alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Magnitude Flash Exploit (IE)"; flow:established,to_server; urilen:31<>69; http.uri; pcre:"/^\/\??[a-f0-9]{32}(?:\/[a-f0-9]{32})?\/?$/"; http.header_names; content:"|0d 0a|x-flash-version|0d 0a|"; fast_pattern; http.host; pcre:"/^(?:\.*[a-f0-9]\.*){32}\./m"; classtype:exploit-kit; sid:2019799; rev:4; metadata:created_at 2014_11_25, signature_severity Major, updated_at 2024_02_23;)