Versions (5)
Version DetailsCurrent
Rev: 6 • Mar 15, 2013, 12:00 PMET INFO SUSPICIOUS Java Request to NOIP Dynamic DNS Domain
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO SUSPICIOUS Java Request to NOIP Dynamic DNS Domain"; flow:to_server,established; http.host; pcre:"/\.(?:s(?:e(?:rve(?:(?:(?:(?:counterstri|qua)k|exchang|gam)e|h(?:alflife|umour|ttp)|p(?:ics|2p)|sarcasm|ftp)\.com|m(?:inecraft\.net|p3\.com)|b(?:eer\.com|log\.net))|curity(?:exploit|tactic)s\.com)|tufftoread\.com|ytes\.net)|m(?:y(?:(?:(?:dissen|effec)t|mediapc|psx)\.net|securitycamera\.(?:com|net|org)|(?:activedirectory|vnc)\.com|ftp\.(?:biz|org))|lbfan\.org|mafan\.biz)|d(?:(?:itchyourip|amnserver|ynns)\.com|dns(?:\.(?:net|me)|king\.com)|ns(?:iskinky\.com|for\.me)|vrcam\.info)|n(?:o(?:-ip\.(?:c(?:o\.uk|a)|info|biz|net|org)|ip\.(?:me|us))|et-freaks\.com|flfan\.org|hlfan\.net)|h(?:o(?:mesecurity(?:ma|p)c\.com|pto\.(?:org|me))|ealth-carereform\.com)|p(?:(?:rivatizehealthinsurance|gafan)\.net|oint(?:2this\.com|to\.us))|c(?:(?:o(?:uchpotatofries|llegefan)|able-modem)\.org|iscofreak\.com)|g(?:o(?:lffan\.us|tdns\.ch)|eekgalaxy\.com)|b(?:logsyte\.com|ounceme\.net|rasilia\.me)|re(?:ad-books\.org|directme\.net)|u(?:nusualperson\.com|fcfan\.org)|w(?:orkisboring\.com|ebhop\.me)|(?:3utiliti|quicksyt)es\.com|eating-organic\.net|ilovecollege\.info|fantasyleague\.cc|loginto\.me|zapto\.org)(?:\x3a\d{1,5})?$/"; http.user_agent; content:"Java/1."; classtype:bad-unknown; sid:2016582; rev:6; metadata:created_at 2013_03_15, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_30;)
Mar 15, 2013, 12:00 PM
Apr 30, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 10, 2025, 11:34 PM
rules/emerging-info.rules