AT related malicious URL (primes.app.bill.serv.0auth.pymnt.129-121-85-54.cpanel.site/etmin/desktop)
Sourcejulioliraup/antiphishing
Fileantiphishing.rules
CreatedJuly 4, 2026
UpdatedJuly 4, 2026
Classificationsocial-engineering
alert http $HOME_NET any -> any any (msg:"AT related malicious URL (primes.app.bill.serv.0auth.pymnt.129-121-85-54.cpanel.site/etmin/desktop)"; flow:established,to_server ; http.uri; content:"/etmin/desktop"; startswith; fast_pattern; http.host; content:"primes.app.bill.serv.0auth.pymnt.129-121-85-54.cpanel.site"; endswith; reference:url,openphish.com ; reference:url,julioliraup.github.io/AT/signature.html?sid=6017548 ; classtype:social-engineering; sid:6017548; rev:1; metadata:signature_severity Major, created_et 2026_07_04;)
References
Metadata
signature severityMajor
created et2026_07_04
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!