""ET CURRENT_EVENTS Possible Keitaro TDS Redirect""

SID: 2022466

Revision: 4

Class Type: bad-unknown

Metadata: created_at 2016_01_28, tag TDS, updated_at 2017_02_22

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,from_server

Contents:

• Value: "302"

• Value: "LOCATION|3a 20|http"

• Value: "Content-Type|3a 20|text/html|3b 20|charset=utf-8|0d 0a|"

• Value: "Expires|3a 20|Thu, 21 Jul 1977 07|3a|30|3a|00 GMT|0d 0a|"

• Value: "Cache-Control|3a 20|max-age=0|0d 0a|Pragma|3a 20|no-cache|0d 0a|"

Within:

PCRE: "/Date\x3a\x20(?P[^\r\n]+)\r\n.*?Last-Modified\x3a\x20(?P=dstring)\r\n/Hs"

Special Options:

• http_stat_code

• http_header

• nocase

• http_header

• http_header

source