alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Evil Redirect Leading to EK May 13 2016"; flow:established,from_server; file_data; content:"|3c 74 69 74 6c 65 3e 53 65 61 72 63 68 3c 2f 74 69 74 6c 65 3e|"; content:"|23 6c 6c 6c 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 2d|"; fast_pattern; content:"|3c 64 69 76 20 69 64 3d 22 6c 6c 6c 22 3e 3c 69 66 72 61 6d 65 20 73 72 63 3d|"; classtype:exploit-kit; sid:2022805; rev:2; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2016_05_13, deployment Perimeter, confidence High, signature_severity Major, tag Redirector, updated_at 2019_07_26;)