50 Recent Changes in Main Web retrieved at 05:56 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN XST/UP007 Checkin 2`; flow:established,to server; content:`POST`; http method; content:!`Referer 3a ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Windows Quicktime User Agent EOL With Known Bugs`; flow:established,to server; content:`QuickTime`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Virus Encoder Ransomware Checkin`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO PhishMe.com Phishing Exercise Client Plugins`; flow:to server,established; urilen:15; content:`POST` ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Quanta LTE Router RDE Exploit Attempt 2 (traceroute)`; flow:to server,established; content:`POST`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Quanta LTE Router RDE Exploit Attempt 1 (ping)`; flow:to server,established; content:`POST`; http method ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Quanta LTE Router Information Disclosure Exploit Attempt`; flow:to server,established; content:`GET ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Likely Evil Macro EXE DL mar 28 2016`; flow:established,to server; content:`HEAD`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY HotSpotShield Activity`; flow:established,to server; content:`POST`; http method; content:`Content Type ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS RIG Exploit URI Struct March 20 2015`; flow:established,to server; urilen: 220; content:`/index ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Ponmocup.A Checkin`; flow:to server,established; content:`GET`; http method; urilen:10; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY EgyPack Exploit Kit Cookie Set`; flow:established,from server; content:`Cookie 3a visited ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Ransomware Locky CnC Beacon`; flow:established,to server; content:`POST`; http method; urilen:11; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN IrcBot Fantasy Name Gen`; flow:established,to server; content:`Host 3a 20 www.fantasynamegen.com`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Genome User Agent (Http Down)`; flow:established,to server; content:`User Agent 3a 20 Http Down`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PunkeyPOS HTTP CnC Beacon 2`; flow:established,to server; content:`POST`; http method; content:!`Accept ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Possible Custom Content Type Manager WP Backdoor Access`; flow:established,to server; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Dridex Base64 Executable`; flow:from server,established; content:`200`; http stat code; content:` 47 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Likely PadCrypt Locker PKG DL`; flow:established,to server; content:`.pdcr`; http uri; nocase; pcre: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Operation Blockbuster User Agent (Mozillar)`; flow:to server,established; content:`Mozillar`; depth:8 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible OceanLotus C2 Checkin`; flow:to server,established; content:`GET`; http method; content:`.db ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY HotSpotShield Activity`; flow:established,to server; content:`POST`; http method; content:`Content Type ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/GCman.Backdoor CnC Beacon`; flow:established,to server; content:`POST`; http method; content:`/cgi ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT D Link DCS 930L Remote Command Execution attempt`; flow:to server,established; urilen:17; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Syndicasec.Backdoor CnC Beacon`; flow:established,to server; content:`POST`; http method; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Possible Banload Downloading Executable`; flow:established,from server; flowbits:isset,ET.autoit.ua; ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Possible Apache Struts OGNL Command Execution CVE 2013 2251 action`; flow:established,to server ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Possible Apache Struts OGNL Command Execution CVE 2013 2251 redirectAction`; flow:established ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Possible Apache Struts OGNL Command Execution CVE 2013 2251 redirect`; flow:established,to server ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Fluxer CnC Checkin`; flow:established,to server; content:`GET`; http method; content:`/gate.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Download Request Containing Suspicious Filename Crypted`; flow:to server,established; content:`GET ...
alert http $HTTP SERVERS any $EXTERNAL NET any (msg:`ET WEB SERVER Possible Compromised Webserver Retriving Inject`; flow:established,to server; content:`/blog ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mokes CnC Keep Alive`; flow:established,to server; urilen:3; content:`GET`; http method; content:`/v1 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Dridex POST Retrieving Second Stage M2`; flow:established,to server; content:`POST / HTTP/1.1 0d 0a ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS %Hex Encoded jnlp embedded (Observed in Sakura)`; flow:established,from server; file data; content ...
alert tcp any any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SERVER Possible CVE 2014 6271 Attempt in HTTP Version Number`; flow:established,to server; http protocol ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN CenterPOS Load Plugins`; flow:to client,established; flowbits:isset,ET.centerpos; content:`200`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN CenterPOS Delete Plugins`; flow:to client,established; flowbits:isset,ET.centerpos; content:`200`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Bedep Connectivity Check M2`; flow:established,to server; content:`GET`; http method; content:`/stats ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Kaicone.A Checkin via HTTP POST`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN LeChiffre Ransomware CnC`; flow:to server,established; content:`GET`; http method; content:`/sipvoice ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/7ev3n Ransomware Process Checkin`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/7ev3n Ransomware Initial Checkin`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET WEB CLIENT Chrome Extension Phishing HTTP Request`; flow:to server,established; content:`Host 3a chrome extension ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN XST Checkin`; flow:established,to server; content:`POST`; http method; content:!`Referer 3a `; http header ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS Invalid/Suspicious User Agent (PHP)`; flow:to server,established; content:`User Agent ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DustySky Payload Link Request`; flow:established,to server; content:`GET`; http method; content:`.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Cryptojoker Checkin`; flow:to server,established; content:`GET`; http method; content:`.php?info `; fast ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Zbot download config`; flow:established,from server; flowbits:isset,ET.zbot.dat; content:`200`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Zbot download config SET`; flow:established,to server; content:`GET`; http method; content:`.dat`; ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats