Versions (4)
Version DetailsCurrent
Rev: 11 • Aug 23, 2012, 12:00 PMET WEB_CLIENT Malicious Redirect n.php h=*&s=*
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_CLIENT Malicious Redirect n.php h=*&s=*"; flow:established,to_server; http.uri; content:"/n.php?h="; fast_pattern; content:"&s="; pcre:"/\/n\.php\?h=\w*?&s=\w{1,5}$/i"; http.host; content:".rr.nu"; endswith; reference:url,0xicf.wordpress.com/category/security-updates/; reference:url,urlquery.net/report.php?id=111302; classtype:attempted-user; sid:2015669; rev:11; metadata:created_at 2012_08_23, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_19;)
Aug 23, 2012, 12:00 PM
Feb 19, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 6, 2025, 9:38 PM
rules/emerging-web_client.rules