Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Paypal Phishing Landing Jun 28 2017"; flow:established,to_client; http.stat_code; content:"200"; http.header; content:!"https://*.paypal.com"; http.content_type; content:"text/html"; startswith; file.data; content:"<title>"; content:"|26 23|x50|3b 26 23|x61|3b 26 23|x79|3b 26 23|x50|3b 26 23|x61|3b 26 23|x6C|3b|"; fast_pattern; within:50; content:"</title>"; distance:0; classtype:social-engineering; sid:2025660; rev:5; metadata:attack_target Client_Endpoint, created_at 2017_06_28, deployment Perimeter, confidence Medium, signature_severity Minor, tag Phishing, updated_at 2022_04_18;)