50 Recent Changes in Main Web retrieved at 15:57 (GMT)

#alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Potential Zeus Binary Download Specific PE Sections Structure`; flow:established,to ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Lyposit Ransomware Checkin 1`; flow:established,to server; content:`GET`; nocase; http method ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Sweet Orange Landing Page May 16 2013`; flow:established,from server; file data; content ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Unknown MM Java Exploit cee.jar`; flow:established,to server; content:`/cee.jar`; ...

#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET DELETED Unknown Trojan POST`; flow:established,to server; content:`POST`; http method; content:`Content ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Variant.Zusy.45802 Checkin`; flow:to server,established; content:`.php?uid `; fast pattern:only ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS SofosFO/NeoSploit possible second stage landing page (1)`; flow:established,to server ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Sweet Orange applet with obfuscated URL April 01 2013`; flow:established,from server; ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Generic POST To .php w/Extended ASCII Characters`; flow:established,to server; content:`POST ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET TROJAN W32/Pushdo CnC Server Fake JPEG Response`; flow:established,to client; file data; content:` Added ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET POLICY Android Dalvik Executable File Download`; flow:established,to client; file data; content:`dex ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET TROJAN Embedded ZIP/APK File With Fake Windows Executable Header Possible AV Bypass Attempt`; flow ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET TROJAN Embedded Android Dalvik Executable File With Fake Windows Executable Header Possible AV Bypass ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Possible Neutrino EK Posting Plugin Detect Data May 15 2013`; flow:established,to server ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Sakura obfuscated javascript May 10 2013`; flow:established,from server; file data; content ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Unknown Ransomware`; flow:established,from server; file data; content:`ingdx.htmA{ip} ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Neutrino EK Plugin Detect April 12 2013`; flow:established,from server; file data; content ...

My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...

alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET TROJAN Possible Linux/Cdorked.A CnC`; flow:established,to server; content:`/favicon.iso?`; fast pattern ...

alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET CURRENT EVENTS BlackHole Java Exploit Artifact`; flow:established,to server; content:`/hw.class` ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET INFO Possible Chrome Plugin install`; flow:to server,established; content:` 2f crx 2f blobs`; http uri ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET INFO Possible Firefox Plugin install`; flow:to server,established; content:`.xpi`; http uri; nocase; ...

alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SERVER HTTPing Usage Inbound`; flow:established,to server; content:`User Agent 3a 20 HTTPing ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Trojan Downloader.Win32.AutoIt.mj Checkin`; flow:established,to server; content:`GET`; http method ...

alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SERVER ColdFusion scheduleedit access`; flow:established,to server; content:`/CFIDE/administrator ...

alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SERVER ColdFusion scheduletasks access`; flow:established,to server; content:`/CFIDE/administrator ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Possible Redkit 1 4 char JNLP request `; flow:established,to server; content:`.jnlp ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Redkit Jar Naming Pattern March 03 2013`; flow:established,to server; content:`.jar`; ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN WEBC2 RAVE UA`; flow:established,to server; content:`User Agent 3a HTTP Mozilla/5.0(compatible ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Win32/Tosct.B UA Mandiant APT1 Related`; flow:established,to server; content:`User Agent 3a 20 ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Outdated Mac Flash Version`; flow:established,to server; content:`x flash version 3a 20 `; http ...

My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...

alert tcp any any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SERVER ColdFusion path disclosure to get the absolute path`; flow:established,to server; content:`GET ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS FlimKit Landing`; flow:established,from server; file data; content:`jnlp embedded`; nocase ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS FlimKit hex.zip Java Downloading Jar`; flow:established,to server; content:` Java/1.` ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET MALWARE Alina User Agent(Alina)`; flow: established,to server; content:`POST`; nocase; http method; content ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET MALWARE Alina Checkin`; flow: established,to server; content:`POST`; nocase; http method; content:`.php ...

My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...

My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...

This is a subscription service to be automatically notified by e mail when topics change in this Main web. This is a convenient service, so you do not have ...

alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SERVER ColdFusion password.properties access`; flow:established,to server; content:`GET`; http ...

alert tcp $EXTERNAL NET any $HOME NET 25 (msg:`ET EXPLOIT Exim/Dovecot Possible MAIL FROM Command Execution`; flow:to server,established; content:`${IFS}`; fast ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS IE HTML TIME ANIMATECOLOR with eval as seen in unknown EK`; flow:established,from server ...

##alert tcp $HOME NET any $EXTERNAL NET 443 (msg:`ET DELETED Win32.Inject.ajq Initial Checkin to CnC packet 2 port 443`; flow:established,to server; content:` 07 ...

alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Unknown EK Requesting Jar`; flow:established,to server; content:`/j21.jar`; http uri; content ...

alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CVE 2013 2423 IVKM PoC Seen in Unknown EK`; flow:to client,established; content:`Union1.class ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Injection var j 0`; flow:established,to client; file data; content:`00 3a 00 3a 00 3b ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Unknown Checkin`; flow:established,to server; content:`POST`; http method; pcre:`/\/ a z \/$/Ui ...

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Unknown EK Requsting Payload`; flow:established,to server; content:`/FlashPlayer.cpl` ...

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET INFO Suspicious Possible CollectGarbage in base64 3`; flow:established,from server; file data; content ...