AT related malicious URL (paylessmini .com/kpk/boxMrenewal .php?rand=13InboxLightaspxn .1774256418&fid .4 .1252899642&fid=1&fav .1&rand .13InboxLight .aspxn .1774256418&fid .1252899642&fid .1&fav .1&email=bWFyaW9wcm9AN2Q1OGNmMjI1ZDkwMWI0MjE3MWU4OWMwYjZmOTlhM2NmZjNjLmNvbQ==& .rand=13InboxLight .aspx?n=1774256418&fid=4)

SID: 6000855Rev: 20 views
Sourcejulioliraup/antiphishing
CreatedMay 22, 2026
UpdatedMay 22, 2026
Classificationsocial-engineering
alert http $HOME_NET any -> any any (msg:"AT related malicious URL (paylessmini .com/kpk/boxMrenewal .php?rand=13InboxLightaspxn .1774256418&fid .4 .1252899642&fid=1&fav .1&rand .13InboxLight .aspxn .1774256418&fid .1252899642&fid .1&fav .1&email=bWFyaW9wcm9AN2Q1OGNmMjI1ZDkwMWI0MjE3MWU4OWMwYjZmOTlhM2NmZjNjLmNvbQ==& .rand=13InboxLight .aspx?n=1774256418&fid=4)"; flow:established,to_server; http.uri; content:"/kpk/boxMrenewal.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=bWFyaW9wcm9AN2Q1OGNmMjI1ZDkwMWI0MjE3MWU4OWMwYjZmOTlhM2NmZjNjLmNvbQ==&.rand=13InboxLight.aspx?n=1774256418&fid=4"; startswith; fast_pattern; http.host; content:"paylessmini.com"; endswith; reference:url,openphish.com; reference:url,github.com/julioliraup/Antiphishing; reference:url,julioliraup.github.io/ET/signature.html?sid=6000855; classtype:social-engineering; sid:6000855; rev:2; metadata:signature_severity Major, created_et 2026_05_10, updated_et 2025_05_11;)

References

urlopenphish.com
urlgithub.com/julioliraup/Antiphishing
urljulioliraup.github.io/ET/signature.html?sid=6000855

Metadata

signature severityMajor
created et2026_05_10
updated et2025_05_11

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!