Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_CLIENT Fake AV Phone Scam Landing June 26 2015 M1"; flow:established,to_server; content:"GET"; http_method; content:".php?cid="; http_uri; fast_pattern; content:"-w"; distance:0; http_uri; pcre:"/\.php\?cid=[0-9]+?-w[A-Z0-9]{23}$/U"; classtype:social-engineering; sid:2021357; rev:5; metadata:created_at 2015_06_26, confidence High, signature_severity Minor, updated_at 2019_08_16;)