alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Mailbox Phishing Landing 2018-01-29"; flow:established,to_client; file_data; content:"document.write(unescape"; nocase; fast_pattern; content:"3C%74%69%74%6C%65%3E%26%23%33%37%30%33%38%3B%26%23%32%30%32%31%34%3B%26%23%33%35%37%37%34%3B%26%23%33%32%36%32%32%3B"; nocase; distance:0; classtype:social-engineering; sid:2025255; rev:2; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2018_01_26, deployment Perimeter, confidence Medium, signature_severity Minor, tag Phishing, updated_at 2019_07_26;)