alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to a *.tk domain"; flow:to_server,established; content:"Host|3a|"; http_header; content:".tk|0D 0A|"; fast_pattern; within:50; http_header; content:!".tcl.tk|0d 0a|"; http_header; content:!"Host|3a 20|tcl.tk|0d 0a|"; http_header; classtype:bad-unknown; sid:2012810; rev:9;)

Added 2017-03-20 19:16:54 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to a *.tk domain"; flow:to_server,established; content:"Host|3a|"; http_header; content:".tk|0D 0A|"; fast_pattern; within:50; http_header; content:!".tcl.tk|0d 0a|"; http_header; content:!"Host|3a 20|tcl.tk|0d 0a|"; http_header; classtype:bad-unknown; sid:2012810; rev:9;)

Added 2017-03-16 22:26:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to a *.tk domain"; flow:to_server,established; content:"Host|3a|"; http_header; content:".tk|0D 0A|"; fast_pattern; within:50; http_header; content:!".tcl.tk|0d 0a|"; http_header; classtype:bad-unknown; sid:2012810; rev:8;)

Added 2014-09-12 16:28:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS HTTP Request to a *.tk domain"; flow:to_server,established; content:"Host|3a|"; http_header; content:".tk|0d 0a|"; fast_pattern; within:50; http_header; content:!".tcl.tk|0d 0a|"; http_header; classtype:bad-unknown; sid:2012810; rev:7;)

Added 2011-12-01 18:59:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS HTTP Request to a Suspicious *.tk domain"; flow:to_server,established; content:"Host|3a|"; http_header; content:".tk|0d 0a|"; fast_pattern; within:50; http_header; content:!".tcl.tk|0d 0a|"; http_header; classtype:bad-unknown; sid:2012810; rev:7;)

Added 2011-10-12 19:35:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS HTTP Request to a Suspicious *.tk domain"; flow:to_server,established; content:"Host|3a|"; http_header; content:".tk|0d 0a|"; fast_pattern; within:50; http_header; content:!".tcl.tk|0d 0a|"; http_header; classtype:bad-unknown; sid:2012810; rev:7;)

Added 2011-07-27 00:56:49 UTC


Topic revision: r1 - 2017-03-20 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats