Rule History

SID: 3321311 • Source: pawpatrules

Versions (2)

Version DetailsCurrent

Rev: 2 • Jul 29, 2024, 12:00 PM

Message:

🐾 - 🚨 👀 reallyfreegeoip.org lookup public IP address from local network - Possible Leak 🚱

Rule:

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 👀 reallyfreegeoip.org lookup public IP address from local network - Possible Leak 🚱"; flow:to_server, stateless; threshold:type limit, track by_src,count 1, seconds 3600; tls_sni; content:"reallyfreegeoip.org"; nocase; metadata:created_at 2024_07_29, updated_at 2024_08_08; sid:3321311; rev:2; classtype:external-ip-check;)

Created:

Jul 29, 2024, 12:00 PM

Updated:

Aug 8, 2024, 12:00 PM

DB Created:

Jul 29, 2024, 9:04 PM

DB Updated:

May 29, 2025, 11:12 PM

Filename:

rules/PAW-PATRULES_LEAKS.rules