alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Java Request to Afraid.org Top 100 Dynamic DNS Domain May 28 2013"; flow:to_server,established; content:"Java/1."; http_user_agent; pcre:"/^Host\x3a\x20[^\r\n]+\.(?:s(?:tr(?:eetdirectory\.co\.id|angled\.net)|(?:at(?:dv\.net|-dv)|vlen)\.ru(?:pacetechnology\.ne|oon\.i)t|hop\.tm|uka\.se)|c(?:(?:hickenkiller|rabdance)\.com|o(?:ntinent\.kz|alnet\.ru)|sproject\.org|c\.st|f\.gs)|m(?:i(?:ne(?:craftn(?:ation\.net|oob\.com)|\.bz)|l\.nf)|ooo\.(?:info|com)|adhacker\.biz)|t(?:h(?:emafia\.info|cgirls\.com)|wilightparadox\.com|ime4film\.ru|ruecsi\.org|28\.net)|a(?:(?:(?:vangardkennel|gropeople)\.r|buser\.e)u|ntongorbunov\.com|llowed\.org|x\.lt)|h(?:a(?:ck(?:quest\.com|ed\.jp)|ppyforever\.com)|ome(?:net\.or|\.k)g|-o-s-t\.name)|p(?:(?:rivatedns|sybnc|ort0|wnz)\.org|(?:hoto-frame|irat3)\.com|unked\.us)|i(?:n(?:fo\.(?:gf|tm)|c\.gs)|gnorelist\.com|iiii\.info|z\.rs)|b(?:i(?:gbox\.info|z\.tm)|yte4byte\.com|ot\.nu|rb\.dj)|d(?:earabba\.org|-n-s\.name|alnet\.ca|ynet\.com)|(?:w(?:ith-linux|hynotad)|3dxtras|ohbah)\.com|u(?:n(?:do\.it|i\.cx)|k\.(?:is|to)|s\.to)|v(?:(?:erymad\.ne|r\.l)t|ietnam\.ro)|r(?:o(?:ot\.sx|\.lt)|-o-o-t\.net)|n(?:eon\.org|ow\.im|a\.tl|x\.tc)|j(?:umpingcrab\.com|avafaq\.nu)|f(?:(?:art|ram)ed\.net|tp\.sh)|(?:k(?:ir22\.r|\.v)|69\.m)u|l(?:inux[dx]\.org|eet\.la)|e(?:vils\.in|z\.lv)|(?:24-7\.r|qc\.t)o|(?:55|gw)\.lt|1337\.cx)(\x3a\d{1,5})?\r$/Hmi"; metadata: former_category HUNTING; classtype:bad-unknown; sid:2016933; rev:5; metadata:created_at 2013_05_28, updated_at 2013_05_28;)

Added 2019-10-09 19:08:49 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Java Request to Afraid.org Top 100 Dynamic DNS Domain May 28 2013"; flow:to_server,established; content:"Java/1."; http_user_agent; pcre:"/^Host\x3a\x20[^\r\n]+\.(?:s(?:tr(?:eetdirectory\.co\.id|angled\.net)|(?:at(?:dv\.net|-dv)|vlen)\.ru(?:pacetechnology\.ne|oon\.i)t|hop\.tm|uka\.se)|c(?:(?:hickenkiller|rabdance)\.com|o(?:ntinent\.kz|alnet\.ru)|sproject\.org|c\.st|f\.gs)|m(?:i(?:ne(?:craftn(?:ation\.net|oob\.com)|\.bz)|l\.nf)|ooo\.(?:info|com)|adhacker\.biz)|t(?:h(?:emafia\.info|cgirls\.com)|wilightparadox\.com|ime4film\.ru|ruecsi\.org|28\.net)|a(?:(?:(?:vangardkennel|gropeople)\.r|buser\.e)u|ntongorbunov\.com|llowed\.org|x\.lt)|h(?:a(?:ck(?:quest\.com|ed\.jp)|ppyforever\.com)|ome(?:net\.or|\.k)g|-o-s-t\.name)|p(?:(?:rivatedns|sybnc|ort0|wnz)\.org|(?:hoto-frame|irat3)\.com|unked\.us)|i(?:n(?:fo\.(?:gf|tm)|c\.gs)|gnorelist\.com|iiii\.info|z\.rs)|b(?:i(?:gbox\.info|z\.tm)|yte4byte\.com|ot\.nu|rb\.dj)|d(?:earabba\.org|-n-s\.name|alnet\.ca|ynet\.com)|(?:w(?:ith-linux|hynotad)|3dxtras|ohbah)\.com|u(?:n(?:do\.it|i\.cx)|k\.(?:is|to)|s\.to)|v(?:(?:erymad\.ne|r\.l)t|ietnam\.ro)|r(?:o(?:ot\.sx|\.lt)|-o-o-t\.net)|n(?:eon\.org|ow\.im|a\.tl|x\.tc)|j(?:umpingcrab\.com|avafaq\.nu)|f(?:(?:art|ram)ed\.net|tp\.sh)|(?:k(?:ir22\.r|\.v)|69\.m)u|l(?:inux[dx]\.org|eet\.la)|e(?:vils\.in|z\.lv)|(?:24-7\.r|qc\.t)o|(?:55|gw)\.lt|1337\.cx)(\x3a\d{1,5})?\r$/Hmi"; classtype:bad-unknown; sid:2016933; rev:5; metadata:created_at 2013_05_28, updated_at 2013_05_28;)

Added 2018-09-13 19:47:02 UTC


Added 2018-09-13 17:57:41 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Java Request to Afraid.org Top 100 Dynamic DNS Domain May 28 2013"; flow:to_server,established; content:"Java/1."; http_user_agent; pcre:"/^Host\x3a\x20[^\r\n]+\.(?:s(?:tr(?:eetdirectory\.co\.id|angled\.net)|(?:at(?:dv\.net|-dv)|vlen)\.ru(?:pacetechnology\.ne|oon\.i)t|hop\.tm|uka\.se)|c(?:(?:hickenkiller|rabdance)\.com|o(?:ntinent\.kz|alnet\.ru)|sproject\.org|c\.st|f\.gs)|m(?:i(?:ne(?:craftn(?:ation\.net|oob\.com)|\.bz)|l\.nf)|ooo\.(?:info|com)|adhacker\.biz)|t(?:h(?:emafia\.info|cgirls\.com)|wilightparadox\.com|ime4film\.ru|ruecsi\.org|28\.net)|a(?:(?:(?:vangardkennel|gropeople)\.r|buser\.e)u|ntongorbunov\.com|llowed\.org|x\.lt)|h(?:a(?:ck(?:quest\.com|ed\.jp)|ppyforever\.com)|ome(?:net\.or|\.k)g|-o-s-t\.name)|p(?:(?:rivatedns|sybnc|ort0|wnz)\.org|(?:hoto-frame|irat3)\.com|unked\.us)|i(?:n(?:fo\.(?:gf|tm)|c\.gs)|gnorelist\.com|iiii\.info|z\.rs)|b(?:i(?:gbox\.info|z\.tm)|yte4byte\.com|ot\.nu|rb\.dj)|d(?:earabba\.org|-n-s\.name|alnet\.ca|ynet\.com)|(?:w(?:ith-linux|hynotad)|3dxtras|ohbah)\.com|u(?:n(?:do\.it|i\.cx)|k\.(?:is|to)|s\.to)|v(?:(?:erymad\.ne|r\.l)t|ietnam\.ro)|r(?:o(?:ot\.sx|\.lt)|-o-o-t\.net)|n(?:eon\.org|ow\.im|a\.tl|x\.tc)|j(?:umpingcrab\.com|avafaq\.nu)|f(?:(?:art|ram)ed\.net|tp\.sh)|(?:k(?:ir22\.r|\.v)|69\.m)u|l(?:inux[dx]\.org|eet\.la)|e(?:vils\.in|z\.lv)|(?:24-7\.r|qc\.t)o|(?:55|gw)\.lt|1337\.cx)(\x3a\d{1,5})?\r$/Hmi"; classtype:bad-unknown; sid:2016933; rev:5; metadata:created_at 2013_05_28, updated_at 2013_05_28;)

