alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Zuponcic Hostile JavaScript"; flow:established,to_server; urilen:11; http.uri; content:"/js/java.js"; fast_pattern; http.host; content:"."; offset:2; depth:1; pcre:"/^[a-z]{2}\./"; classtype:exploit-kit; sid:2015982; rev:4; metadata:created_at 2012_12_04, signature_severity Major, updated_at 2020_09_17;)