alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Metasploit js_property_spray sprayHeap"; flow:established,from_server; file_data; content:"sprayHeap"; nocase; pcre:"/^[\r\n\s]*?\x28[^\x29]*?shellcode/Ri"; reference:url,community.rapid7.com/community/metasploit/blog/2013/03/04/new-heap-spray-technique-for-metasploit-browser-exploitation; classtype:attempted-user; sid:2016519; rev:3; metadata:affected_product Any, attack_target Client_and_Server, created_at 2013_03_05, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, signature_severity Critical, tag Metasploit, updated_at 2019_07_26;)