#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Suspicious HTTP Request to .bit domain"; flow:to_server,established; content:".bit"; fast_pattern; nocase; http_header; pcre:"/^Host\x3a[^\r\n]+\.bit(?:\x3a\d{1,5})?\r$/Hmi"; reference:url,normanshark.com/blog/necurs-cc-domains-non-censorable/; reference:md5,243dda18666ae2a64685e51d82c5ad69; classtype:bad-unknown; sid:2018009; rev:4; metadata:created_at 2014_01_24, former_category HUNTING, updated_at 2021_04_02;)

Added 2021-04-02 19:25:28 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Suspicious HTTP Request to .bit domain"; flow:to_server,established; content:".bit"; fast_pattern; nocase; http_header; pcre:"/^Host\x3a[^\r\n]+\.bit(?:\x3a\d{1,5})?\r$/Hmi"; reference:url,normanshark.com/blog/necurs-cc-domains-non-censorable/; reference:md5,243dda18666ae2a64685e51d82c5ad69; classtype:bad-unknown; sid:2018009; rev:3; metadata:created_at 2014_01_24, former_category HUNTING, updated_at 2020_04_27;)

Added 2020-08-05 19:09:35 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Suspicious HTTP Request to .bit domain"; flow:to_server,established; content:".bit"; fast_pattern; nocase; http_header; pcre:"/^Host\x3a[^\r\n]+\.bit(?:\x3a\d{1,5})?\r$/Hmi"; metadata: former_category HUNTING; reference:url,normanshark.com/blog/necurs-cc-domains-non-censorable/; reference:md5,243dda18666ae2a64685e51d82c5ad69; classtype:bad-unknown; sid:2018009; rev:3; metadata:created_at 2014_01_24, updated_at 2020_04_27;)

Added 2020-04-27 19:10:27 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED SUSPICIOUS HTTP Request to .bit domain"; flow:to_server,established; content:".bit"; fast_pattern; nocase; http_header; pcre:"/^Host\x3a[^\r\n]+\.bit(?:\x3a\d{1,5})?\r$/Hmi"; reference:url,normanshark.com/blog/necurs-cc-domains-non-censorable/; reference:md5,243dda18666ae2a64685e51d82c5ad69; classtype:bad-unknown; sid:2018009; rev:3; metadata:created_at 2014_01_24, updated_at 2014_01_24;)

Added 2018-09-13 19:48:18 UTC


Added 2018-09-13 17:58:21 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED SUSPICIOUS HTTP Request to .bit domain"; flow:to_server,established; content:".bit"; fast_pattern; nocase; http_header; pcre:"/^Host\x3a[^\r\n]+\.bit(?:\x3a\d{1,5})?\r$/Hmi"; reference:url,normanshark.com/blog/necurs-cc-domains-non-censorable/; reference:md5,243dda18666ae2a64685e51d82c5ad69; classtype:bad-unknown; sid:2018009; rev:3; metadata:created_at 2014_01_24, updated_at 2014_01_24;)

Added 2017-08-07 21:12:01 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED SUSPICIOUS HTTP Request to .bit domain"; flow:to_server,established; content:".bit"; fast_pattern; nocase; http_header; pcre:"/^Host\x3a[^\r\n]+\.bit(?:\x3a\d{1,5})?\r$/Hmi"; reference:url,normanshark.com/blog/necurs-cc-domains-non-censorable/; reference:md5,243dda18666ae2a64685e51d82c5ad69; classtype:bad-unknown; sid:2018009; rev:3;)

Added 2014-01-27 18:12:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS SUSPICIOUS HTTP Request to .bit domain"; flow:to_server,established; content:".bit"; fast_pattern; nocase; http_header; pcre:"/^Host\x3a[^\r\n]+\.bit(?:\x3a\d{1,5})?\r$/Hmi"; reference:url,normanshark.com/blog/necurs-cc-domains-non-censorable/; reference:md5,243dda18666ae2a64685e51d82c5ad69; classtype:bad-unknown; sid:2018009; rev:2;)

Added 2014-01-24 13:25:17 UTC



This topic: Main > 2018009
Topic revision: r1 - 2021-04-02 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats