alert http $HOME_NET any -> $EXTERNAL_NET 1342 (msg:"ET EXPLOIT_KIT Unknown Exploit Kit redirect"; flow:established,to_server; urilen:35; http.method; content:"GET"; http.uri; content:"/t/"; startswith; pcre:"/^\/t\/[a-f0-9]{32}$/i"; http.host.raw; content:"|3a|1342"; endswith; fast_pattern; classtype:exploit-kit; sid:2015672; rev:6; metadata:created_at 2012_08_30, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_19;)