""ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers""
SID: 2012612
Revision: 17
Class Type: bad-unknown
Metadata: attack_target Client_Endpoint, created_at 2011_03_31, deployment Perimeter, performance_impact Significant, confidence Low, signature_severity Minor, updated_at 2024_04_09
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "GET"
-
Value: ".php?"
-
Value: "HTTP/1.1|0d 0a|User-Agent"
-
Value: "|20|HTTP/1.1|0d 0a|User-Agent|3a 20|Mozilla/4.0|20|(compatible|3b 20|MSIE|20|"
-
Value: !"8"
-
Value: "|3b 20|Windows|20|NT|20|"
-
Value: ")|0d 0a|Host|3a 20|"
-
Value: "Cache-Control|3a 20|no-cache|0d 0a 0d 0a|"
-
Value: !"|0d 0a|Accept"
-
Value: !".taobao.com|0d 0a|"
-
Value: !".dict.cn|0d 0a|"
-
Value: !".avg.com|0d 0a|"
-
Value: !"SlimBrowser"
-
Value: !".weather.hao.360.cn"
-
Value: !"es.f.360.cn"
Within: 1
PCRE:
Special Options:
-
nocase
-
http_method
-
http_uri
-
fast_pattern
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header