alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Safe/CritX/FlashPack Java Payload"; flow:established,to_server; content:"/load"; http_uri; fast_pattern:only; content:".php?id="; content:"Java/1."; http_user_agent; classtype:exploit-kit; sid:2019008; rev:8; metadata:created_at 2014_08_26, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)