Added 2017-08-07 21:10:45 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS Java Request to Afraid.org Top 100 Dynamic DNS Domain May 28 2013"; flow:to_server,established; content:"Java/1."; http_user_agent; pcre:"/^Host\x3a\x20[^\r\n]+\.(?:s(?:tr(?:eetdirectory\.co\.id|angled\.net)|(?:at(?:dv\.net|-dv)|vlen)\.ru(?:pacetechnology\.ne|oon\.i)t|hop\.tm|uka\.se)|c(?:(?:hickenkiller|rabdance)\.com|o(?:ntinent\.kz|alnet\.ru)|sproject\.org|c\.st|f\.gs)|m(?:i(?:ne(?:craftn(?:ation\.net|oob\.com)|\.bz)|l\.nf)|ooo\.(?:info|com)|adhacker\.biz)|t(?:h(?:emafia\.info|cgirls\.com)|wilightparadox\.com|ime4film\.ru|ruecsi\.org|28\.net)|a(?:(?:(?:vangardkennel|gropeople)\.r|buser\.e)u|ntongorbunov\.com|llowed\.org|x\.lt)|h(?:a(?:ck(?:quest\.com|ed\.jp)|ppyforever\.com)|ome(?:net\.or|\.k)g|-o-s-t\.name)|p(?:(?:rivatedns|sybnc|ort0|wnz)\.org|(?:hoto-frame|irat3)\.com|unked\.us)|i(?:n(?:fo\.(?:gf|tm)|c\.gs)|gnorelist\.com|iiii\.info|z\.rs)|b(?:i(?:gbox\.info|z\.tm)|yte4byte\.com|ot\.nu|rb\.dj)|d(?:earabba\.org|-n-s\.name|alnet\.ca|ynet\.com)|(?:w(?:ith-linux|hynotad)|3dxtras|ohbah)\.com|u(?:n(?:do\.it|i\.cx)|k\.(?:is|to)|s\.to)|v(?:(?:erymad\.ne|r\.l)t|ietnam\.ro)|r(?:o(?:ot\.sx|\.lt)|-o-o-t\.net)|n(?:eon\.org|ow\.im|a\.tl|x\.tc)|j(?:umpingcrab\.com|avafaq\.nu)|f(?:(?:art|ram)ed\.net|tp\.sh)|(?:k(?:ir22\.r|\.v)|69\.m)u|l(?:inux[dx]\.org|eet\.la)|e(?:vils\.in|z\.lv)|(?:24-7\.r|qc\.t)o|(?:55|gw)\.lt|1337\.cx)(\x3a\d{1,5})?\r$/Hmi"; classtype:bad-unknown; sid:2016933; rev:5;)

Added 2014-07-22 18:37:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS SUSPICIOUS Java Request to Afraid.org Top 100 Dynamic DNS Domain May 28 2013"; flow:to_server,established; content:" Java/1."; http_header; pcre:"/^Host\x3a\x20[^\r\n]+\.(?:s(?:tr(?:eetdirectory\.co\.id|angled\.net)|h(?:(?:ell|it)\.la|op\.tm)|pacetechnology\.net|(?:at-dv|vlen)\.ru|exypenguins\.com)|t(?:h(?:emafia\.info|cgirls\.com)|wilightparadox\.com|ime4film\.ru|ruecsi\.org|28\.net|ang\.la)|h(?:a(?:ck(?:-inter\.net|ed\.jp)|ppyforever\.com)|ome(?:net\.or|\.k)g|-o-s-t\.name|4ck\.la)|a(?:(?:mursk-rayon|gropeople)\.ru|n(?:tongorbunov|ydns)\.com|llowed\.org|rmed\.us|x\.lt)|c(?:(?:hickenkiller|rabdance)\.com|o(?:ntinent\.kz|alnet\.ru)|sproject\.org|n\.mu)|m(?:a(?:dhacker\.biz|idlab\.jp)|ooo\.(?:info|com)|3th\.org|ine\.bz)|b(?:i(?:gbox\.info|z\.tm)|yte4byte\.com|ot\.nu|rb\.dj|d\.to)|l(?:inux(?:(?:secured|maniac)\.net|d\.org)|(?:amer|eet)\.la)|i(?:(?:gnorelist\.co|nfo\.t)m|z(?:vor\.ru|\.rs)|iiii\.info)|p(?:(?:rivatedns|sybnc|ort0|wnz)\.org|irat3\.com|unked\.us)|r(?:o(?:cketcat\.info|\.lt)|-o-o-t\.net|00t\.la)|k(?:(?:ir22\.r|\.v)u|urstenge\.kz|eren\.la)|d(?:earabba\.org|-n-s\.name|alnet\.ca)|n(?:a(?:ken\.net|\.tl)|ow\.im|x\.tc)|v(?:(?:erymad\.ne|r\.l)t|ietnam\.ro)|j(?:umpingcrab\.com|avafaq\.nu)|u(?:n(?:do\.it|i\.cx)|[ks]\.to)|f(?:(?:art|ram)ed\.net|tp\.sh)|(?:whynotad|3dxtras)\.com|(?:zvezdaringa\.r|69\.m)u|e(?:vils\.in|z\.lv)|(?:55|gw)\.lt|qc\.to)(\x3a\d{1,5})?\r$/Hmi"; classtype:bad-unknown; sid:2016933; rev:1;)

Added 2013-05-28 21:46:41 UTC



This topic: Main > 2016933
Topic revision: r1 - 2019-10-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats