alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING Generic Survey Credential Phish Landing Page 2024-06-12"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/payment/"; nocase; content:"&tikpixel="; distance:0; nocase; content:"&fbpixel="; distance:0; nocase; content:"&prodtext="; distance:0; fast_pattern; nocase; classtype:credential-theft; sid:2053470; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_06_12, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Phishing, updated_at 2024_06_12, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing;)