ET PHISHING Exfil to FormSpark Form from Netlify

SID: 2066744Rev: 10 views
Sourceet/open
CreatedJanuary 14, 2026
UpdatedJanuary 14, 2026
Classificationcredential-theft
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Exfil to FormSpark Form from Netlify"; flow:established,to_client; http.stat_code; content:"302"; http.location; content:"submitted.formspark.io?_formId="; fast_pattern; content:"&_referer="; distance:0; content:".netlify.app"; distance:0; classtype:credential-theft; sid:2066744; rev:1; metadata:created_at 2026_01_14, signature_severity Unknown, updated_at 2026_01_14;)

Metadata

created at2026_01_14
signature severityUnknown
updated at2026_01_14

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!