[Emerging-Sigs] SID 2013017 False Positive

[Jason Williams]

Thanks! Will get that in for today.

Jason


On Wed, Apr 10, 2019 at 9:01 AM Matthew Clairmont (R* NYC) <
Matthew.Clairmont at rockstargames.com> wrote:

> Greetings!
>
>
>
> We’ve had this signature fire a few times for daily update checks related
> to a mobile benchmarking software. It looks like it’s an easy exclusion
> through content:!”update.aida64.com”. I do have a PCAP available if it’s
> needed.
>
>
>
> SRC: GET /gatheraddr/?str=399c7e5015c9254aef7938afc20f93f27e6ba893 HTTP/1.1
> SRC: User-Agent: x
> SRC: Host: update.aida64.com
> SRC: Cache-Control: no-cache
> SRC:
> SRC:
> DST: HTTP/1.1 200 OK
> DST: X-Powered-By: PHP/5.6.29-0+deb8u1
> DST: Content-type: text/html; charset=UTF-8
> DST: Transfer-Encoding: chunked
> DST: Date: Wed, 10 Apr 2019 08:01:41 GMT
> DST: Server: lighttpd/1.4.35
>
>
>
>
>
> Please let me know if you need any further information.
>
>
>
> Thanks,
> Matt
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190410/8d71b21e/attachment-0001.html>