ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)

SID: 2066176Rev: 11 views
Sourceet/open
CreatedDecember 8, 2025
UpdatedDecember 8, 2025
Classificationmisc-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)"; flow:established,to_server; http.user_agent; bsize:60; content:"Mozilla|2f|5|2e|0|20 28|Windows|20|NT|20|"; fast_pattern; startswith; pcre:"/^\d{2}\x2e\d/R"; content:"|3b 20|Win64|3b 20|x64|29 20|AppleWebKit|2f|"; distance:0; pcre:"/^\d{3}\x2e\d{2}$/R"; reference:md5,9b2656eebe627617decbd476f8e14ac1; classtype:misc-activity; sid:2066176; rev:1; metadata:attack_target Client_and_Server, tls_state plaintext, created_at 2025_12_08, deployment Perimeter, performance_impact Moderate, confidence Medium, signature_severity Informational, updated_at 2025_12_08;)

References

md5
9b2656eebe627617decbd476f8e14ac1
Google SearchBrave Search

Metadata

attack targetClient_and_Server
tls stateplaintext
created at2025_12_08
deploymentPerimeter
performance impactModerate
confidenceMedium
signature severityInformational
updated at2025_12_08

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!