alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT RedDotv2 Java Check-in"; flow:established,to_server; content:"/search/"; http_uri; content:"Java/1."; http_user_agent; fast_pattern; pcre:"/^\/search\/[0-9]{64}/U"; classtype:exploit-kit; sid:2016593; rev:9; metadata:created_at 2013_03_19, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)