#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Styx Exploit Kit Landing"; flow:established,to_server; urilen:7; content:"/i.html"; http_uri; depth:7; fast_pattern; content:"Referer|3a| "; http_header; content:!"|0d 0a|"; http_header; within:100; content:"|0d 0a|"; distance:0; http_header; classtype:bad-unknown; sid:2014171; rev:5; metadata:created_at 2012_01_31, updated_at 2012_01_31;)

Added 2017-08-07 21:07:30 UTC


##alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Styx Exploit Kit Landing"; flow:established,to_server; urilen:7; content:"/i.html"; http_uri; depth:7; fast_pattern; content:"Referer|3a| "; http_header; content:!"|0d 0a|"; http_header; within:100; content:"|0d 0a|"; distance:0; http_header; classtype:bad-unknown; sid:2014171; rev:5;)

Added 2015-07-08 23:54:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Styx Exploit Kit Landing"; flow:established,to_server; urilen:7; content:"/i.html"; http_uri; depth:7; fast_pattern; content:"Referer|3a| "; http_header; content:!"|0d 0a|"; http_header; within:100; content:"|0d 0a|"; distance:0; http_header; classtype:bad-unknown; sid:2014171; rev:5;)

Added 2013-01-04 18:08:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Suspicious HTTP Request to .*kwik.to/i.html"; flow:established,to_server; content:"kwik.to|0d 0a|"; http_header; content:"/i.html"; http_uri; depth:7; fast_pattern; classtype:bad-unknown; sid:2014171; rev:2;)

Added 2012-01-30 23:37:11 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats