alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Evil Redirector Leading to EK Jul 08"; flow:established,from_server; file_data; content:"></script><!--|2f|"; fast_pattern; content:"<!--"; pcre:"/^(?P<var>[a-f0-9]{6})-->\s*?<script\s*?type=[\x22\x27]text\/javascript[\x22\x27]\s*?src=[\x22\x27]http\x3a\x2f[^\x22\x27]*?\/[a-z\d]{8}\.php\?id=\d+[\x22\x27]\s*?><\/script><!--\/(?P=var)-->/Rs"; classtype:exploit-kit; sid:2021394; rev:4; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2015_07_09, deployment Perimeter, confidence High, signature_severity Major, tag Redirector, updated_at 2019_10_08;)