ET WEB_CLIENT Malicious Redirect n.php h=*&s=*
Sourceet/open
Fileemerging-web_client.rules
CreatedAugust 23, 2012
UpdatedFebruary 19, 2024
Classificationattempted-user
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_CLIENT Malicious Redirect n.php h=*&s=*"; flow:established,to_server ; http.uri; content:"/n.php?h="; fast_pattern; content:"&s="; pcre:"/\/n\.php\?h=\w*?&s=\w{1,5}$/i" ; http.host; content:".rr.nu"; endswith; reference:url,0xicf.wordpress.com/category/security-updates/ ; reference:url,urlquery.net/report.php?id=111302 ; classtype:attempted-user; sid:2015669; rev:11; metadata:created_at 2012_08_23, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_19;)
Metadata
created at2012_08_23
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_02_19
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!