprof.matteoaa.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003050; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"whare.100webspace.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003051; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"whatsaapindohhtir.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003052; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wheelsofmercy.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003053; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"whitelist-network.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003054; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"widadkamillah.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003055; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"windstream-net.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003056; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"winville.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003057; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wireconfirmation68c10a25442a3e13.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003058; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wires-business-starter.webflow.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003059; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wirtschaft.baesweiler.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003060; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wizmi.service-now.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003061; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wkazisan.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003062; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wkdyujin.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003063; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wlomajpo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003064; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"womancreatorofman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003065; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"woofle.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003066; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"workprotocoles-com.webs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003067; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wp-login.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003068; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wpastudio.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003069; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wpsoar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003070; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wqass-index.pygbw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003071; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wteeoq.pfinanceiro.com.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003072; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wusioqsio.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003073; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww.lnterbank.pe.personas.aaseguros.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200003074; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww.lnterbank.pe.personas.onlinesocket.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003075; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww16.inpost-pl-3dsecure.clear-id.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003076; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww16.olx-pl-3dsec.id-95161.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003077; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww2.interbankokc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003078; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-cursosdigitalesmx-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003079; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-degelyehuda-org-il.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003080; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-europe564598-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003081; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-europessign-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003082; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-key-com.test.edgekey.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003083; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-mufg-jp.handicraft.ltd"; content:"Host"; http_header; classtype:attempted-recon; sid:200003084; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakuten-card.co.jp.wzsrc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003085; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www3.lejournaldugrandparis.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003086; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www3.plenainclusion.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003087; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wwwbancapor1ntelnet-interbark.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003088; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wwwbancaporintelnet-interbark.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003089; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"x.macesoi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003090; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcas.xoh29oz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003091; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.7vo6bt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003092; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.b204uje.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003093; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.tcbjnhq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003094; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.yikn2gd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003095; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcbxcdhree.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003096; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcryptocars.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003097; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcvdsd.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003098; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xempormax.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003099; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xhgs.epgegxj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003100; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xiajs.0dow0l.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003101; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xid-human-validation.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003102; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj333.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003103; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj33s.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003104; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj33w.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003105; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj3pr.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003106; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj45g.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003107; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj45o.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003108; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj4og.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003109; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xjmr7.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003110; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xjpyyds.pem4yp3.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003111; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xkljfg.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200003112; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xlls2321.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003113; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--gmal-sya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003114; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--ingenieurbro-eversmeier-lpc.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003115; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--ltappen-80a.se"; content:"Host"; http_header; classtype:attempted-recon; sid:200003116; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--metamsk-lwa.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003117; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--rpondeur-sfr2-bhb.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003118; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xnasd.wyhsosj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003119; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xsbrookshhjx.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003120; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xtio.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200003121; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xtw42.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003122; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xuongsanxuatduquangcao.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003123; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xx.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003124; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xxaas.tp00jv9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003125; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xxasd.sf29hrg.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003126; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xxcbxc.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003127; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xxx-com-dot-c2c01-531c7.uc.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003128; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xzasd.uz64g3.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003129; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@asdxa.p2x11pi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003130; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@bghgcd.psuxscm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003131; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@bhgxa.eo76sni.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003132; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@cdas.nxzigco.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003133; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@cxasd.easghbl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003134; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@hghgda.erjl0hx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003135; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@inna.cedymll.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003136; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@jhdd.fjcslad.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003137; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@kjhdda.tetfeec.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003138; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@lkjds.nlmwjta.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003139; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@nhbcda.g4g5mgc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003140; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@poklsa.slodddz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003141; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@qweas.p6rhddj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003142; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ssdaz.sqqaepr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003143; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@uhncda.xmilwwp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003144; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@uhnxa.q83itv9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003145; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ujdaa.fn3m4en.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003146; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ujds.5e8tn13.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003147; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ujhdca.mdwclcb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003148; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@uyhnxx.urpzkva.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003149; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@zxas.2nd0g8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003150; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@zxass.jbkyj0o.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003151; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahuomall.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003152; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yairix.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003153; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yalena.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003154; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yamashita-seitai.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003155; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yaqoobi.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003156; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yatout-tt.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003157; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yayanti.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003158; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ybdaa.oqsgm9r.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003159; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ybggd.fjgjoux.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003160; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yellow-surf-7b04.voiceovermade-today.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003161; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yerelyonetim.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003162; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ygbda.ffeufka.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003163; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ygnuhmygnuhmygnuhm.diskstation.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003164; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhbca.pfs8ylv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003165; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhbndd.ryyswjn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003166; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhcd.gabprnx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003167; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhddf.vtf23ic.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003168; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhdff.iw6fwu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003169; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhnbd.5u3z9i2.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003170; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhncd.3ycuxr1.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003171; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yiaswqjdtcyeqpvyqthijepeai-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003172; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ykyevmqxaktnfgrtuufymkhnce-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003173; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yma1ll0g0n.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003174; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ynbgdc.woprkzp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003175; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ynbxa.pvgulkz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003176; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yndda.m117s1s.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003177; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yogeshwarwiremesh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003178; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"youknowar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003179; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"young-snow-7447.tcheviron5269.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003180; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yumpai.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003181; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z.myjmscb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003182; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003183; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z0massegurabclp1.shreeramwoodindustries.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003184; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z2qje.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003185; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zackselectronics.co.zw"; content:"Host"; http_header; classtype:attempted-recon; sid:200003186; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zaktualizacja-platnosci.netfxtv.co.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003187; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zapaleta.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003188; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zasd.yhxmd30.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003189; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zb2-home.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003190; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zealous-kilby.23-95-231-131.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003191; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zenvinyl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003192; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zepe.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003193; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zepeapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003194; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zeroquiz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003195; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zgyyds.mm5p1ch.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003196; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zgyyds.nebl4zw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003197; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zhrmghgyyds.h0tlexl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003198; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zjzj6688.yihang.ren"; content:"Host"; http_header; classtype:attempted-recon; sid:200003199; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zmpcoaca.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200003200; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zmpcoacu.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200003201; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zmpcoado.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200003202; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"znemail.youxiangdashui.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003203; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zoho-online.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003204; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zoho-validationserv.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003205; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zonmca.hxljatvw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003206; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxas.2nd0g8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003207; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxas.hs0rgq8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003208; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxass.jbkyj0o.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003209; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcas.ywqfz8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003210; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcaspx.aghwlup.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003211; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcnash.seufhsk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003212; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcod.01l241.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003213; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcuashs.e0n0gh5.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003214; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxnahs.3cze6ri.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003215; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zytcjdkcan.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003216; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/comcast/xfinity.php?d1193169ba22c33594765d16035661b1=&\;email=a@a.c&\;.rand=login.xfinity.com.aspx"; http_uri; nocase; content:"0333fa5.netsolhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003217; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login/iframe-page2.html"; http_uri; nocase; content:"045a3c0.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003218; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login"; http_uri; nocase; content:"048d7b4.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003219; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login/"; http_uri; nocase; content:"048d7b4.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003220; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ads/c/"; http_uri; nocase; content:"108ideashop.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003221; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbva/592cf4/425bdbd3-91cf-4e9f-9498-7a06b3ad75ec/?test=1"; http_uri; nocase; content:"28ecne20f9u.securetnet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003222; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/exros/fite/bizmail.php?email=&.rand=13vqcr8bp0gud&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1"; http_uri; nocase; content:"360hotelresort.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003223; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/3rdst/8-login-form/"; http_uri; nocase; content:"3rdstreetmarket.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003224; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/openpc/directlogin.do"; http_uri; nocase; content:"a-q-f.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003225; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?passive=1209600&continue=https://sites.google.com/view/viewbill-bt-1/bt&followup=https://sites.google.com/view/viewbill-bt-1/bt"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003226; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/1lordman1man3/oscman2.html&followup=https://storage.cloud.google.com/1lordman1man3/oscman2.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003227; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html&followup=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003228; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html&followup=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003229; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html&followup=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003230; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm&followup=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003231; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/en/bellcocreditunion/"; http_uri; nocase; content:"admin.fifoundry.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003232; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2005/03/colourful-life-of-aij.html"; http_uri; nocase; content:"aijcs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003233; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ion"; http_uri; nocase; content:"alconexport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003234; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ion/"; http_uri; nocase; content:"alconexport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003235; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-content/themes/10/"; http_uri; nocase; content:"alinachopra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003236; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/our/ourtime/ourtime.html"; http_uri; nocase; content:"ambrosecourt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003237; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/njk/25_40_24_5e_40_26_40_26_28_29_23_23_5e_23_24_26_5e_25_26_40_5e_28_23_26.html"; http_uri; nocase; content:"ams3.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003238; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jps/webmail_reset.htm"; http_uri; nocase; content:"anekaslot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003239; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/"; http_uri; nocase; content:"api-freewallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003240; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oexchange/0.8/wrap/opengraph?url=ahr0chm6ly93zxetnmrlodiud2vilmfwcc8znzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxi5lze1lziwmjeznzg1mjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxiznzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu0znzg1mjf3zwjtyxn0zxi5lze1lziwmjfjdw5plmn6nto1nibbttm3oduymtu6ntygqu13zwjtyxn0zxiznzg1mjejd2vibwfzdgvyqgn1bmkuy3o="; http_uri; nocase; content:"api.addthis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003241; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/b9fu9axf9rcv7bhjp80fpcm8zna5wcwi"; http_uri; nocase; content:"app.box.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003242; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/x6agocx9zvj049azirk4aw3xrqdedqhl"; http_uri; nocase; content:"app.box.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003243; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/ymr0ltw3hmn8icxebz16gjhcyhqa49w4"; http_uri; nocase; content:"app.box.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003244; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/public/form/xlfe4rw2"; http_uri; nocase; content:"app.pipefy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003245; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6dfhh1yrol"; http_uri; nocase; content:"appurl.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003246; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsmho6dyl-"; http_uri; nocase; content:"appurl.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003247; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wywajnlbtl"; http_uri; nocase; content:"appurl.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003248; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/secure_wellsfargo/"; http_uri; nocase; content:"aspiresevent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003249; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/at&t/"; http_uri; nocase; content:"att-yahoo.meculinkvolt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003250; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"azeioaz.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003251; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/index.html"; http_uri; nocase; content:"baovesusonglcxt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003252; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/listeners/ae/n-nv6588123/ae/ae/verify/sms.php"; http_uri; nocase; content:"bardaiconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003253; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"baritasonte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003254; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fr3kf"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200003255; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/frxsz"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200003256; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fs7cb"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200003257; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fs8cx"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200003258; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fsf6l"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200003259; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftaas"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200003260; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftbbt"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200003261; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftdea"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200003262; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zgfove"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200003263; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ijwsm2"; http_uri; nocase; content:"bit.ly."; content:"Host"; http_header; classtype:attempted-recon; sid:200003264; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2iz03nf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003265; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2kduy2u"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003266; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2nog4ow?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003267; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2nwrbgj"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003268; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2oq6dhz"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003269; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2p28z0h"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003270; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2q7fcpg"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003271; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2uwvcnh"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003272; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2vuwbzk"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003273; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2wqlrea"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003274; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zaee65"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003275; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zejaht"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003276; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zomh31?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003277; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/30ceyfq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003278; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/30dwddq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003279; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/30vy89r"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003280; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/319qtui"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003281; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/31cwtqd?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003282; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/31d3mp6?facebook_service"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003283; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/31xebzq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003284; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/32xotak?l=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003285; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/33ipjf7"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003286; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/33pcwtj"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003287; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/34mhgdg"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003288; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/37r8zo3"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003289; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/38xmo4d"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003290; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/392hszz"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003291; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3aetm80"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003292; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3afo6kx"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003293; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3an4lcn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003294; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3aqvwmn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003295; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bdkpfx?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003296; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bmjhx1?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003297; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bq4stv?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003298; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bsgkin"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003299; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bvwofv?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003300; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3c7nozm"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003301; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ca8owp?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003302; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cahvv5help-center-notice-comunity"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003303; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3clopj4"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003304; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cpqerq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003305; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cvl6ir"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003306; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3czqfzo?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003307; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3d7ezub?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003308; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3dj0r1p"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003309; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3dky0ds?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003310; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3e3wjwp"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003311; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3eeiwqv"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003312; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ego3xw?redirect=system"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003313; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3eoqvcn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003314; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3eptccr"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003315; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3exbeuu?i=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003316; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fb9f8f"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003317; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fd8key"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003318; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fk3blu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003319; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fmvby5?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003320; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fyg9rf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003321; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3guiinq?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003322; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gxztog"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003323; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gyfnlm?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003324; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gymrhg"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003325; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gynfuc"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003326; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3hvucnu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003327; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3hwhrlr"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003328; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3i8tjul"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003329; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jow35g?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003330; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jqfusj?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003331; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jqmbfu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003332; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jsnadf?i=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003333; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jvodhm?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003334; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jxszq1?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003335; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3k2aaqc?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003336; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kdifqr"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003337; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kqhnr0"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003338; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kueruz"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003339; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kxfgbu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003340; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3l4jpqg?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003341; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ldovbh"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003342; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3lgmoqh"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003343; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mgij5v"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003344; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mkihc9"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003345; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mrtcap"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003346; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mryk6q"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003347; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mvat1h?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003348; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mwnmia?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003349; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3nddkta"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003350; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3nkpgzq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003351; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3nvr2mn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003352; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3phrfct"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003353; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3pqid6z?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003354; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3qc8jtv"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003355; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3qplrme"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003356; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3r49apq?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003357; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3r8xxmg?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003358; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rd3dgx"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003359; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3reovvv"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003360; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rkzqb5"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003361; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rucafb?confirmations"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003362; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rvdpnz"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003363; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3s7gmhf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003364; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3sdxkuf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003365; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3tkk6kn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003366; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3tks2um"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003367; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3tzc89x"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003368; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3vtbyq5"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003369; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3vyh0x9"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003370; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3w8ru6g?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003371; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3wb6m3i"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003372; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xhfy9m?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003373; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xkuef1?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003374; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xrdvez?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003375; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3yatzv9?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003376; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3zbrsmk?|=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003377; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bancamps-web"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003378; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/click-confirm"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003379; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/coinspot-claim-bonus"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003380; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/community-details"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003381; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/confirm-click"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003382; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/edoardopolaccoufficiale"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003383; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i-13orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003384; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i-14orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003385; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/id-lockpages"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003386; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/id-locksystem"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003387; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/info-details-notification"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003388; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ip13-orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003389; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ip14-orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003390; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lrs-gov1"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003391; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/main-pages"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003392; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mr-pin"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003393; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id13"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003394; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id2"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003395; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id3"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003396; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id4"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003397; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page-infromation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003398; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pandemicreliefpackage"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003399; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/policy-pages"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003400; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/portale-mps-attivazione"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003401; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/recoveryform"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003402; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/verifikasipemblokiran_id"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003403; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#/"; http_uri; nocase; content:"bitflyertt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003404; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2p3bbbs"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003405; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3aolo2y"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003406; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bqoevf"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003407; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3g1epw3"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003408; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jrtmmu"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003409; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3koilft"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003410; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xmjxs4"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003411; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dnklsosfgaa"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003412; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/taxirsxcy"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003413; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nlwp"; http_uri; nocase; content:"bitly.ws"; content:"Host"; http_header; classtype:attempted-recon; sid:200003414; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/en/wallets/"; http_uri; nocase; content:"bitwayconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003415; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/accounts_blackbearcc_co_uk/_layouts/15/onedrive.aspx?id=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments%2fngb%20urgente%20substanti%c3%able%20update%20%5f%20voorstel%2epdf&\;parent=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments&\;originalpath=ahr0chm6ly9ibgfja2jlyxjjy2nvdwstbxkuc2hhcmvwb2ludc5jb20vomi6l2cvcgvyc29uywwvywnjb3vudhnfymxhy2tizwfyy2nfy29fdwsvrve5as01b19mukjbcutzeunhv3eznw9ccfbtmze3b2fsrnrgnhpzuenbvlfiqt9ydgltzt1tqjzyquroodjvzw"; http_uri; nocase; content:"blackbearcccouk-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003416; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sella/info.html"; http_uri; nocase; content:"bluehorse.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003417; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"bombomsafar.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003418; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?aplicar"; http_uri; nocase; content:"bonomequedoencasa.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003419; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s9x"; http_uri; nocase; content:"bpl.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003420; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2r9pyocy"; http_uri; nocase; content:"bre.is"; content:"Host"; http_header; classtype:attempted-recon; sid:200003421; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/7fde14dcc130f933dfa5c0283d776eb9/?user=&\;_verify?service=mail&\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003422; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b/?user=&\;_verify?service=mail&\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003423; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b?user=&\;_verify?service=mail&\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003424; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8/?user=3d{{email}}&\;_verify?service=mail&\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003425; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8?user=3d{{email}}&\;_verify?service=mail&\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003426; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710/?user=&\;_verify?service=mail&\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003427; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710?user=&\;_verify?service=mail&\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003428; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/fcc3a33269bb5f281754c49ab86c3d4e/?user=3d{{email}}&\;_verify?service=mail&\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003429; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/files/1/0533/5367/6992/t/3/assets/home.html"; http_uri; nocase; content:"cdn.shopify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003430; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/index.php?option=com_content&view=article&id=67"; http_uri; nocase; content:"centromedicoviladomat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003431; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post_12.html"; http_uri; nocase; content:"chronopostvalidation.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003432; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/proxy/rdh-rjsrv9zzrx57iscgov74o1gka4qjdfj01qr7v8-pkjgyvn50tivt7pzqgm5kuqdmonqle3f8eq_t8f4xl6jdozabmf2lxy-888ai8hdji633rg"; http_uri; nocase; content:"ci3.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003433; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/proxy/djc3ckf7jcnj8l0duyaqyjwffeskzbccy9spjiauj_jwrplgw0ahyaf1xozvm6n_fjn8q1-2vkhqqujjr1en3qej703lyxxujt6tto-ttwsl6hgsggp3ehcc"; http_uri; nocase; content:"ci4.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003434; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/proxy/zjba9cvtmkfnoveyofx6gqong0kqi3s69d9o2y32fmu_gankb59tj-rb79bolx0bwbsemnonfhh2esy9olfdp-20gybztkzstfhfheqrrjuefxwiwkqws29wxm6tdobikwz-qkzfphpaldfr"; http_uri; nocase; content:"ci4.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003435; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yc8bd&post=665308711_37&cc_key"; http_uri; nocase; content:"clck.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003436; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yzuft&post=665308711_32&cc_key"; http_uri; nocase; content:"clck.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003437; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?qs=6541641088c869552ced792d84ee93eabf075e23cd5eba83a7d07a40ad9cf2ce36c931984719b9df7de658999defbc87f999ec46970a0280"; http_uri; nocase; content:"click.message.fruit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003438; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/link/c/yt0xody0njqxnjqxmdm4ndg2ndywjmm9atbwmszlptamyj04nzayote2nzemzd1vnwo5atlp.-qcenabkw4a63rezdnd8qyyy2wyjhokkikl1p9qk8ji"; http_uri; nocase; content:"click.mlsend.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003439; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/link/c/yt0xodyznjq5mdkznjqxodm2nzm0jmm9zdf0mizlptamyj04njkzmzqxnzkmzd1lnhg0ctbu.kl4nnqlbcfy0qozwbuw9fh0iar3wkkppcwmuyedtzjy"; http_uri; nocase; content:"click.mlsend.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003440; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#moreinfo@widomaker.com"; http_uri; nocase; content:"cloud-dot-chaser-331005.uk.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003441; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/paste/c4tl1sfout2tbkhn5810/raw"; http_uri; nocase; content:"codepasta.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003442; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/secure01/"; http_uri; nocase; content:"colchoesportugal.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003443; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#investor-relations@cyient.com"; http_uri; nocase; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003444; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?!=%25_col_email%20address_%25"; http_uri; nocase; content:"community-die.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003445; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:b:/g/personal/infonoreply_communitychurch_tv/eburrky2tklimiiiqf0ia5kbbhkaxaypf06-08wf9wjebq?e=w5jmrb"; http_uri; nocase; content:"communitychurch-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003446; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/discounts_services/writing/loginform2d0e.php"; http_uri; nocase; content:"confabint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003447; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/crop/cm"; http_uri; nocase; content:"createchsoft.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003448; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003449; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003450; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418&\;email=jackdavis@eureliosollutions.com&\;fid=1&\;fid=4&\;rand=13inboxlightaspxn.1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003451; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003452; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&\;"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003453; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&\;amp"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003454; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003455; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&\;fid.4.1252899642&\;fid=1&\;fav.1&\;rand.13inboxlight.aspxn.1774256418&\;fid.1252899642&\;fid.1&\;fav.1&\;email=&\;.rand=13inboxlight.aspx?n=1774256418&\;fid=4"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003456; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&\;fid.4.1252899642&\;fid=4&\;fav.1&\;rand.13inboxlight.aspxn.1774256418&\;fid.1252899642&\;fid.1&\;email=jsmith@imaphost.com&\;.rand=13inboxlight.aspx?n=1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003457; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct?email=jackdavis@eureliosollutions.com"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003458; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/verify/update/y.html"; http_uri; nocase; content:"creativeingredient.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003459; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2011/02/habbo-crediti-gratis-sicuro-100.html"; http_uri; nocase; content:"creditiperhabbogratissicuro100.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003460; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"cusstomerservicee.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003461; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2isbc3k"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003462; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3yqokjg"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003463; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3yy01ci"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003464; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/4ypfq09"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003465; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/5yhe1qn"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003466; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/7yqfwsn"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003467; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/aynunsk"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003468; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayw5mev"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003469; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bundu4e?id/help/pages?ref=cr"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003470; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/byqp8mx"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003471; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/cir5eqh"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003472; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/claiminc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003473; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ctmlfil"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003474; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/cyni5cc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003475; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/cyqucr4"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003476; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dkvkq49/"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003477; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftledcr"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003478; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gyqdc7m"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003479; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ingdirect-es"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003480; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/irsgov"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003481; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/iyn1owx"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003482; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kiiataa"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003483; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mynrk6q"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003484; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ny0rjd4"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003485; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nynglzu"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003486; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nyxbpmv"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003487; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oyqykkh"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003488; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ptl7kd8"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003489; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/py2rr2z"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003490; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pyqptqe"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003491; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pywuwcj"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003492; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qyc4svc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003493; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qymd2vc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003494; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/riyviiy/"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003495; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rykpt4j"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003496; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ryzqc5o"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003497; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/tyq6jn2"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003498; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uybigpf"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003499; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uydktcc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003500; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uyqji5z"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003501; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uyx0po9"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003502; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wyc154r"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003503; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xynjuem"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003504; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ytv0uzv"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003505; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zu0z3re"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003506; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oglp"; http_uri; nocase; content:"cy.tc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003507; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#?act=cl&pid=34515_md&uid=1&vid=25&ofid=1615&lid=126&cid=17171"; http_uri; nocase; content:"d854c624d7.gesundheitundschonheit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003508; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/online/showdocument?documentid=1fce937a-ba39-4053-a83a-f07711ad8efd&invitationid=82f3e840-cd11-4da4-8579-304bd7e930b0"; http_uri; nocase; content:"digisigner.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003509; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vszcwxk6nifthkg32wjxfjgq9yc-jjujkbsumqeeau8uw7xkcutyp0tbgux2mvwu8iqfrxxlunajob8/pub"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003510; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt_xl-m0ff8yqqhzhgseahgwejo0znh9re6w0qvgbe0qfe084hrebjjg673htphdnvbcdnq6agehncq/pub?mobilelogin"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003511; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vth3iya0ov7p49rk9ejozgqnueuk8fna2mky389hertlwx4mnoyhl1mlhnwbz8sxnsqtk8i5uysmq68/pub?embedded=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003512; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vts9czxqycsgi-quifs7m1mqjzmlcjlccnhw3dsahdss5ymnpy6y0vsgwvf3piu6js22ydjyew1oyo_/pub?embedded=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003513; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/12467akksjbdxtns1aefg-fo9hlxamtxynf5brvbz5tc/viewform?edit_requested=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003514; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/1fpyjsolbptidxpf23lqom1jghfw7qrvbbbfxxi82pzg/viewform?edit_requested=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003515; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc-xysogohjsbzmcnoded8ooar2gz1c5zxobgk8envh3jbpow/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003516; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc0yyqlieizg0nzouznvhsjfags1h9qi5hpdw3qlgbivm501q/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003517; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc4bagzjzmstbnjhy7zpy5zsx-xrn7reoouolv54luk5tihha/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003518; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc8uc5aztlek3s6dqtk1etorhez5m2yvubyw5qmfkpisrelcq/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003519; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc_enqwhhv1jnvzy55mb4ghvjd4wcz9plnolh2eoitk7qgbra/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003520; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc_f0pxmnwzrtbck6u06fdzocmhgzvjzlc8cu7c9b456fhccq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003521; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscaoiohhbm7suyz9ol9o9ueunbxn6donxrfjge2cevdw_8jmw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003522; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscbtba5srjedev4uvqq49pt3recywqah-ar5szplndj-dxhgw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003523; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscc30j0zmjvz0ct-wi59yhnz9gimpj3snofe5vkbovmeykomg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003524; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscc98m5fw4ifog0zeiuquxitizmisrgsdvyxvtxsppunpkwzq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003525; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscclmqirehqtkm3vl4u9gm2zv6xfvrddbrgke9fmsfujqbboq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003526; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscd8t8sjgxqrsa6dq5kjpmrpsxkvi4bl38sfdu7wa3sl32elg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003527; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003528; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003529; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003530; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003531; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003532; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003533; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsceoxsfawdsbd2r-jk2sppywnv1bchzjjcw2xkcj7oqkwqriw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003534; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscf9u8nrld-zvu6clr4jcwnw0buqrykdldtzoullbxy8kc1ta/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003535; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscfh2njwrve6_rkxxy1yz83keoeekd4maqcnd-ivq7rkg0uca/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003536; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscfmdl3il-2rcplfeq-12jtre1mwsgbnmh2nhoj9xoflmplew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003537; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscirilop6_iti0zvvrlsbk8zfaeo-f10otlhj9k5liyervk4g/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003538; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscjtat4fmstlxz3hbfkg4qyi-epfdmun7_avcqwvgscoydytw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003539; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscjvnhykksssaw-kycyrl6ywg_r3fdjuyqhk2mrmxcpgwfxoa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003540; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscmzyecgbuuccfs_5e5axn9hpruzskqmvseedm0xz1qrqb5vg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003541; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscn6xxq_xvtivggy_4rkibou1i27e0kpiimikafpaavki1vsq/viewform?usp=send_form&usp=embed_facebook"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003542; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscphvypdecdasu-iqnvt4bvkiu5g1fioskjyfi9gk2z69cemq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003543; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscqbbsvkpxnasqgeazpzwxp1ln7qzdurt-nqn4azqa7q14euw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003544; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscrgopduxv2yg9memppi-dzfii70kq8hr8pi5zn9o_5amr3xa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003545; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscrmsgjymaojts0bfneswvnfekiw6zya5rzyqoa1ydp5wkcrw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003546; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscuttypbph1iazuis8aa6xvrlmagwglmdcrrg8g2oymskvbva/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003547; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscuzwqncl3qs7cwfb7jlimpdueycxy0mv6zknp0uubdbkcu3w/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003548; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscvp9muuu33wgba4h5kugaleeh0onrqzug-b6n5aj5werrmaw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003549; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscvqmhqgwbubzxdynzgvlbmmziyagdiadz2eyhc-s-ro8ndfq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003550; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003551; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003552; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscz4uf8dtvwhgxggkzsbbhjcgu9npgc6agxpy5o2fwpo6tv5q/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003553; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsczp3nbsyvoj5-wf-7k4xshjczyxvdc-lc679urtbl_k-9x8q/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003554; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003555; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003556; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd3x6brnru3toiionptordwmc4zorxcky1ebpmeg6bb4jfuca/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003557; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd7jgegqudsjg7blscqgfvdftyvlno6xreg6wjuxl0hnfbwtw/viewform?vc=0&\;c=0&\;w=1&\;flr=0&\;gxids=7628"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003558; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd8_xzmknrntxwpeg8bvmvbbzmjsfgejo-vngsmyjx1dnidsg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003559; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd8vkw5fxeroe_pxa7n5cdfpukhahbg_7k7sg0iuosh_xsyoa/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003560; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd9poeb_wmgffgg8taw4z_np0kdbo32gr35k1zxizj7lcdela/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003561; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd_c4wpt0zzouwt5lr9p5kn5cylz3ananv1hlix6u_h36w1rg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003562; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsda4flfi-1_gvwqnbb1dcxz_mb5omo9t2oc-vslzfgh6avrag/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003563; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdbgprbyowwcugqslasnoo-sbqcrgi6ppycsytvsw2_dwfeug/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003564; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003565; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003566; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdcznggxnwia2ct8kmxid1tdqhgerhnmixukxuj7nmq1lqsma/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003567; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdfarxg-0eurkyimsg-ukgl4mbtgvwfhe1wzbdxmb7oaosnyg/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003568; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003569; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003570; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdgxybkn7btnmkuuyyoe0rlbw8kmdgbwejv6l52fjbm9vledg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003571; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdinjm_qvdbv3roybqi073rm1pujmrrs7lid7c3qk-4xwweew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003572; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdlwgxgjcqz_53lnvyfaiibnkptndldhs4vd0c__6lufv81zq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003573; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003574; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003575; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdnngh7an2vfxw1k7cotxcb24wwne2qcm3j5deelwsn676z2q/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003576; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdpetadtoy4qkid3frxtq_jkthudhyvm17bkmb8iqonismzvw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003577; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdvo-nueiprck-o5gw7-bnmsz9jvwlyspeqfhfr2g2osbsrba/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003578; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdvwkczn_rxvn1522z1mcojbs40ymrctyizpyuv72_0wbypgq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003579; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003580; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003581; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdxm-rwnv41p3wdcbtetukrctoakvuoe1h_uy8jgnxy7kldza/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003582; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdy1071rbhheyidjzo6fw5busqot5eunllw_thawo6udamfaq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003583; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdybqflfptobqslhflytic3g936bnojaljztk6ct1d5mjvnnw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003584; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdyygc4-s_a1dcdvcf9z9n1yhvz2dnehdr2aij-bcetxe2csg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003585; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdzrubbm3nrqdzjs6q7phutjgmn-dm8zquphjg9ge31q7bdhg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003586; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse3-zgmg83lctfks0egmambwonybkscrvxix--n1azwngkphg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003587; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse5htthgifmniezokiypnjjhanvkvlehsrk9esgcpoauqutiw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003588; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse8ds15kxxdcrhfspcfrbvy6sbdhp0e4540zzmhhvzouewvka/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003589; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse_mo9pzgdahzdgz0wctr7lm0cqm_zwos8ljc4cqgtvnqfmfq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003590; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseaoj1gseoc72inocx9jofb1nqgqm81_firdsookdvnd4fz3q/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003591; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsebpakzyvtprhygwe23jlsdieyoca0jtiyy-f68nqwofparww/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003592; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003593; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003594; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseck8-g3um70ihw-ajfait5whcec3qdowobizswz8_-et_jkq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003595; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsed7ckwpjf0hndj7zb3qtjmirtkv6pwcrmhplptuczapfmdew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003596; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseerl98zqhhsjdo_vwhfzft3njmrw-es6isa689uqc2opalkg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003597; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsefdjhvlb8j4f16k5uewfckrm6sxun7mb8kmt6hnsw4twzb1a/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003598; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsefv5nkokmsxbkw84jsid2gwxxq8hhcvvajj-hjwl43irewza/viewform?vc=0&\;c=0&\;w=1"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003599; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseggxi9u9oxdijtvvfpdkom7-bau-dstzgnovfyndrhxtk_ew/viewform?fbzx=450838898210045776"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003600; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseht4cdltkad8967jjarcb5nafonbaw3dtpynth9mdk94hf-q/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003601; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseirld9oyigwxmec2bc-ax4yd-m-rhezlne00aminsjf0uteq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003602; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseja63wnjv6158neslzqwlnlui4yluhb0nlou-vx0ehpwkexg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003603; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsejavlqdkikylynqlg6p7kyfu4qnlyy31opnfttucuhgmek4a/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003604; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsekx9ewwwdcej4qewpnqgzq3bzhqogrop2ui9vxaeswphzyvq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003605; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsemwyrvcln1ql8uxd0dsiswveuehikz5hwalfeni7jjfaefmg/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003606; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseoz9zpmm0c0fjksklv-p1hsrwsuybmj6bvbd_fkewzzcv_ea/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003607; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsepe4jevfm3mjc-vndxuq_9wjpc7afrjadkxvp8czawh27cqg/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003608; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseq5h3-5stw3bwnpoi6g-gfwcgej7q82incdm01dd1lf182iq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003609; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseqdx2wgybdxlhascsuopq1xqsmwrxjf4erl_cpmvtt96dq_g/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003610; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlser-b6q--nvif2fj7nbn88dh8lj-s2yfbgjyuygwsacbhm6lw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003611; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsesuqyiwovf64ujl8ewzqpw-vq7_ljhh96vouros2rqn1vunw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003612; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseszgantjzuxgteg0dsiizzmadcwjbjqcsri5nidod2rd2_lg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003613; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlset42bzecl3yrdnnffv6f7kecxpd1sy4rbh3h3govwg1k1z1w/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003614; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseumxp-wga1x873upqxmi_hx8nbbllh12zzmxia1xuqp2mgbq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003615; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsevpkt1byhl-oqjptw8wbecnm7-iqnax-mz8zd-mxp0fol3jg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003616; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003617; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003618; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsewymtg0_yxlw9-prz205ldklpt1q0_aklvlput4ndg_coetq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003619; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf-exsf9vm0rleksdp46wa2dfca3dhphayf4tl4rktjvmgguw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003620; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf32hx6ujsi_gqji38udpamxxxnhyrx8qhmqcqnteinj_0cmg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003621; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf9wlt_kxvre3b2hhpi0hcx4zia83c9bbkabo4w15nfekvwuw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003622; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003623; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003624; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfanborkr2ivrhpsjdnvnb-jktwkjbuub3wnsxb-md7haddsq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003625; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfbu-bfa-om2nk21gbc1gbbeoy4veybh7qcrj8jw7nwthmh_w/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003626; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfeoy_w3jwkkz8psgsw4nrja9tmg2lx0x0nvtmv38k0hjzzmq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003627; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfgrkvxsp4vv3h2jpge8n2rwi_acvt3o91y4av8-nbjpc0xxw/viewform?c=0&\;w=1"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003628; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfjpx-sxpejnp_q2fmfu0jy8oqoesrx9wbrqplcychw9luupa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003629; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003630; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003631; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003632; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003633; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfk9hpkld9-qwaxs8b0cpslaw2-oomu6bcwpxkmp-fo8kr3ew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003634; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfksirdejkit-tdeiwrnkf00ygsqdsqth0hmwydiqdik10tna/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003635; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfnjyzbmw-pd1byw4b4opoksx2cealounsnhg5fjc3fk1qocq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003636; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfnlsbejsiacubkj2geltmn7slefoweeczuagp3jfmfkijg4a/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003637; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsforgq2zksc0soenei1m7xcow9surjrynoh6ppsku6_kxvdpw/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003638; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003639; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003640; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfpvmlfha5uwdz_4bnvq19l2mctpltose6aszym6w9ls0hxza/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003641; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfqpqpbuxrrc0ubvtbrr86nxa4pt68zft0bm_2ufdvt1tzvuw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003642; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfrzt6zpkhgtvzqutkypqtjffxaucn3evqpf6ytbqug3t41yw/viewform?usp=pp_urlorganization"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003643; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfsia_g4fb5yg_cu8fjuxcndbgqz1setzfedm0cw0eaonb57g/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003644; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsftriyys-rvphnbmh6v6lyimxjy3rpog8xvtb3v1agqhawiva/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003645; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfuzr1yx2exrzt3ysxszgcawjpp45t9gz3nqtkvhfqslxw_ig/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003646; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfvhavjlgw4__-x0qdg5tbot5uo9vkn4csn8mx3lpvkdah8ag/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003647; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfwdsuczwrih_wnciwh_qjpg1v5p-qk8zyjjoccpbhmyeygrq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003648; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfygwrauuzg0kcnd6w_s42qneyhqpha0zs1rift0akntmlugq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003649; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfzhyjvw1nn6bvqhbwmd3rcrm6gukuzir5u9tmsszmcrr8nyw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003650; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/presentation/d/e/2pacx-1vrp2k-b45tcwcadgwzkulyaqrs1f9vfjs3y19o6fs_7p34ymzwuascr7lkuijhc83-o6fmsbbvehcf2/pub?start=false&\;loop=false&\;delayms=3000&\;slide=id.p"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003651; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nam/0cd7a982-3dc9-467c-bfac-d4501179b21c/e8d1561a-96df-48f6-ba3d-4ad9c39d2e85/89d22179-31c6-462c-9385-7d2b040fce68/login?id=egfyrnfzd1d6re9yuxayv095q2l0ajzwv003k3voatjkneheqxl5cgf6mxjsstjtrffid0f5b2c0bjnnc0z4anrrswy4bfrvc1hac21ibgpmuhfnddmyulbtq1y5ovphnkpca3bibujvr3uytzmzqkrjm0s1rgrrk1jzqm9bndvmouvfetevvgxhrun5euvdu3bjdkrhkzfzv05quhhbmex3q0zdbedjbxi2dm9nvmjzblznbtyxoc9bug9ym21yngfoz0dsne9tcjloy0pfd0fpq3ars3fhmmhqeerpnm54sfq1slv4sxziqs9mvtvlddrezflqrjvtodgzd2l2wfhwovrwm0fmtuljzk9iu0jnl3lhnhrlbzczsjbzdwpatkpyuw12k0uvzmdieknwd3jicjj4sxp6qlvwagxnc04"; http_uri; nocase; content:"doctricant.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003652; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nam/0cd7a982-3dc9-467c-bfac-d4501179b21c/e8d1561a-96df-48f6-ba3d-4ad9c39d2e85/c7245887-d9e7-45a5-9f46-ea0e549f1b84/login?id=mui5amg5tjrmbkrzymrsr1c1y3m2azzrog1vwnqxvjhvrkntverovundbfowt3lyk2i1euxcufldzhe2tuz2mgq0ufkybwdrckc0nkfoy2sxlzazag1oy3nwamjcy0zob3hbdetntfdhvkfhtnfmnww4k3azrkzibfv6vlvkanvntuplkytxbfprawsxugptl3njbhniuviwv3b1ufljrejxre1ssjfvbkk4twrkmdk0sdv2d0g1cfvon3dmtnzjtlz6bxjvdulisdlymwtrohroahpnvwlvnmphnzjgt0rqbhnwvdfevxbcsnn5zu0rbkxna0w3tkncsvbzdzm3cmzhu0w0zny5ovbrskjyvgr3rxlpmk5gvdjhmnztwxzktmd5yis5l3botjvrnvdfzhpowgvizkvtu1vneg5zk1o"; http_uri; nocase; content:"doctricant.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003653; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nam/2e729a59-457b-4dda-93f8-5feb2e4265e9/0fe51811-66c8-4028-b4b5-8d84d399c92c/3a8141d3-8a1d-40c6-8f18-5ef0d240fa83/login?id=ukprnxdlwkzubgdsuxy3c0e2smvwb2ywaznjc09rdxlnecs0y1n4vjhxt3nhsufuzkjjn2v0mkzondivtmrrvdrkamnyn2xan2ffavfon2x4d2xdanaynnnnk2xhrnv4su5yywdrshmzymxxri8vv0lsefnwqlrdqjviceu5bzrxdjjwtjrqv3lfchaxmlpgr283l01pegfqwhriadb5d1hnrzfpefpyekyyauhtzhdjl2djm1nuk2tqvkq5eddxv01bcgrkl29ycvhpvithmvb0k0qwdlduvu9kzldndkhbzensr0srr0jbeedlrwzwyzg4es9kn1drsm5ntwj0ohfdwedioer2alrttkhel3pgnmzuv2piz1rtwwq5ukzwtm53ehzjk3d3welvqvdqnmr0ymnzumwws1luvkj4a1i"; http_uri; nocase; content:"doctricant.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003654; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nam/eeacb5cb-5370-4358-a96a-a3783c95d422/191c0476-5ad9-4931-aded-e2c0f5964bee/025361ad-7913-4b98-abad-4ad5d1c7e968/login?id=uepjakpxeu9qdnrtvtkrtktuylhwswhioulry0jhz2rgcknsvxb4defjwkrik3ffqtlknwvgnwo5m2til0tsowhhnjr2ug0zwthqzwvza1vpnmo4u00vsdezsdrtcdbxsmfbc2rtvfr2b3zmy3dldmp6nfywsndwr3zuvvyvbjn4nxzqau4wzdrdcfdxaghmc2vamzliz01cci92b2nyak9tsk9urkfmwvi1nhb4eg5xv1c1qlhvblhkcwntb1q5thmxvtlrwwvwadvxdg5zbs9jbfpirulxmgg0mlzkmvdsuuxjvdv4mk5jrzhyn3dpr2s5zlvmynjvztran1phtfhlcetjvvq5l2d4u2nsaghketqyclfyree2dkvduux0vjk0qxowtlbxsmjqcwowk1bbodzrcjhdwtrlcwnredbvbjncrctrk3i4b3zzbefnvi92l1hrpt0"; http_uri; nocase; content:"doctricant.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003655; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/19zpw90jgon3j5merxi1pauvkjdmx8nfq/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003656; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1bcdyitw2vo5jp6yrbdmiy8cfrkcf4tby/view?usp=drive_web"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003657; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1c5o9_y8_octsepwyojfarn1k-kj4d9fe"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003658; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1cppgzjnodnftsks_w82um_b_ctgzn-ah/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003659; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1fdgs5g6fqqkudcl2meym63ua3yu0o-tb/view?usp=drive_web"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003660; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1fsvmjkcq7ennrsfdufkcxshfhnda_fui/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003661; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1ginbnlpvt7kpfnog9a68fqmn7k3aivui"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003662; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1hdvx7j89h5l7yz39idgzhqji93jnkl_c/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003663; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1jixb69t_nw9tmkhvfrejkfzof3d-ijet/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003664; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1jvfh6wq9ea9kxr1shhwbh3pecflqzppc/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003665; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1mg5asnyoeet7qsg2n0d_2paxc3j7wx3k/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003666; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1qf58h-1lunq1pubplwdhwd3uooj_vjxa/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003667; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1robiosanbh8doqa7yuiewn3akz4094ho/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003668; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"dzeodepaoe.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003669; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/alldomain/domain/dmain/index.php?i=i&\;0=abuse@optusnet.com.au"; http_uri; nocase; content:"ecomcrew.staging.wpengine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003670; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/marco_eeverywhere_com/_layouts/15/onedrive.aspx?id=/personal/marco_eeverywhere_com/documents/documents&\;originalpath=ahr0chm6ly9lzxzlcnl3agvyzs1tes5zagfyzxbvaw50lmnvbs86zjovcc9tyxjjby9fcwhvbeq1x3hltknorzbdmdvvmgjvvujoy1z3b25futjvejhtlwxqrg9svwvrp3j0aw1lpvduaunytfu4mlvn"; http_uri; nocase; content:"eeverywhere-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003671; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=\;0"; http_uri; nocase; content:"eleoelswka.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003672; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t6t%2fhn1dkbyhlyx%2beimbazufa43rrgz6%2faaaewnocdi%3d&docid=1_18168db23429e45f29fdf2e7be120efc4&wdformid=%7bb9970f62%2d44c3%2d4d09%2d9929%2d6e1eb652da57%7d&action=formsubmit"; http_uri; nocase; content:"ersfilter-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003673; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%20sjfgzhadhvte2gyowjf83iqbjrjehik4s=&\;docid=1_135f7008dfbfa44e6b09dab0eb165b997&\;wdformid={e037f2d9-5daa-4916-ba03-eb11d0aa6dea}&\;action=formsubmit"; http_uri; nocase; content:"ersfilter-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003674; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%2bsjfgzhadhvte2gyowjf83iqbjrjehik4s%3d&docid=1_135f7008dfbfa44e6b09dab0eb165b997&wdformid=%7be037f2d9%2d5daa%2d4916%2dba03%2deb11d0aa6dea%7d&action=formsubmit"; http_uri; nocase; content:"ersfilter-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003675; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/takesurvey?tt=/p9xlsw/pwa97qdwq8ubbg%3d%3d"; http_uri; nocase; content:"eu.questionpro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003676; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/t/ab3uufjzb3vk20"; http_uri; nocase; content:"eu.questionpro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003677; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?fbclid=iwar3cu_8pblosqw-rwa7evcrs5jpl6zvzkou0qrf7vl9oqge4h2ctmcxrdyk"; http_uri; nocase; content:"eurobankovnikredit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003678; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shard/s339/client/snv?noteguid=f48e12fd-48da-e57f-8e76-cdf6e4054e1d&\;notekey=02a9fa6bd051dc6b4581ee3b617b3f88&\;sn=https://www.evernote.com/shard/s339/sh/f48e12fd-48da-e57f-8e76-cdf6e4054e1d/02a9fa6bd051dc6b4581ee3b617b3f88&\;title=optus%20webmail"; http_uri; nocase; content:"evernote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003679; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shard/s446/client/snv?noteguid=4dc119ab-57d6-b8e0-4fcb-c11c0a637b94¬ekey=9ddb3753cb700b0c86a78176be71f4f5&sn=https%3a%2f%2fwww.evernote.com%2fshard%2fs446%2fsh%2f4dc119ab-57d6-b8e0-4fcb-c11c0a637b94%2f9ddb3753cb700b0c86a78176be71f4f5&title=you%2bhave%2breceived%2ban%2binvoice."; http_uri; nocase; content:"evernote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003680; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shard/s446/sh/4dc119ab-57d6-b8e0-4fcb-c11c0a637b94/9ddb3753cb700b0c86a78176be71f4f5"; http_uri; nocase; content:"evernote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003681; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/jameswaterston_everythingmobilelimited_onmicrosoft_com/_layouts/15/onedrive.aspx"; http_uri; nocase; content:"everythingmobilelimited-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003682; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/tim_hansen_excelelectrical_com/_layouts/15/onedrive.aspx?id=/personal/tim_hansen_excelelectrical_com/documents/open%20to%20view%20shared%20document%20in%20hitech%20sharepoint&\;originalpath=ahr0chm6ly9legnlbgvszwn0cmljywwwlw15lnnoyxjlcg9pbnquy29tlzpmoi9nl3blcnnvbmfsl3rpbv9oyw5zzw5fzxhjzwxlbgvjdhjpy2fsx2nvbs9fa2zoazdydndfaettvl9pwulkctdzmejlveeyr3awzwjnsdfkrgdjrfdfttznp3j0aw1lpunrvevzrwxcmlvn"; http_uri; nocase; content:"excelelectrical0-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003683; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/r?us_privacy=&\;a=p-w_ayumw3pzr2w&\;labels=_qc.clk,_click.adserver.rtb,_click.rand.60541&\;rtbip=192.184.70.137&\;rtbdata2=eaaaiencvf9odwdnzxrzx1e0mjfftwfuywdlzf9tzxj2awnlimofncj-jtiws_b-ohnodhrwczovl3d3dy5syxcuy29twihbt0llsefpmvdcvwi0vmdxvi1julfbztjdullinvfzuuitwjdutjfpdu3bfukaayfd3aqeoaebqahv4fyeugeawahq-aniadv5u4til9obfllxavhtz0fpaghnqs1sufktuvntqkhlaarzydroawsyaviznracclocbmc4ronaagliagdqas7hhvv4n_fmqqhgagdoagd4agckaxywlnb1yi0xmjyxotkyndq0odazodc1mamaqamasgmejmh7angd_dgd4gmpcc13x0fzdu13m1baujj36gmfcngfefryawu5mjeymfgdaiaeayoedxf1yw50y2fzdc1xyzhybajvuw&\;redirecturl3=https://www.cbtnuggets.com/?utm_source=quantcast&\;utm_medium=prospecting&\;utm_campaign=general_us&\;utm_term=testimonial&\;qc_campaign=cbt_nuggets_q421_managed_service&\;qc_adid=2078771"; http_uri; nocase; content:"exch.quantserve.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003684; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/remote/mandate/4jya9anuerrpmikrph7-j5pl9nyz_uw1bc7q1vvmmhw"; http_uri; nocase; content:"exchange4free.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003685; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rrefeeieoj.html?erectrcsq@*cthiytvcdx$zsxycuikjmkjivee$terdtygjyvtrre"; http_uri; nocase; content:"explorebathurst.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200003686; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gvrmpushnotification/nbproject/private/fbapps/melis/"; http_uri; nocase; content:"fbapps.milestoneinternet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003687; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/investorway"; http_uri; nocase; content:"feeds.feedburner.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003688; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"//?m=0"; http_uri; nocase; content:"ferferfccezs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003689; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"ferferfrefe.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003690; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"fifisalha.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003691; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jelxwqrcrvhj&\;ijosing&\;kontakt@wmb-walther.de.html"; http_uri; nocase; content:"fifit.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003692; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/f/75h75hd7v"; http_uri; nocase; content:"files.fm"; content:"Host"; http_header; classtype:attempted-recon; sid:200003693; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/biyugbhiuhgy7o900-h9oh98h9-987.appspot.com/o/vnmbvuyt8-8y98yh0%3d890y8iuh9yyh%2f5rtyfghtfyu67-9876trfc%3d9ygv.htm?alt=media&\;token=dce6f041-19ff-4e8a-8012-1cfdac4cf369#bv@pplsi.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003694; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&\;prox=p2000isolation@aaa.kr"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003695; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&\;prox=yourname@yourcompany.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003696; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/goo2-ac630.appspot.com/o/goo%20(2).html?alt=media&\;token=2d1281a2-3364-420f-a3b5-c693b7bda1f2#a@b.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003697; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/macryti-109.appspot.com/o/kp-oe0%2fbtt-hash.html?alt=media&\;token=02abe8bd-5141-4b5a-a7d4-08120e5f43dd#choiteng@motenghaiplc.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003698; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/ntachi-e1dbe.appspot.com/o/hgigieiciejceinhviejrie95489349%20(19).html?alt=media&\;token=5901e369-e71e-416b-9688-b21c62e31587#m.couvee@colasit.nl"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003699; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/odrv-3c4a4.appspot.com/o/index1.html?alt=media&\;token=11958c2a-34a6-4ed1-a1b5-081ec066cb95&\;data=zxzhbi5ncmvzagftqg1py2hlbglulmnvbq=="; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003700; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&\;token=216401d2-aba7-42f4-8fd5-9b672cade830#abuse@optusnet.com.au"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003701; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&\;token=216401d2-aba7-42f4-8fd5-9b672cade830#tiekimas@tidlo.lt"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003702; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&\;token=da92acdd-870d-4049-b9ac-f0d373777f06#info@legalshield.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003703; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&\;token=da92acdd-870d-4049-b9ac-f0d373777f06#support@legalshieldcorp.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003704; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rned-a824v.appspot.com/o/gen%252findex2oli.html?alt=media&\;token=828c2259-c86f-442e-91a0-8d43a1fe7d8b#abuse@optusnet.com.au"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003705; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/tei-neriou-reuix-678.appspot.com/o/%40%40%40indexv-vb-veu-ry-8%25433%2569.html?alt=media&\;token=6b0a9c43-8711-491b-9f40-50ad280ffb32#ggradnigo@prepaidlegal.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003706; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mc.html"; http_uri; nocase; content:"flavena.co.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200003707; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternetwebmail"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003708; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btisojtuf"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003709; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hjbsvjhfb"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003710; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jhgcfghj"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003711; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nicszdbaiodi"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003712; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/vf7vfv9ky?fc=0"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003713; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/btinternetwebmail"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003714; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/btisojtuf"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003715; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/bttelecommunicaation"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003716; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/bttelecoommunication"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003717; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/hjbsvjhfb"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003718; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/jhgcfghj"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003719; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/mnkpo"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003720; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1mqqu8exzgpptqpl8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003721; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cyoxmwxqkbfpt2v5"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003722; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8epxhwdapiab7mfw7"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003723; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9bwawhpz5vi7ilpe6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003724; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/akohiguxjs9wlpu28?sllqm"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003725; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/b7lqaal42juffiw1a"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003726; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bfz2l7i3wvrp5heb9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003727; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dncj4btc56n1n71n8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003728; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/edtu6r7rqxqyegcf6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003729; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/egj66jkgwkcd3aat8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003730; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/eozlrnnf7jh84xdp8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003731; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzlons3fgnjdqdd19?omgbfzrazhlppbtx"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003732; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/goerpntl5tfeumdz6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003733; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gr4b9sxradtcj7or7"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003734; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/guptjarp2xatzbvo8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003735; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/iai7pzm4pxyb145i9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003736; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jnkkauxwwbfhtuqz9?hkgotygikyoujp"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003737; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jzxtb9auexgjcewfa"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003738; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kehch96avaku7oey7?akowgmooutpwa"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003739; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvljeb1quzaovd8u5"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003740; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/puadbxscibgw5ma79?xfccuwmmhgwrwztd"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003741; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qhwastfqxg1yehi77"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003742; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qzopkn9aj2gzaw2g6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003743; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ruaxzqjjzghi8rar9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003744; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rwpcmhm8vtfa7f4m8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003745; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sj21ehdebhkcpvfv6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003746; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/smufgmyhduckbq6ka?fjxhgyroek"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003747; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uqzzznxv4cfhu3yr9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003748; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v5xtnywt5s6zvpp27"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003749; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v7k2chwbcca59vz27"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003750; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/w6uh9p66tdq6l1m66"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003751; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/x3aasffazsrl8pcr9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003752; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/x8hybjggubfftabw8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003753; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xxccjhuzjtg4pr3y8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003754; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xxjqmu6luzkpnalg6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003755; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yfxkceytox2zuyvb6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200003756; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=60hhzfbtoe-qdzpnyrluyo-ivxb0mexgqufvg5tcyifunzg5uknzne1irjzvt1y3slewrepwnflmvs4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003757; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__tdasqlurfrqmjzxneyxn0g3vexutfvzq0mztu9fms4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003758; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__thg5xvuodnbwtvytzhwwdnctknvovo4tldctexmvi4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003759; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=jrbxvx3x9keewcq72hm6fnkqekonandcsjd9av060h5urepumvvgmks2te41rfewmlletulvufnuqy4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003760; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gmaingt/server.html"; http_uri; nocase; content:"fra1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003761; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=\;0"; http_uri; nocase; content:"frdezeredaresafin.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003762; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"fredsamasont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003763; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/b32353/1"; http_uri; nocase; content:"geotilla.sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003764; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"getrfdeza.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003765; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&\;test=off&\;id=355x561&\;url=https://www.paypal.com/shopping/&\;xguid=01fewn4zq5fegh6bf3qpasy44v&\;persistence=1&\;checksum=3d7975c121a1d514f1b3a9facb177a78f25e1326da6497ae9cf35e33ba436119"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003766; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&\;test=off&\;id=355x561&\;url=https://www.paypal.com/shopping/&\;xguid=01fewn4zx501vbg1xj6vr2hk10&\;persistence=1&\;checksum=fc555be29c86e6e13177069b7632770b2cb9f30b36d229624f37be1cb2475704"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003767; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&\;test=off&\;id=355x561&\;url=https://www.paypal.com/shopping/&\;xguid=01fexfpq10qje7acrftnz6v4zb&\;persistence=1&\;checksum=5916a09fb5c03e4187a58ae7221dbc20e8568b5840df4b6f3eb57227975bd2ce"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003768; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&\;test=off&\;id=355x561&\;url=https://www.paypal.com/shopping/&\;xguid=01fey1pewqgha9bqebgbvwe95n&\;persistence=1&\;checksum=3fefba73b68799e5152bf7031ce8a7b1a300456243ee123a27f6efca31d9f055"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003769; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&\;test=off&\;id=355x561&\;url=https://www.paypal.com/shopping/&\;xguid=01fez46yyrvh6f0bbehn8h419h&\;persistence=1&\;checksum=069f46345ac935567ad562a3d64a332066064c97f8feae803d555f9cc820c561"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003770; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&\;test=off&\;id=355x561&\;url=https://www.paypal.com/shopping/&\;xguid=01fezncfbjbj86yneatjn0qvt4&\;persistence=1&\;checksum=8142350e161acc6cb246be1d05d596973a1d3ac50af1f3594ee9ea462c87a4ef"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003771; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&\;test=off&\;id=355x561&\;url=https://www.paypal.com/shopping/&\;xguid=01ff06m6n2q43m6zcaqrh8xpm2&\;persistence=1&\;checksum=26e140f8abae23dd0c8dd547390a4deb9fc54b1acf3539d8aa44fb19e04902ef"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003772; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&\;test=off&\;id=355x561&\;url=https://www.paypal.com/shopping/&\;xguid=01ff0qxy635yfpkrdaxav47j5k&\;persistence=1&\;checksum=cb2e0f7328d6ffea0e15a24046095a0bb98d27d4488e822bea4b181763f2eb0b"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003773; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=http%3a%2f%2fbit.do%2ffr6ci&sa=d&sntz=1&usg=afqjcne7joz-iz-adrzkrxcihj8t9fs9qw"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003774; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=http%3a%2f%2fbit.do%2ffsgjq&\;sa=d&\;sntz=1&\;usg=afqjcngvqc30z-4hiaizv03gpwblwu3vnw"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003775; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=https://393512dfd8544c98be9a40f2f67df8bd.svc.dynamics.com/t/r/a7uua5shyiplufx4zj7f6u2clgtguiagoxngfoio4am?clientid%3d70000%23%5bemail%5d%2b00-70000&\;source=gmail&\;ust=1636719774661000&\;usg=aovvaw2fsk8htfwhsfqapvbu674n"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003776; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=https://passionfruit4576261.brizy.site/&\;source=gmail&\;ust=1608664764243000&\;usg=afqjcnghljnr1tyn8j4c1ijid09ra9ehdq"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003777; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fp?u=https://tinyurl.com/32xz989f&grqid=zbk35vud&s=1&hl=id-id"; http_uri; nocase; content:"googleweblight.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003778; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i?u=a894ec7f.46t33454t4.pages.dev?user=masoli@legalshieldassociate.com"; http_uri; nocase; content:"googleweblight.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003779; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i?u=b4e921f0.sso-mailsrvr-4344e5teed.pages.dev?user=abuse@gmail.com"; http_uri; nocase; content:"googleweblight.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003780; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/tspencer_gormanusa_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wgfwcmmssvdsofa7ljviwaj85tleclug2xbvoqwlmp0%3d&\;docid=1_12424441d8c29412bb868684e5cb74e47&\;wdformid=%7b992e319a%2dbe72%2d460b%2db6b4%2d2d3fcf789fc5%7d&\;action=formsubmit"; http_uri; nocase; content:"gormanusa-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003781; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/out/408?jobid=29207&u=princed.de?id=8400239909"; http_uri; nocase; content:"gradcracker.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003782; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/12/hafslund.html"; http_uri; nocase; content:"hafslundno.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003783; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1kzic"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003784; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/4ds15"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003785; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6qnhc"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003786; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dghpp"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003787; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/f1itl"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003788; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fmjiu"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003789; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/g9yl5"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003790; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i51rh"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003791; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmiyt"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003792; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/m8ikv"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003793; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/o0ugq"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003794; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ta0lq"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003795; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ue2ho"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003796; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/urq2m"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003797; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/vfywl"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003798; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/w27iz"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003799; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xegru"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003800; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zlbow"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003801; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/12/window.html"; http_uri; nocase; content:"hangovertest1.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003802; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yuhgbfvdfvbtytrvdfbgt.html"; http_uri; nocase; content:"heaterintwintersz.ams3.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003803; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"hohosafretane.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003804; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zeland.html"; http_uri; nocase; content:"homeentertainmentexpo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003805; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/themes/engines/ira.xml"; http_uri; nocase; content:"house18.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003806; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?https://trimurl.co/0wsx7z"; http_uri; nocase; content:"href.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200003807; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?https://www.rkat2.2r-p.xyz/"; http_uri; nocase; content:"href.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200003808; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?https://ykm.de/f4b990c239777330"; http_uri; nocase; content:"href.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200003809; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"//ykm.de/f4b990c239777330"; http_uri; nocase; content:"href.li?https:"; content:"Host"; http_header; classtype:attempted-recon; sid:200003810; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgav30ruohf"; http_uri; nocase; content:"ht.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003811; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shoh30rwmdj?10/13/2021"; http_uri; nocase; content:"ht.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003812; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ebuse/servic"; http_uri; nocase; content:"i-m.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200003813; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/webaccountupdate/stockholmsuniversitet/"; http_uri; nocase; content:"i-m.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200003814; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"iamonexioioe.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003815; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mdkea5ckpozm/click-here-to-start"; http_uri; nocase; content:"ifyufyujk.quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003816; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/4t6u/bt"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003817; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/4t6u/e"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003818; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/kennymoore12/btinternet"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003819; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/kfouo/btcommmms"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003820; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/msw0rd/att_word"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003821; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/viewer/vbid-31138d48-omsttuer"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003822; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/viewer/vbid-fa0f29d5-fpsjmms8"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003823; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/viewer/vbid-fa0f29d5-fpsjmms8"; http_uri; nocase; content:"imcreator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003824; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/appmanager/renouvellement-automatique-obligatoire/ovh/managerweb-ovhdepartmenttechniqueovh/web.index.html5400configuration_hosting_database/web-ovh/vh/?user-agent=mozilla/5.0+(windows+nt+10.0\;+win64\;+x64)+applewebkit/537.36+(khtml,+like+gecko)+chrome/86.0.4240.75+safari/537.36"; http_uri; nocase; content:"improvproject.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003825; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/emailupdatee/owaweb"; http_uri; nocase; content:"imxprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003826; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/outlookwebaccessupgrade/outlookwebaccessupgrade"; http_uri; nocase; content:"imxprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003827; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/webmaiil/accounttportal"; http_uri; nocase; content:"imxprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003828; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/maint/?hash=a2fyaw5hywxtzwlkyxjpymvpcm9aag90bwfpbc5jb20="; http_uri; nocase; content:"insurance2019.moneynet.com.tw"; content:"Host"; http_header; classtype:attempted-recon; sid:200003829; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/form/personal"; http_uri; nocase; content:"irs-gov.us-get-funds-coronavirus-economic-impact.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003830; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/clnhxv"; http_uri; nocase; content:"is.gd"; content:"Host"; http_header; classtype:attempted-recon; sid:200003831; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/t1xeia"; http_uri; nocase; content:"is.gd"; content:"Host"; http_header; classtype:attempted-recon; sid:200003832; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3arx6oo"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200003833; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gydg8x?/supporrecovery"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200003834; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kkkf0n"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200003835; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"jajasanyase.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003836; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/65g2g"; http_uri; nocase; content:"jtbtigers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003837; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/jdonahue_k12_com/_layouts/15/wopiframe.aspx?guestaccesstoken=jxndynkzmynao0nofzmhz4t%2fk%2br%2fg7qir2agrjo42ha%3d&docid=1_12252b23331654ef4bf8ef978a8eb83ee&wdformid=%7b2711d93c%2d7591%2d4baa%2db377%2dcf40ba8c7343%7d&action=formsubmit"; http_uri; nocase; content:"k12inc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003838; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"kakasoufatre.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003839; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/c07czi"; http_uri; nocase; content:"kutt.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200003840; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l3leph"; http_uri; nocase; content:"kutt.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200003841; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=4rcleqvo&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003842; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=xx6dnmzz&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003843; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://is.gd/f0iqhg?trackingid=48bkxt3p&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003844; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://is.gd/f0iqhg?trackingid=6dbwnjes&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003845; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://is.gd/f0iqhg?trackingid=jobyxhwn&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003846; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://is.gd/f0iqhg?trackingid=kzg8g3od&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003847; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://is.gd/f0iqhg?trackingid=vfxhwqah&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003848; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://is.gd/vohpj6?trackingid=rt6fxwgl&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003849; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://parg.co/bewg?trackingid=egqfrhlp&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003850; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://submit.irs.completeyourdata.info/?claim"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003851; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://submit.irs.mnageaccnt-id-765535234.info/?claim"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003852; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=cvhzehjl&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003853; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=nwb0pxlg&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003854; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=wqdypvka&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003855; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/match_login/match.com/match/login1876.html"; http_uri; nocase; content:"lifeiswhatyoumakeofit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003856; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/opol/index.php?email=rjb"; http_uri; nocase; content:"lightpressprint.co.zw"; content:"Host"; http_header; classtype:attempted-recon; sid:200003857; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fqg9x"; http_uri; nocase; content:"lihi1.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003858; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uh2xv"; http_uri; nocase; content:"lihi1.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003859; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?a=https://u25098085.ct.sendgrid.net/ls/click?upn=4o0yybebwwobmwye6nfxf74k9v8ctniui1j2zge2nz95e9lyg4bkzyeqhmb7dtwcz7ioun-2bn1j8mpzi-2fpiiskt0bhpz08nwukegu0uqqki2h1s5yghctgcifqu-2bw1xclixrd_0qvnbxqwscekttpgl5skkts6yu-2batmdqkyh3bke4v1frfd55qka72zddyevzyat2nxv1k3yz6k8mwivrnsgvysy0wagfn8g5lfrsekexaptnpwfu0cediip-2bx7vwnyo9s20tqt2-2bj-2bvkbnfrh9uuad9j9stqo-2bcbol-2fjxsacxht5mztqgwx1c5d6x4fkpu32hmnetd1eimxhhfmzkxiukogw4aalovfcjsym0u8gjpy-3d&\;c=e,1,2vluk9dfc0eb8l7-rios2j4nvvlmg8fu0rs0_haoaqpf_7ary6vt_oiimum26g-03mgzmsvdmzlfwohfhlogn3z77jluyi415qw9iw3dptggs_9sfqsq4a,,&\;typo=1"; http_uri; nocase; content:"linkprotect.cudasvc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003860; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2oj172"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200003861; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/5254ov"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200003862; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9o5vz8"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200003863; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attservice365"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200003864; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bt.home"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200003865; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternet"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200003866; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvolr6"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200003867; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/w1vl9o"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200003868; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attmailserver"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003869; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attonlineservice"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003870; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attverificationpro"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003871; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btelop"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003872; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternettt"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003873; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/d.emery1"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003874; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dannygeez"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003875; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/feetesuqshailhkaia"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003876; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftggtgrtt"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003877; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/keedkudi"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003878; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mobicomgb"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003879; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbvkl"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003880; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oeeieie"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003881; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/plkjh"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003882; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/poihbj"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003883; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/savermail.yahoo"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003884; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/service.orange"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003885; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/teccalicious"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003886; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yah00nccx"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200003887; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear%2fk%3d&docid=1_169208e425ed84fea9fd294a6886d67e9&wdformid=%7b06255f86%2d4bf9%2d4ee8%2dbd7e%2dfef81913a79b%7d&action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003888; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear/k=&\;docid=1_169208e425ed84fea9fd294a6886d67e9&\;wdformid={06255f86-4bf9-4ee8-bd7e-fef81913a79b}&\;action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003889; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/d8ruzprc"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003890; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/di6hueus"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003891; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/emruebe2"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003892; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/eqjcnf2u"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003893; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gib6fpsz"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003894; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/home/?6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d"; http_uri; nocase; content:"login.xfinity.meculinkvolt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003895; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"lolosamarte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003896; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"magyarpoosta.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003897; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/forms/form1.html"; http_uri; nocase; content:"mail.hfcfit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003898; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003899; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003900; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003901; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003902; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003903; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003904; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/190.27.90.2077221/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003905; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/190.61.55.2105806/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003906; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003907; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003908; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/191.95.152.1287758/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003909; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/201.233.42.1501206/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003910; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"mamasitasont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003911; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1gne6"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003912; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6w9qj"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003913; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/77srn"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003914; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/buzoj"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003915; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/g50gq"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003916; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hfldu"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003917; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ibyyn"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003918; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ij3t9"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003919; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jlrbo"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003920; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qpwha"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003921; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/reu8w"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003922; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sb6ww"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003923; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/cp/0ccc3066dc2bcd17/c?mi_u=87923176&mi_origin=&url=http://email.stickercanada.com/t?entity_type=2&entity_id=32534&email_pref_id=34785928&sent_id=1600423397&service_id=22668&redirect_url=https:/relievehotmailonly.cloudns.cl/imagineme/ionos.php"; http_uri; nocase; content:"mi.jetblue.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003924; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"//?m=0"; http_uri; nocase; content:"mnyakoloaz.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003925; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m3d0"; http_uri; nocase; content:"mnyakoloaz.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003926; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/add"; http_uri; nocase; content:"my-apple-wallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003927; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/form/60deff002ca34f5aa4985ab3"; http_uri; nocase; content:"my.forms.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003928; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/form/6112452ca3f6e60d511bad0d"; http_uri; nocase; content:"my.forms.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003929; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/leboncoin-service/confirmationpaiement-1"; http_uri; nocase; content:"my.forms.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003930; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/ginger_gingerfountain_com/_layouts/15/wopiframe.aspx?guestaccesstoken=gpys8ex7ys1urrzbfeasvlexkodtrovmmcpn%2brsnebs%3d&\;docid=1_1882b07b5eb5643d2bdaa63426324ef0e&\;wdformid=%7b9bd54af1%2dee16%2d4e07%2d8d62%2d6e9b76e47512%7d&\;action=formsubmit&\;cid=9adf3e74-8cc1-4e36-b545-c9165fcafde7"; http_uri; nocase; content:"netorg6600800-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003931; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bancos/interbank"; http_uri; nocase; content:"nexoinmobiliario.pe"; content:"Host"; http_header; classtype:attempted-recon; sid:200003932; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/examination/admitpanel/filemanager/5365678587"; http_uri; nocase; content:"nihmt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003933; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"norwayposten.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003934; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/n/axjt4zimmriy/b/cherishppps-20210930-1214/o/spaceblack.html"; http_uri; nocase; content:"objectstorage.us-phoenix-1.oraclecloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003935; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"oiazeiuiazolme.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003936; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/forms/view/zalxyved/a9adea36-d163-4d46-a3de-0e990d86e78e"; http_uri; nocase; content:"online.visual-paradigm.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003937; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ions/index.php?email=redacted@abuse.ionos.com"; http_uri; nocase; content:"onlinecasinospark.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003938; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fing.edu.uy/fing.edu.uy.html"; http_uri; nocase; content:"ortechnologist.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003939; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/walletconnect/"; http_uri; nocase; content:"pancakeswapsupport.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003940; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/well-fargo-de587/rout.html"; http_uri; nocase; content:"pannelpub-benin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003941; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"paozeia.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003942; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"paypal-inc-userupdatenuber7925570844.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003943; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-mails/"; http_uri; nocase; content:"pilgrimapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003944; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/att/citi"; http_uri; nocase; content:"pplastmart.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003945; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fia8mx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003946; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fva4wx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003947; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvakzx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003948; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvllvx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003949; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/survey/t/?title=bt-broadband-and-private-policy-support_20"; http_uri; nocase; content:"proprofs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003950; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/emailfwd/show.php?usernum=350311855&\;formid=3879"; http_uri; nocase; content:"pub5.bravenet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003951; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pfbgzhkd"; http_uri; nocase; content:"pxlme.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003952; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/vn79myoi"; http_uri; nocase; content:"pxlme.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003953; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%2f&action=formsubmit"; http_uri; nocase; content:"qualitasc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003954; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%3e%2f&action=formsubmit"; http_uri; nocase; content:"qualitasc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003955; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d&action=formsubmit"; http_uri; nocase; content:"qualitasc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003956; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jeh2aebbsh97"; http_uri; nocase; content:"quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003957; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qv7malu8n7cz/you-have-some-messages-pending"; http_uri; nocase; content:"quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003958; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/77ll23ween.html"; http_uri; nocase; content:"r3g34.fra1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003959; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2020?m=1"; http_uri; nocase; content:"rabofree.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003960; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"ramyosonan.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003961; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"reamaam.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003962; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/z83ig2n?rb.routing.mode=proxy&\;rb.routing.signature=123%20836"; http_uri; nocase; content:"rebrand.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003963; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"redatofadesafe.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003964; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"reikreitel.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003965; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xeknoz?confirmation"; http_uri; nocase; content:"reurl.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003966; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xgmxr1"; http_uri; nocase; content:"reurl.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003967; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2d0jazx1eky5/click-here-to-verify-your-email"; http_uri; nocase; content:"rezunz.quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003968; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"riderctposten.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003969; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"//?m=0"; http_uri; nocase; content:"rinadkokwa.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003970; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"rizwanoeiawa.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003971; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/-rb9g"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003972; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/crsqh"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003973; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mtbskg6"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003974; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mtbskh7"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003975; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mtbskib"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003976; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ytk-r"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003977; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/progressivebank-uat/index.html"; http_uri; nocase; content:"s3.amazonaws.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003978; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"samirsonte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003979; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/carli_lamell.html"; http_uri; nocase; content:"sanclemente.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003980; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/la-banque-postale.html"; http_uri; nocase; content:"sandert12.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003981; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbot"; http_uri; nocase; content:"sateegourmet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003982; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"sefonta.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003983; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/postenno_9.html"; http_uri; nocase; content:"seonewsservic.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003984; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6gwvve65243s9/eer442.html"; http_uri; nocase; content:"sgp1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003985; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1fni_ent2sao6wqv0vzdn7g8nl9d"; http_uri; nocase; content:"share.hsforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003986; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/basic.php?k=d63621ef3dc01735479befc13f97ec7fdb68991d"; http_uri; nocase; content:"shared-document.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003987; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nqgu1"; http_uri; nocase; content:"shorturl.at"; content:"Host"; http_header; classtype:attempted-recon; sid:200003988; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/publish/xhrdvc"; http_uri; nocase; content:"simp.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003989; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"//?m=0"; http_uri; nocase; content:"sinhaborelila.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003990; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/sy4norton.com/setup/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003991; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/newservices.website/orange-mobiles/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003992; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/e9d24c72/23524457"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003993; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/habbotuttogratis"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003994; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/habbotuttogratis/assignments"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003995; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/libretyreserve"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003996; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/libretyreserve/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003997; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/protectedinmprovmnt44/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003998; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/safetycheck427064200647221/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003999; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/verifycheckpointpaqes/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004000; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/08ie-securepage-facebook"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004001; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/0iey-securepage-facebook"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004002; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/2-orangebank-salva/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004003; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/3-orangebank-vetch/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004004; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/4-orangebank-toto/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004005; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/65h7t65ygtdw5f4/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004006; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/aattt/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004007; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/abuse-privacy/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004008; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/access-office-docxpdf-call-net/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004009; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/activation-de-votre"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004010; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/airplanecost/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004011; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/alert-app-pages/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004012; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/app-mobile-uuid/recovery"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004013; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/appsconfirms"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004014; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/aqwsas"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004015; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/asdfghjklhgfdsdfgh/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004016; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/att-managements/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004017; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/attemail56/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004018; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/attemailfox7/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004019; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/attfeatures/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004020; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/attyahooohroffice231/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004021; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/audio-call-net/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004022; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/audio-mp-vm/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004023; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/authentification-apps-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004024; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/authentification-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004025; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/authentification-orangebank-eu/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004026; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/authentifications-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004027; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/awspage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004028; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/banquepostalebanqueetassurance/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004029; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bdbhdhbdhbd/home?authuser=2"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004030; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/benachrichtigung-sparkasse/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004031; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-cloud-voice-review-voice/bt-voice-cloud"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004032; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-clould-preview000112/voice010101010bt-cloud?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004033; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-interne/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004034; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-mail-690/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004035; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-pdf-receipt-payment/www-bt-pdf?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004036; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-voice1010010/bt-voicemesaage10120201002?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004037; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-web-com32/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004038; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btbtbtbtbtbtcomm/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004039; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btbusinessx/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004040; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btcloudpaymentinvoice202000/httpsbtcloudvm-voice-new?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004041; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btcoms/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004042; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnectbusiness/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004043; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnectmailserver/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004044; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnectted/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004045; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnnect/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004046; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btinternetco/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004047; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btmv-voice-notice011/btvoicemessage?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004048; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btnvm-urgentnotice/btvmnew-note?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004049; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btsbusinessbill/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004050; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btserver22/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004051; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bttbusinesssss/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004052; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btvoivemessage/bt-home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004053; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/businessbtbill-secure/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004054; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/businessbtsecur/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004055; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/capitaloneloginus/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004056; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/chabillacoat/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004057; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/clickheretoverifyyouracount/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004058; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/clickpagenewlogin2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004059; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/coinsbuysellswapcryptocurrency/?fbclid=iwar2isl9xfxxgcxtftml2hmcl_dglhshlkfkpdotycyqu-qjqqfdqm9whtfm"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004060; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/comfimobiekdofl/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004061; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/community-pages-app/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004062; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/confirmation-orangabank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004063; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/connectolo/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004064; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/continue6363gd/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004065; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ctz03"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004066; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/currentlyserver/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004067; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dfffrreeer/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004068; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dffvderr/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004069; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dfghjhckuyf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004070; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dfghjhl/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004071; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dkdfkazii-ofoqisjaz1wk/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004072; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dkekkeole/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004073; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dretjhr6iy4j5iegrf/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004074; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dumes/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004075; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dvrbtrethy5642qwrfvd/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004076; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/espace-orange-vocal/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004077; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/espace-vocalorange-ref0325/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004078; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/espacemessagerieorangesms/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004079; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/etyajdnxnskoeprlwyaxbdhfkrituy/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004080; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ewyy65/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004081; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ewyy65/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004082; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/feelblessed/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004083; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/fhgfbythfrsv/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004084; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/fhgfjhfj/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004085; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/form-recovery/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004086; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/form-recovery/details"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004087; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/gbghtoyerfvfk/btb"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004088; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/gdhbfcxzx"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004089; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/hbxchx"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004090; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/hccwc/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004091; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/home-bt-updates/bt-com"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004092; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/home-pages-recovery/details"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004093; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/htvvss/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004094; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/identificaton-10777502102022/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004095; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ii-securepage-facebook"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004096; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/invoice-payment-pdf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004097; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/invoicehomepdf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004098; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/invoicescan365pdf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004099; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/jcnvvn/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004100; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/jmjmnhvdc/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004101; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/labred-authentification-source/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004102; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/leafadd/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004103; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/log-inpagenew"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004104; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mcwdbvefjberjrwgnwriviwr/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004105; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mersmesrs/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004106; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/messor/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004107; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mobile-apps-pages/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004108; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mobile-redirect-system"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004109; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mv-voicepage/home?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004110; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/myatt-home/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004111; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mycoinwallet/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004112; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/necrologieinfosfroravocal/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004113; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/newbtmissedcall/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004114; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/newuploadpage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004115; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/newvoicemail/home?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004116; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/nextprojectpage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004117; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/nextprojectpage2022"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004118; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/noticeplaypagenew2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004119; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/noticepublicpagenew2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004120; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/notifcationnoticesystempage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004121; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/nouveau-sms-message-vocal/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004122; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-seccurite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004123; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-securite-/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004124; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-securite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004125; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-securites/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004126; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-service/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004127; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-services/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004128; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/offiice-voice-com/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004129; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/onlinefifthercheckaccout/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004130; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orange-b-securite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004131; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orange-forfaits-et-mobiles"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004132; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeb-190/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004133; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeb171/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004134; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeb221/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004135; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeba/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004136; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeban/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004137; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebank-22/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004138; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebank-r/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004139; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebank-sc/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004140; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebank-secure-secure/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004141; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebanksecurite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004142; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebannk/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004143; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeibank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004144; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeinfosvocalnews/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004145; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangemyconnect/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004146; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/oranggebank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004147; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangiebank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004148; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pagenewlogin2022"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004149; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pages-identificaton-1000050210/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004150; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pass-press/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004151; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/paypal-customer-services/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004152; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/paypal-loginn/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004153; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pfherjwlsnmcyelwudy/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004154; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pleasecheckpoint2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004155; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/postacerticodplusaccaccueil/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004156; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/protonmailservice/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004157; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/quickmailer/yahoo-com"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004158; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/quickteamservice/yahoo-com"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004159; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/reactivationhelp2021/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004160; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/redirect-acctpages-uuid/details"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004161; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/redirectme-to/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004162; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/retttt/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004163; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/reviewappspagerviicee/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004164; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/reviewappspagerviiceee"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004165; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/rg9eur94uwe9d/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004166; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/richcoff/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004167; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/rimekahsdjg/summary_page"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004168; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/salimkaso/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004169; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/sbcglobalm/home?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004170; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/sbcweb22/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004171; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securbtbusiness/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004172; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securbtcomms/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004173; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/secure-bt-homevoice01010120/home?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004174; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/secure-ob-/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004175; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/secure-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004176; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securebt-business/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004177; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securebtcomms/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004178; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securebtcommss/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004179; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securebusinessbtsecurbt/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004180; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securiplus0101/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004181; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securite-ob-service/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004182; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securite-obank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004183; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securitee-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004184; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securites-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004185; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securmybusinessbtsecurbt/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004186; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securree/home?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004187; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securritee-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004188; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/serv-ob-securite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004189; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/serv-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004190; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/serv-obank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004191; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/serveur-communication-box/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004192; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/servi-orangbank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004193; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/service-orangebank-fr/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004194; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/service-orangebank-securi/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004195; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/service-securite-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004196; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/servicenewlogin"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004197; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/shgeudh/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004198; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ski03/strona-g%c5%82%c3%b3wna"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004199; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/soeyankandi5/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004200; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/szdgsdhgd"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004201; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/thenewstartpage2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004202; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/uiora"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004203; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/update-allreadypage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004204; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/updatesecure"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004205; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/updatingnewpage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004206; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/upgrade-bt/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004207; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/utututttu/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004208; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/v-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004209; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/venmo-loginusa/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004210; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/vfbjf/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004211; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/view-bt-bills-gjrhyrkegr/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004212; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/view-your-billonline/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004213; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/viewyourbilll/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004214; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/viewyournewbill/bt-business-btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004215; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/vjsdhdfidjasi/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004216; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/vosmes/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004217; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/webespaceclient-ref8/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004218; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/webmailcooom/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004219; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xcccjcdhasks/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004220; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xmicrosoftoficew/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004221; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xsvgcxsgvdhg/home?authuser=4"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004222; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xvhfefef/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004223; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yah000/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004224; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yahooend/yahoo"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004225; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yahoomailingdesk/yahoo-com"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004226; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yahooscott/yahoo"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004227; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yourbillnotification/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004228; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yt89ougjio/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004229; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ztt5zazu/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004230; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/webmail.cpanel.net/user/cp.user.sign_in/auth/cpanel_mailbox/index.htm"; http_uri; nocase; content:"skart.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004231; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/descarga"; http_uri; nocase; content:"skymavis-roninwallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004232; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#redacted@abuse.ionos.com"; http_uri; nocase; content:"smbcuahspchqiesl-dot-s8s-m0x.ue.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004233; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"solatresont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004234; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"soufatanse.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004235; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"soufsont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004236; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:b:/g/personal/mandyb_steiner_co_za/exxq1passetnrojoe83fzboboxufoggwb7uvmyfqbionla?e=4:su8jhq&\;at=9"; http_uri; nocase; content:"steinercoza-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004237; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyfifteen/css/read/chinavali/index.php?email=jsmith@imaphost.com"; http_uri; nocase; content:"stolizaparketa.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200004238; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1lordman1man3/oscman2.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004239; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/acc03lzzl4m3izm03iauserpowa.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004240; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/algebraic-pact-316913.appspot.com/index.html#jbell@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004241; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/anaagc040gdyacgd0dyuser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004242; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#jr@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004243; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#paul@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004244; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/clientid4dunptjlryzrift3nrlomi160gqntzgznajujcnbszq8w/index.htm"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004245; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dhngw6p6rwrwnuv6vnuse.appspot.com/index.html#brianvillacarlos@legalshieldcorp.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004246; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/g58t3e588ddgmdeddauth.appspot.com/index.html#jim-shelvy@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004247; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gu1r0utjruhjkukrxhauser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004248; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/indettn/pdflmanco.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004249; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/indettn/zdewaman.html#example@example.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004250; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#jbell@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004251; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#t.voit@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004252; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004253; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/index.html#martin.manasek@ruk.cuni.cz"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004254; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/index.html#a@b.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004255; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/kayindex.html#eimaste@stinpriza.org"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004256; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/myowngeneral.html#eimaste@stinpriza.org"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004257; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/newmineindex.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004258; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/owuddqd9dqqdddq9qd0caerq.appspot.com/index.html#stevewilliamson@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004259; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/projerroro0h5j5ro0jrrj.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004260; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/q90qqqar22r229r292euser.appspot.com/index.html"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004261; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/q90qqqar22r229r292euser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004262; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rrdar99rt9qraraq99euser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004263; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s0pts0apttxpp00atarrauth.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004264; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/staging.maintainancecomponeta.appspot.com/fcocnew.html"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004265; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/staging.maintainancecomponeta.appspot.com/nvhdjgtpl8txagtoccpyscuekxctc7j3kpg5bbugwqv0kemeas313lqehufuifcl6el9vtvomhrfbjbpxbg6qrnsg5sz3dyaiqor%2c%2520ffx6khej2lavfftroaizcq99hjdn3f4hs6gdeg2qodfyhobl8zonx6lez2dafyafc6spylufytfvuzn1jsioh4u6xpsbsqxqgh.html#icann@tecnocratica.net"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004266; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/staging.maintainancecomponeta.appspot.com/sydlasgendomain.html#winnie@soupro.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004267; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/user517497679326978.appspot.com/index.html"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004268; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uth0uax3t3uh30ttna0nnuser.appspot.com/index.html#jbell@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004269; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yyw77ywnn68weyew6euserq.appspot.com/index.html#rosalefua@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004270; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/03a6c481bbd83f8/df225c198d58561#un/68425_md/2/16247/3955/23/19171"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004271; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1827435283/1827435283.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004272; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/abjsfatitvyrobprkawlycsckcwrvnntndjwbgoqjiswdbkhhlyxnbv/cli123.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004273; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/abuabomvnediarrfgxamrtqcoehnpskugrmafutqnhugsbzossviqfv/cli123.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004274; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/acwuwxxomzzlrrfuyssheahvokqfunqvlbjnjrbyfsmbbmdppwimvbd/cli123.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004275; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbss-urltest-public/docomo_20210726_01.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004276; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbss-urltest-public/docomo_20210910_01.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004277; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xdaysonde1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004278; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xdragon1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004279; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xgmx1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004280; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xiphoneswiss1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004281; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xketode1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004282; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xlena1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004283; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xps5de1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004284; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xspar1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004285; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/buckettt01/redirect%20newslettersreply.shop.html#rd/u8888idsyy65301cvmt1247244psw23077wujo1715"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004286; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document-check/sign.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004287; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#cl/13669_md/1/788/1401/22/1025434"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004288; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#cl/13695_md/1/788/1401/109/376564"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004289; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#un/13664_md/1/455/1401/112/814109"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004290; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#un/13695_md/1/788/1401/25/339407"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004291; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sstoragert/linkqs.html#cl/19939_md/1/4441/3808/112/984664"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004292; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sstoragert/linkqs.html#un/19995_md/1/4542/3682/112/984664"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004293; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/y8s00no2bd1_ga/kixne21vb_4j0f.html?ptscli=7741c7addb4337204d524175486577ef"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004294; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ylffhg/redireck.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004295; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/authentifier-transcash.html"; http_uri; nocase; content:"suivi-coupon-recharge.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004296; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/usroutput/themeset1_2021-12-12-04-16-10/"; http_uri; nocase; content:"sunnylandingpages.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004297; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/usroutput/themeset1_2021-12-21-23-15-13/"; http_uri; nocase; content:"sunnylandingpages.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004298; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/usroutput/themeset1_2021-12-30-00-51-45/"; http_uri; nocase; content:"sunnylandingpages.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004299; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/adrian_ramos_superpark_com_hk/_layouts/15/wopiframe.aspx?guestaccesstoken=vofjngnui%2fslbameorlq62qlg8mcdnpo1dizu6i%2bc1m%3d&\;docid=1_124bbb2f682ca4c7daba6cec6ee34dfb9&\;wdformid=%7ba85c8abe%2d68be%2d43dd%2d91f3%2db397386186be%7d&\;action=formsubmit"; http_uri; nocase; content:"superpark-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004300; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/form/608bca7586919c70a2066ef7"; http_uri; nocase; content:"surveyheart.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004301; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/index.html"; http_uri; nocase; content:"swisscoat.com.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004302; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account"; http_uri; nocase; content:"synapse-project.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004303; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account/"; http_uri; nocase; content:"synapse-project.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004304; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/public/dapp"; http_uri; nocase; content:"synmultiwallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004305; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6b3rxfp90m"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004306; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8mptsau4zq?amp=1"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004307; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9ooxxstzmb?amp=1?trackingid=ftiikjly&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004308; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9ooxxstzmb?trackingid=lxr1lc3e&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004309; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=agbl0dxn&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004310; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=dhrt9pxv&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004311; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=mhrdlxok&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004312; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=s5kqcb1o&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004313; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=3pc2vgmn&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004314; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=n13hzxpy&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004315; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=ocfgjhka&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004316; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=ohj6ctus&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004317; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jcyrtlrlqf?trackingid=cp7bneii&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004318; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lkcd0mnequ"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004319; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/timonfvymu?trackingid=67yzc2bv&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004320; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/timonfvymu?trackingid=cybyidfp&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004321; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zrd6j5rq4u?amp=1"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004322; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/helton.law/outlook.office.com/"; http_uri; nocase; content:"tasteentertainment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004323; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/system32/procesosdeseguridadhb/170.51.165.16679791/agregar/telefono/contacto/logonoperacionservlet.html"; http_uri; nocase; content:"tecsuport.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200004324; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/03/blog-post_48.html"; http_uri; nocase; content:"telenorkandklimsupoort.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004325; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/form.htm"; http_uri; nocase; content:"thedigirocket.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004326; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/11/1/1and1/index.php"; http_uri; nocase; content:"thelibrarysamui.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004327; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/excel/view/"; http_uri; nocase; content:"thesil.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200004328; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ing587388"; http_uri; nocase; content:"tiny.one"; content:"Host"; http_header; classtype:attempted-recon; sid:200004329; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ing67454"; http_uri; nocase; content:"tiny.one"; content:"Host"; http_header; classtype:attempted-recon; sid:200004330; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ing74845"; http_uri; nocase; content:"tiny.one"; content:"Host"; http_header; classtype:attempted-recon; sid:200004331; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/reuswnzc"; http_uri; nocase; content:"tiny.one"; content:"Host"; http_header; classtype:attempted-recon; sid:200004332; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/48rzxpne"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004333; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/4wcw6fcu"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004334; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternet56"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004335; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/evyu688y"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004336; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nycgovtgrant"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004337; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/y8mcrhhp"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004338; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yxb48kqj"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004339; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yxry9vf5"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004340; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yyvm8qr5"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004341; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/truist.com/"; http_uri; nocase; content:"topearnersafrica.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004342; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/h/v6/link-track/1.0/1612678003989072-e5f6d8cc-499b-ea4f-85f1-8b23ad935661/1612677988/2f5895837f8d3f0a667c6b92ad41f652/8af273ac431e289838c8bf7c490185f3/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com"; http_uri; nocase; content:"tr.cloudmagic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004343; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/h/v6/link-track/1.0/1614590779401122-8e06125c-4b23-d643-3068-601cab9bec04/1614590763/2f5895837f8d3f0a667c6b92ad41f652/31367888a66bf6f98973a200c83075bb/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com"; http_uri; nocase; content:"tr.cloudmagic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004344; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/?bn=35405429\;cpdir=https://tmmny.csb.app/.wewrewew.ahr0chm6ly9pbnzlc3rpbmdpbmdvzc5vcmcvqvbjmjq3.yw1izxiuzml0dg9uqhnwyxjrlmnvlm56"; http_uri; nocase; content:"track.adform.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200004345; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/95b94cfd9684a57/"; http_uri; nocase; content:"tracking-posta.sk.dellcont.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200004346; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=1"; http_uri; nocase; content:"transcash-fr-v.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004347; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/webapp/tribratanews/public/js/hughesnet.com/index.php"; http_uri; nocase; content:"tribratanewsbondowoso.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004348; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/vgezk3"; http_uri; nocase; content:"tx.vc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004349; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/unrpgg"; http_uri; nocase; content:"u.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200004350; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wine"; http_uri; nocase; content:"umeacademy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004351; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wptracking/tracking2/tracking/tracking.php"; http_uri; nocase; content:"uniga.ac.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200004352; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/0lxgmv"; http_uri; nocase; content:"url.gratis"; content:"Host"; http_header; classtype:attempted-recon; sid:200004353; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hbah"; http_uri; nocase; content:"urlz.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004354; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kcornwall/email-verification/notice/account_login/login.html#accounting@utu.fi"; http_uri; nocase; content:"users.tpg.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200004355; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1pxak"; http_uri; nocase; content:"v.ht"; content:"Host"; http_header; classtype:attempted-recon; sid:200004356; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yogs"; http_uri; nocase; content:"v.ht"; content:"Host"; http_header; classtype:attempted-recon; sid:200004357; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/drupal-7.56/scripts/bp"; http_uri; nocase; content:"velvet.by"; content:"Host"; http_header; classtype:attempted-recon; sid:200004358; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/drupal-7.56/scripts/bp/"; http_uri; nocase; content:"velvet.by"; content:"Host"; http_header; classtype:attempted-recon; sid:200004359; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"vetrfedsonte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004360; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/03/blog-post.html"; http_uri; nocase; content:"viamobte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004361; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"vivaterouna.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004362; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?cc_key=&\;post=%7brandom_number_5%7d_1&\;to=http://18.118.206.123/index.php?key=%7brandom_letternumberuplow_5%7d,email=%7bemail%7d"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004363; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=1qg10"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004364; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=3efeh"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004365; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=cylqz"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004366; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dmyfj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004367; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dvexh"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004368; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=fhqja"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004369; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=g9dzz"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004370; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=qq74g"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004371; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=v0de0,email=kflove23@icloud.com&post=11981_1&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004372; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=zzbtj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004373; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=ccugr"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004374; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=mb1wu"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004375; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=meixj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004376; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=toboe"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004377; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=tyzud"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004378; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=u7tfm,email=resurgita@icloud.com&post=35252_1&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004379; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=v5t6m,email=robertgoby@icloud.com&post=24927_1&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004380; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=vgy1e"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004381; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=znbui"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004382; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2fhumanity06.com%2fwp-content%2fthemes%2fapi.html"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004383; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2frois-zkxzx.run.goorm.io/safe-browser/"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004384; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004385; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html&post=693378694_2&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004386; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https%3a%2f%2fmsq-health.com%2fimages%2fonehealth%2fsound%2faudio&post=696668869_2&cc_key=/odmibxru/tsiqjhleqcj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004387; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https%3a%2f%2fsapphireinternationalschool.com%2falbum%2fimages%2fsound%2faudio&post=690576696_17&cc_key=/lhgesiqipz/ksbqekez2fa"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004388; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://api.safebrowser-antidrop.com/ai.html?key=ppsyk"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004389; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://arroketainsificansion.com/r/cairdiembos"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004390; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://drmustafaalagamy.com/css/rajahutandil2"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004391; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://laprospergroup.com/wp-admin/assets/?key=8oyrd,email={email}"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004392; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://rendelparis.com/wp-admin/assets?key=isvbt,email={email}"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004393; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://sahara-distribution.com/wp-admin/dir"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004394; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=ibxa"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004395; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=ksor"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004396; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=lzqm"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004397; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=yihv"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004398; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.newlifenursery.com/assets/rdt.html?key=lwhi1"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004399; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8jdu/sb6/index.php?_&\;_"; http_uri; nocase; content:"wallieget.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004400; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8jdu/sb6/index.php?_&\;_&\;_"; http_uri; nocase; content:"wallieget.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004401; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/o2/a/f5s4y/0"; http_uri; nocase; content:"warriorplus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004402; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/upgrade/"; http_uri; nocase; content:"webmail.serviceunit.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200004403; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d"; http_uri; nocase; content:"webuyworkshopequipment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004404; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d/"; http_uri; nocase; content:"webuyworkshopequipment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004405; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_home"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004406; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_internet"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004407; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_service_alert."; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004408; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_teem"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004409; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_update"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004410; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_upgrade"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004411; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@btinternet"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004412; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96"; http_uri; nocase; content:"wvk12-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004413; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96"; http_uri; nocase; content:"wvk12-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004414; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fire/dhl/load.php?0=aw5mb0btzxrhbg9naxmuy29t&\;guce_referrer=ahr0chm6ly9sb2dpbi55ywhvby5jb20v&\;guce_referrer_sig=aqaaaba99nmgr9inqoyu5mi3asjqfyjcpatd_a8modgjxpnxynmo8n5zxdi8ezv7gfypzosc_rpmz0hyfdck0olmxnmb6tpfznd5enc"; http_uri; nocase; content:"znbint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004415; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kms8u47zlxwk"; http_uri; nocase; content:"zpr.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004416; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxvzwlcdizyq"; http_uri; nocase; content:"zpr.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004417; rev:1;)
|
|
|
|
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nckeqquhrpuf"; http_uri; nocase; content:"zpr.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004418; rev:1;)
|