alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 1"; flow:to_server,established; content:"Java/1."; http_user_agent; pcre:"/^Host\:[^\r\n]+?\.(?:c(?:o(?:l(?:leg(?:e(?:(?:confidential|-station|prowler)\.net|s?explained\.com)|iate(?:explained|info)\.com)|(?:o(?:rado-springs-jobs|nexplained)|umnexplore)\.com)|m(?:p(?:uter(?:explained\.com|themes\.net)|assiondefinition\.com)|m(?:oditylingerie|unesinfo|ercekid)\.com)|n(?:ce(?:rtparis\.net|ptsets\.com)|trolwedding\.com)|(?:(?:rnell|upon)explained|peguide)\.com|7\.us)|a(?:(?:(?:mpaign|talog|det)explained|n(?:cersexplained|adadaycore)|p(?:itali[sz]eguide|ricornhi)|b(?:leexplained|indynamic))\.com|r(?:(?:tograph(?:yanalysis|erwhat)|cinomas?explained|scratch-remover|eblack)\.com|insurance-compare\.net)|ce\.us)|h(?:(?:a(?:r(?:med-episodes|les-proxy|tpixel)|p(?:elsinfo|terball)|nnelexplained)|ristmas(?:gift-ideas|motion)|inesenewyearboom|eckingwatch)\.com|(?:orizo|urros)\.es)|(?:e(?:l(?:lularexplained|iac-diet)|ntigrade(?:explained|info))|(?:li(?:nical|ck)|ustomized)explained|r(?:uiseshipdating|iticsmart)|pu-benchmark|nc-cs)\.com|8\.biz|z\.cc)|a(?:(?:ll(?:about(?:(?:(?:collegi|gradu)at|yal)e|s(?:eminary|tudent)|(?:facul|varsi)ty|bestsellers|academic|teaching|harvard|ucla|pro)|babyours)|n(?:(?:tipodesbi|alyzelan)d|onymous-film)|(?:mericas-nexttopmode|gentsbal)l|r(?:chitectureice|lingtonwriter)|c(?:ademicexplaine|tionmo)d|ero(?:flotinfo|bicfund))\.com|u(?:(?:toma(?:tedexplained|kers24)|stralia-airlines|xiliaryverb)\.com|di(?:t(?:jewellery\.com|report\.net)|o-planet\.com))|p(?:(?:rilfools(?:hotel|spin)|ple-airport)\.com|[fh]i\.biz)|ir(?:(?:bnb-coupon|waysinfo)\.com|portshuttleseattle\.net)|v(?:enue(?:domain|hello)\.com|li\.biz)|\.e\.gy)|b(?:(?:a(?:c(?:helorexplained|kpackscope)|by(?:online-shop|revision)|(?:rcelonarea|ggagecoo)l|s(?:icexplained|escope)|ttle-field-3)|e(?:(?:st-hoteldeal|er-calorie|t-award)s|nefitexplained)|u(?:y-invite|dgetyep)|logger-com)\.com|r(?:(?:o(?:adbandinternet-providers|king(?:explained|guide))|unomarsalbum|yan-college)\.com|ea(?:st(?:cancertattoos\.net|explained\.com)|dmachine-recipes\.com))|o(?:(?:(?:om(?:ing|s)|nd)explained|tany(?:explained|info)|dybuildingdomains|rrowings?24)\.com|stoncolleges\.net)|irthcertificatetemplate\.net|3g\.biz)|d(?:e(?:(?:(?:(?:benture|posit)explaine|alershipislan)d|n(?:guefevertreatment|verhowto)|ductguide|veloptea)\.com|(?:xterstreaming|ciduoustrees)\.net)|o(?:(?:ctorate(?:s?explained|info)|llar-converter|gwalking-jobs|texplained|mainsknow)\.com|wnload(?:starcraft|-films|ubuntu)\.net)|(?:a(?:ncecentralsonglist|rtmouthexplained)|na-replication|hcp-server|vd-codec|rivewww)\.com|i(?:(?:s(?:count|ease)explained|nnerparty-recipes|walifile)\.com|rect-golf\.net))|e(?:(?:a(?:r(?:fulexplained|th-clinic)|sy(?:-costumes|repayment))|conomic(?:save|24))\.com|\.gy)|4(?:(?:4qs|h5)\.com|[jp]\.org|ql\.biz)|3(?:vt\.info|gb\.biz|q\.org)|2(?:eat\.com|sf\.biz|u\.se)|8(?:c1\.net|x\.biz)|7(?:c\.org|p\.biz)|11r\.(?:biz|us))(\x3a\d{1,5})?\r?$/Hmi"; metadata: former_category HUNTING; classtype:bad-unknown; sid:2017457; rev:3; metadata:created_at 2013_09_13, updated_at 2013_09_13;)

