alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER HTTP Request to a *.e5b57288.com domain - Anuna Checkin - Compromised PHP Site"; flow:to_server,established; content:"e5b57288.com"; http_header; fast_pattern; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:bad-unknown; sid:2023233; rev:3; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2019_10_07;)

Added 2019-10-08 19:34:40 UTC


alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER HTTP Request to a *.e5b57288.com domain - Anuna Checkin - Compromised PHP Site"; flow:to_server,established; content:"e5b57288.com"; http_header; fast_pattern:only; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:bad-unknown; sid:2023233; rev:2; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2019_09_26;)

Added 2019-09-26 19:58:12 UTC


alert tcp $HTTP_SERVERS any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WEB_SERVER HTTP Request to a *.e5b57288.com domain - Anuna Checkin - Compromised PHP Site"; flow:to_server,established; content:"e5b57288.com"; http_header; fast_pattern:only; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:bad-unknown; sid:2023233; rev:1; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2016_09_15;)

Added 2018-09-13 19:52:57 UTC


Added 2018-09-13 18:01:08 UTC


alert tcp $HTTP_SERVERS any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WEB_SERVER HTTP Request to a *.e5b57288.com domain - Anuna Checkin - Compromised PHP Site"; flow:to_server,established; content:"e5b57288.com"; http_header; fast_pattern:only; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:bad-unknown; sid:2023233; rev:1; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2016_09_15;)

Added 2017-08-07 21:18:19 UTC


alert tcp $HTTP_SERVERS any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WEB_SERVER HTTP Request to a *.e5b57288.com domain - Anuna Checkin - Compromised PHP Site"; flow:to_server,established; content:"e5b57288.com"; http_header; fast_pattern:only; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:bad-unknown; sid:2023233; rev:1;)

Added 2016-09-15 16:54:56 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats