[Emerging-Sigs] FPs on sid 2028883

jt jtfas90 at gmail.com
Thu Oct 24 04:07:52 HDT 2019


Hi Erich,

Yes we are seeing a number of FPs on this one as well. I was going to
send some pcaps over with additional information today of what we are
seeing to support.

JT

On Thu, 2019-10-24 at 12:15 +0000, Erich.Lerch--- via Emerging-sigs
wrote:
> Hi
> 
> We're getting several alerts per day from SID 2028883.
> All seem to be legit PNG downloads (HTTP).
> 
> I can consistently reproduce the FP, e.g. with:
> 
> hxxp://www.bernau[.]ch/images/content/banner/facebooklogo.png
> hxxp://
> www.sporthandel-liebermann-server.de/media/image/19/13/e4/Schnee8brecThR2axfi.png
> 
> Do others see this behavior too?
> 
> Cheers,
> Erich
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro 
> http://www.emergingthreats.net
> 



More information about the Emerging-sigs mailing list