Added 2019-10-09 19:08:50 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 1"; flow:to_server,established; content:"Java/1."; http_user_agent; pcre:"/^Host\:[^\r\n]+?\.(?:c(?:o(?:l(?:leg(?:e(?:(?:confidential|-station|prowler)\.net|s?explained\.com)|iate(?:explained|info)\.com)|(?:o(?:rado-springs-jobs|nexplained)|umnexplore)\.com)|m(?:p(?:uter(?:explained\.com|themes\.net)|assiondefinition\.com)|m(?:oditylingerie|unesinfo|ercekid)\.com)|n(?:ce(?:rtparis\.net|ptsets\.com)|trolwedding\.com)|(?:(?:rnell|upon)explained|peguide)\.com|7\.us)|a(?:(?:(?:mpaign|talog|det)explained|n(?:cersexplained|adadaycore)|p(?:itali[sz]eguide|ricornhi)|b(?:leexplained|indynamic))\.com|r(?:(?:tograph(?:yanalysis|erwhat)|cinomas?explained|scratch-remover|eblack)\.com|insurance-compare\.net)|ce\.us)|h(?:(?:a(?:r(?:med-episodes|les-proxy|tpixel)|p(?:elsinfo|terball)|nnelexplained)|ristmas(?:gift-ideas|motion)|inesenewyearboom|eckingwatch)\.com|(?:orizo|urros)\.es)|(?:e(?:l(?:lularexplained|iac-diet)|ntigrade(?:explained|info))|(?:li(?:nical|ck)|ustomized)explained|r(?:uiseshipdating|iticsmart)|pu-benchmark|nc-cs)\.com|8\.biz|z\.cc)|a(?:(?:ll(?:about(?:(?:(?:collegi|gradu)at|yal)e|s(?:eminary|tudent)|(?:facul|varsi)ty|bestsellers|academic|teaching|harvard|ucla|pro)|babyours)|n(?:(?:tipodesbi|alyzelan)d|onymous-film)|(?:mericas-nexttopmode|gentsbal)l|r(?:chitectureice|lingtonwriter)|c(?:ademicexplaine|tionmo)d|ero(?:flotinfo|bicfund))\.com|u(?:(?:toma(?:tedexplained|kers24)|stralia-airlines|xiliaryverb)\.com|di(?:t(?:jewellery\.com|report\.net)|o-planet\.com))|p(?:(?:rilfools(?:hotel|spin)|ple-airport)\.com|[fh]i\.biz)|ir(?:(?:bnb-coupon|waysinfo)\.com|portshuttleseattle\.net)|v(?:enue(?:domain|hello)\.com|li\.biz)|\.e\.gy)|b(?:(?:a(?:c(?:helorexplained|kpackscope)|by(?:online-shop|revision)|(?:rcelonarea|ggagecoo)l|s(?:icexplained|escope)|ttle-field-3)|e(?:(?:st-hoteldeal|er-calorie|t-award)s|nefitexplained)|u(?:y-invite|dgetyep)|logger-com)\.com|r(?:(?:o(?:adbandinternet-providers|king(?:explained|guide))|unomarsalbum|yan-college)\.com|ea(?:st(?:cancertattoos\.net|explained\.com)|dmachine-recipes\.com))|o(?:(?:(?:om(?:ing|s)|nd)explained|tany(?:explained|info)|dybuildingdomains|rrowings?24)\.com|stoncolleges\.net)|irthcertificatetemplate\.net|3g\.biz)|d(?:e(?:(?:(?:(?:benture|posit)explaine|alershipislan)d|n(?:guefevertreatment|verhowto)|ductguide|veloptea)\.com|(?:xterstreaming|ciduoustrees)\.net)|o(?:(?:ctorate(?:s?explained|info)|llar-converter|gwalking-jobs|texplained|mainsknow)\.com|wnload(?:starcraft|-films|ubuntu)\.net)|(?:a(?:ncecentralsonglist|rtmouthexplained)|na-replication|hcp-server|vd-codec|rivewww)\.com|i(?:(?:s(?:count|ease)explained|nnerparty-recipes|walifile)\.com|rect-golf\.net))|e(?:(?:a(?:r(?:fulexplained|th-clinic)|sy(?:-costumes|repayment))|conomic(?:save|24))\.com|\.gy)|4(?:(?:4qs|h5)\.com|[jp]\.org|ql\.biz)|3(?:vt\.info|gb\.biz|q\.org)|2(?:eat\.com|sf\.biz|u\.se)|8(?:c1\.net|x\.biz)|7(?:c\.org|p\.biz)|11r\.(?:biz|us))(\x3a\d{1,5})?\r?$/Hmi"; classtype:bad-unknown; sid:2017457; rev:3; metadata:created_at 2013_09_13, updated_at 2013_09_13;)

Added 2018-09-13 19:47:42 UTC


