Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Possible EXE Download From Suspicious TLD (.webcam) - set"; flow:established,to_server; flowbits:set,ET.SuspExeTLDs; flowbits:noalert; http.host; content:".webcam"; endswith; reference:url,www.spamhaus.org/statistics/tlds/; classtype:misc-activity; sid:2025497; rev:4; metadata:created_at 2018_04_16, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_10;)