alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING Possible Phishing Page - Page Saved with SingleFile Extension"; flow:established,to_client; file.data; content:"Page saved with SingleFile"; fast_pattern; content:"|0d 0a 20|url|3a 20|"; distance:0; content:"|0d 0a 20|saved date|3a 20|"; distance:0; reference:url,chrome.google.com/webstore/detail/singlefile/mpiodijhokgodhhofbcjdecpffjipkle?hl=en; classtype:misc-activity; sid:2032082; rev:3; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2021_03_16, deployment Perimeter, confidence Low, signature_severity Critical, tag Phishing, updated_at 2024_01_23, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing;)