alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Generic Credential Phish Landing Page 2025-02-10"; flow:established,to_client; http.stat_code; content:"302"; http.location; content:"captcha"; content:"lovable.app/"; distance:0; endswith; fast_pattern; reference:url,lovable.dev; classtype:credential-theft; sid:2059979; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_02_07, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag Phishing, updated_at 2025_02_10;)