AT related malicious URL (netflx.bill.updt.paymt.0auth.129-121-102-155.cpanel.site/secure-3/loginbaru?auth_max_open=0&ref=C88Cfcqb1jrLUrY8onDXYH1Sthjk9FiF8GrinThIOLz4JKHbwmRjpfNADJQ2VTYkv7JxYqYnYZLeGqrRxwYPV2hGTWB1O87ztBdh)

SID: 6003513Rev: 10 views
Sourcejulioliraup/antiphishing
CreatedMay 22, 2026
UpdatedMay 22, 2026
Classificationsocial-engineering
alert http $HOME_NET any -> any any (msg:"AT related malicious URL (netflx.bill.updt.paymt.0auth.129-121-102-155.cpanel.site/secure-3/loginbaru?auth_max_open=0&ref=C88Cfcqb1jrLUrY8onDXYH1Sthjk9FiF8GrinThIOLz4JKHbwmRjpfNADJQ2VTYkv7JxYqYnYZLeGqrRxwYPV2hGTWB1O87ztBdh)"; flow:established,to_server; http.uri; content:"/secure-3/loginbaru?auth_max_open=0&ref=C88Cfcqb1jrLUrY8onDXYH1Sthjk9FiF8GrinThIOLz4JKHbwmRjpfNADJQ2VTYkv7JxYqYnYZLeGqrRxwYPV2hGTWB1O87ztBdh"; startswith; fast_pattern; http.host; content:"netflx.bill.updt.paymt.0auth.129-121-102-155.cpanel.site"; endswith; reference:url,openphish.com; reference:url,julioliraup.github.io/ET/signature.html?sid=6003513; classtype:social-engineering; sid:6003513; rev:1; metadata:signature_severity Major, created_et 2026_05_19;)

References

urlopenphish.com
urljulioliraup.github.io/ET/signature.html?sid=6003513

Metadata

signature severityMajor
created et2026_05_19

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!