Added 2018-09-13 17:58:02 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 1"; flow:to_server,established; content:"Java/1."; http_user_agent; pcre:"/^Host\:[^\r\n]+?\.(?:c(?:o(?:l(?:leg(?:e(?:(?:confidential|-station|prowler)\.net|s?explained\.com)|iate(?:explained|info)\.com)|(?:o(?:rado-springs-jobs|nexplained)|umnexplore)\.com)|m(?:p(?:uter(?:explained\.com|themes\.net)|assiondefinition\.com)|m(?:oditylingerie|unesinfo|ercekid)\.com)|n(?:ce(?:rtparis\.net|ptsets\.com)|trolwedding\.com)|(?:(?:rnell|upon)explained|peguide)\.com|7\.us)|a(?:(?:(?:mpaign|talog|det)explained|n(?:cersexplained|adadaycore)|p(?:itali[sz]eguide|ricornhi)|b(?:leexplained|indynamic))\.com|r(?:(?:tograph(?:yanalysis|erwhat)|cinomas?explained|scratch-remover|eblack)\.com|insurance-compare\.net)|ce\.us)|h(?:(?:a(?:r(?:med-episodes|les-proxy|tpixel)|p(?:elsinfo|terball)|nnelexplained)|ristmas(?:gift-ideas|motion)|inesenewyearboom|eckingwatch)\.com|(?:orizo|urros)\.es)|(?:e(?:l(?:lularexplained|iac-diet)|ntigrade(?:explained|info))|(?:li(?:nical|ck)|ustomized)explained|r(?:uiseshipdating|iticsmart)|pu-benchmark|nc-cs)\.com|8\.biz|z\.cc)|a(?:(?:ll(?:about(?:(?:(?:collegi|gradu)at|yal)e|s(?:eminary|tudent)|(?:facul|varsi)ty|bestsellers|academic|teaching|harvard|ucla|pro)|babyours)|n(?:(?:tipodesbi|alyzelan)d|onymous-film)|(?:mericas-nexttopmode|gentsbal)l|r(?:chitectureice|lingtonwriter)|c(?:ademicexplaine|tionmo)d|ero(?:flotinfo|bicfund))\.com|u(?:(?:toma(?:tedexplained|kers24)|stralia-airlines|xiliaryverb)\.com|di(?:t(?:jewellery\.com|report\.net)|o-planet\.com))|p(?:(?:rilfools(?:hotel|spin)|ple-airport)\.com|[fh]i\.biz)|ir(?:(?:bnb-coupon|waysinfo)\.com|portshuttleseattle\.net)|v(?:enue(?:domain|hello)\.com|li\.biz)|\.e\.gy)|b(?:(?:a(?:c(?:helorexplained|kpackscope)|by(?:online-shop|revision)|(?:rcelonarea|ggagecoo)l|s(?:icexplained|escope)|ttle-field-3)|e(?:(?:st-hoteldeal|er-calorie|t-award)s|nefitexplained)|u(?:y-invite|dgetyep)|logger-com)\.com|r(?:(?:o(?:adbandinternet-providers|king(?:explained|guide))|unomarsalbum|yan-college)\.com|ea(?:st(?:cancertattoos\.net|explained\.com)|dmachine-recipes\.com))|o(?:(?:(?:om(?:ing|s)|nd)explained|tany(?:explained|info)|dybuildingdomains|rrowings?24)\.com|stoncolleges\.net)|irthcertificatetemplate\.net|3g\.biz)|d(?:e(?:(?:(?:(?:benture|posit)explaine|alershipislan)d|n(?:guefevertreatment|verhowto)|ductguide|veloptea)\.com|(?:xterstreaming|ciduoustrees)\.net)|o(?:(?:ctorate(?:s?explained|info)|llar-converter|gwalking-jobs|texplained|mainsknow)\.com|wnload(?:starcraft|-films|ubuntu)\.net)|(?:a(?:ncecentralsonglist|rtmouthexplained)|na-replication|hcp-server|vd-codec|rivewww)\.com|i(?:(?:s(?:count|ease)explained|nnerparty-recipes|walifile)\.com|rect-golf\.net))|e(?:(?:a(?:r(?:fulexplained|th-clinic)|sy(?:-costumes|repayment))|conomic(?:save|24))\.com|\.gy)|4(?:(?:4qs|h5)\.com|[jp]\.org|ql\.biz)|3(?:vt\.info|gb\.biz|q\.org)|2(?:eat\.com|sf\.biz|u\.se)|8(?:c1\.net|x\.biz)|7(?:c\.org|p\.biz)|11r\.(?:biz|us))(\x3a\d{1,5})?\r?$/Hmi"; classtype:bad-unknown; sid:2017457; rev:3; metadata:created_at 2013_09_13, updated_at 2013_09_13;)

