""ET SCAN Grendel-Scan Web Application Security Scan Detected""
SID: 2009481
Revision: 9
Class Type: attempted-recon
Metadata: created_at 2010_07_30, updated_at 2015_04_06
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: $HTTP_PORTS
Flow: to_server,established
Contents:
-
Value: "GET"
-
Value: "/random"
Within:
PCRE: "/\x2Frandom\w+?\x2E(?:c(?:f[cm]|gi)|ht(?:ml?|r)|(?:ws|x)dl|a(?:sp|xd)|p(?:hp3|l)|bat|swf|vbs|do)/Ui"
Special Options:
-
http_method
-
nocase
-
http_uri