Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Gophish X-Server"; flow:established,to_client; http.stat_code; content:"200"; http.header_names; content:"|58 2d 53 65 72 76 65 72|"; nocase; http.header; content:"gophish"; fast_pattern; reference:md5,bf2162ca3c0cb9253af87d7a785a97a4; classtype:misc-activity; sid:2035087; rev:3; metadata:attack_target Client_Endpoint, created_at 2022_02_03, deployment Perimeter, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_26, reviewed_at 2024_10_14;)