alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING Phishing Landing via Tripod.com (set) 2016-03-31"; flow:to_server,established; flowbits:set,ET.tripod.phish; flowbits:noalert; http.method; content:"GET"; http.header; content:"tripod.com|0d 0a|"; fast_pattern; classtype:social-engineering; sid:2032012; rev:4; metadata:attack_target Client_Endpoint, created_at 2016_03_31, deployment Perimeter, confidence Medium, signature_severity Major, tag Phishing, updated_at 2020_07_20;)