""ET INFO SUSPICIOUS Java Request to DNSDynamic Dynamic DNS Domain""
SID: 2016583
Revision: 1
Class Type: bad-unknown
Metadata: created_at 2013_03_15, updated_at 2013_03_15
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: to_server,established
Contents:
- Value: " Java/1."
Within:
PCRE: "/^Host\x3a\x20[^\r\n]+.(?:d(?:ns(?:d(?:ynamic.(?:com|net)|.(?:info|me))|api.info|get.org|53.biz)|dns01.com)|(?:f(?:lashserv|e100|tp21)|adultdns|mysq1|wow64).net|(?:(?:ima|voi)p01|(?:user|ole)32|kadm5).com|t(?:tl60.(?:com|org)|empors.com|ftpd.net)|s(?:sh(?:01.com|22.net)|ql01.com)|http(?:(?:s443|01).com|80.info)|n(?:s360.info|tdll.net)|x(?:ns01.com|64.me)|craftx.biz)(\x3a\d{1,5})?\r$/Hmi"
Special Options:
- http_header