Rule History

alert tls any any -> any any (msg:"🐾 - 🚨 Network 🕵 scan 🎩 Nuclei 👨‍💻"; flow:to_server, stateless; ja3.hash; content:"473cd7cb9faa642487833865d516e578"; fast_pattern; tls.sni; content:!"tunnel.ngrok.com"; nocase; content:!"connect.ngrok-agent.com"; nocase; content:!"update.equinox.io"; nocase; content:!"snapcraftcontent.com"; nocase; content:!"snapcraft.io"; nocase; content:!"data.iana.org"; nocase; content:!"rdap."; nocase; metadata: former_category JA3; reference:url,https://nuclei.projectdiscovery.io/; metadata:created_at 2022_10_16, updated_at 2025_02_25; sid:3300183; rev:6; classtype:policy-violation;)