alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Possible JDB Exploit Kit Class Request"; flow:established,to_server; http.uri; content:"/jdb/"; nocase; content:".class"; nocase; pcre:"/\/jdb\/[^\/]+\.class$/i"; http.header; content:"|20|Java/1"; fast_pattern; classtype:exploit-kit; sid:2016308; rev:8; metadata:created_at 2013_01_30, confidence Medium, signature_severity Major, updated_at 2020_09_18;)