alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Polyfill Malicious Redirect Attempt M1"; flow:established,to_server; http.uri; content:"/redirect?from=bitget"; http.host; bsize:10; content:"kuurza.com"; fast_pattern; reference:url,sansec.io/research/polyfill-supply-chain-attack; classtype:trojan-activity; sid:2053885; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_06_26, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_06_26; target:src_ip;)