Versions (4)
Version DetailsCurrent
Rev: 6 • Jun 24, 2011, 12:00 PMET SCAN Potential muieblackcat scanner double-URI and HTTP library
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN Potential muieblackcat scanner double-URI and HTTP library"; flow:established,to_server; http.request_line; content:"GET //"; startswith; fast_pattern; http.header; content:"Accept|7c|3a|7c 20 2a 2f 2a 7c|0d|20|0a|7c|Accept|2d|Language|7c|3a|7c 20|en|2d|us|7c|0d|20|0a|7c|Accept|2d|Encoding|7c|3a|7c 20|gzip|2c 20|deflate|7c|0d|20|0a|7c|Host|7c|3a|7c 20|"; startswith; content:"|0d 0a|Connection|3a| Close|0d 0a|"; endswith; classtype:attempted-recon; sid:2013116; rev:6; metadata:created_at 2011_06_24, confidence Medium, signature_severity Informational, updated_at 2024_02_07;)
Jun 24, 2011, 12:00 PM
Feb 7, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-scan.rules