alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT g01pack Exploit Kit .blogsite. Landing Page"; flow:established,to_server; flowbits:set,et.exploitkitlanding; urilen:>2; http.uri; content:!"&"; content:"/"; endswith; pcre:"/^\/[a-z]+\/$/"; http.host; content:".blogsite."; fast_pattern; classtype:exploit-kit; sid:2015939; rev:5; metadata:created_at 2012_11_27, signature_severity Major, updated_at 2024_03_03;)