""ET INFO Suspicious Purported MSIE 7 with terse HTTP Headers GET to PHP""
SID: 2012384
Revision: 5
Class Type: bad-unknown
Metadata: created_at 2011_02_27, performance_impact Moderate, updated_at 2024_04_10
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: ".php"
-
Value: "|20|HTTP/1.1|0d 0a|User-Agent|3a 20|Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 5.1)|0d 0a|Host|3a 20|"
-
Value: "|0d 0a|Cache-Control|3a 20|no-cache|0d 0a 0d 0a|"
Within: 50
PCRE:
Special Options:
-
http_uri
-
nocase
-
fast_pattern