Added 2017-08-07 21:11:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 1"; flow:to_server,established; content:" Java/1."; http_header; pcre:"/^Host\:[^\r\n]+?\.(?:c(?:o(?:l(?:leg(?:e(?:(?:confidential|-station|prowler)\.net|s?explained\.com)|iate(?:explained|info)\.com)|(?:o(?:rado-springs-jobs|nexplained)|umnexplore)\.com)|m(?:p(?:uter(?:explained\.com|themes\.net)|assiondefinition\.com)|m(?:oditylingerie|unesinfo|ercekid)\.com)|n(?:ce(?:rtparis\.net|ptsets\.com)|trolwedding\.com)|(?:(?:rnell|upon)explained|peguide)\.com|7\.us)|a(?:(?:(?:mpaign|talog|det)explained|n(?:cersexplained|adadaycore)|p(?:itali[sz]eguide|ricornhi)|b(?:leexplained|indynamic))\.com|r(?:(?:tograph(?:yanalysis|erwhat)|cinomas?explained|scratch-remover|eblack)\.com|insurance-compare\.net)|ce\.us)|h(?:(?:a(?:r(?:med-episodes|les-proxy|tpixel)|p(?:elsinfo|terball)|nnelexplained)|ristmas(?:gift-ideas|motion)|inesenewyearboom|eckingwatch)\.com|(?:orizo|urros)\.es)|(?:e(?:l(?:lularexplained|iac-diet)|ntigrade(?:explained|info))|(?:li(?:nical|ck)|ustomized)explained|r(?:uiseshipdating|iticsmart)|pu-benchmark|nc-cs)\.com|8\.biz|z\.cc)|a(?:(?:ll(?:about(?:(?:(?:collegi|gradu)at|yal)e|s(?:eminary|tudent)|(?:facul|varsi)ty|bestsellers|academic|teaching|harvard|ucla|pro)|babyours)|n(?:(?:tipodesbi|alyzelan)d|onymous-film)|(?:mericas-nexttopmode|gentsbal)l|r(?:chitectureice|lingtonwriter)|c(?:ademicexplaine|tionmo)d|ero(?:flotinfo|bicfund))\.com|u(?:(?:toma(?:tedexplained|kers24)|stralia-airlines|xiliaryverb)\.com|di(?:t(?:jewellery\.com|report\.net)|o-planet\.com))|p(?:(?:rilfools(?:hotel|spin)|ple-airport)\.com|[fh]i\.biz)|ir(?:(?:bnb-coupon|waysinfo)\.com|portshuttleseattle\.net)|v(?:enue(?:domain|hello)\.com|li\.biz)|\.e\.gy)|b(?:(?:a(?:c(?:helorexplained|kpackscope)|by(?:online-shop|revision)|(?:rcelonarea|ggagecoo)l|s(?:icexplained|escope)|ttle-field-3)|e(?:(?:st-hoteldeal|er-calorie|t-award)s|nefitexplained)|u(?:y-invite|dgetyep)|logger-com)\.com|r(?:(?:o(?:adbandinternet-providers|king(?:explained|guide))|unomarsalbum|yan-college)\.com|ea(?:st(?:cancertattoos\.net|explained\.com)|dmachine-recipes\.com))|o(?:(?:(?:om(?:ing|s)|nd)explained|tany(?:explained|info)|dybuildingdomains|rrowings?24)\.com|stoncolleges\.net)|irthcertificatetemplate\.net|3g\.biz)|d(?:e(?:(?:(?:(?:benture|posit)explaine|alershipislan)d|n(?:guefevertreatment|verhowto)|ductguide|veloptea)\.com|(?:xterstreaming|ciduoustrees)\.net)|o(?:(?:ctorate(?:s?explained|info)|llar-converter|gwalking-jobs|texplained|mainsknow)\.com|wnload(?:starcraft|-films|ubuntu)\.net)|(?:a(?:ncecentralsonglist|rtmouthexplained)|na-replication|hcp-server|vd-codec|rivewww)\.com|i(?:(?:s(?:count|ease)explained|nnerparty-recipes|walifile)\.com|rect-golf\.net))|e(?:(?:a(?:r(?:fulexplained|th-clinic)|sy(?:-costumes|repayment))|conomic(?:save|24))\.com|\.gy)|4(?:(?:4qs|h5)\.com|[jp]\.org|ql\.biz)|3(?:vt\.info|gb\.biz|q\.org)|2(?:eat\.com|sf\.biz|u\.se)|8(?:c1\.net|x\.biz)|7(?:c\.org|p\.biz)|11r\.(?:biz|us))(\x3a\d{1,5})?\r?$/Hmi"; classtype:bad-unknown; sid:2017457; rev:1;)

Added 2013-09-13 15:56:27 UTC


Topic revision: r1 - 2019-10-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats