# (C) Copyright 2001-2004, Martin Roesch, Brian Caswell, et al.
# All rights reserved.
# $Id$
#--------------
# WEB-IIS RULES
#--------------
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS MDAC Content-Type overflow attempt"; flow:to_server,established; uricontent:"/msadcs.dll"; nocase; content:"Content-Type|3A|"; nocase; isdataat:50,relative; content:!"|0A|"; within:50; pcre:"/^POST\s/smi"; reference:bugtraq,6214; reference:cve,2002-1142; reference:url,www.foundstone.com/knowledge/randd-advisories-display.html?id=337; classtype:web-application-attack; sid:1970; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS repost.asp access"; flow:to_server,established; uricontent:"/scripts/repost.asp"; nocase; reference:nessus,10372; classtype:web-application-activity; sid:1076; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .htr chunked Transfer-Encoding"; flow:to_server,established; uricontent:".htr"; nocase; content:"Transfer-Encoding|3A|"; nocase; content:"chunked"; distance:0; nocase; reference:bugtraq,4855; reference:bugtraq,5003; reference:cve,2002-0364; classtype:web-application-attack; sid:1806; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .asp chunked Transfer-Encoding"; flow:to_server,established; uricontent:".asp"; nocase; content:"Transfer-Encoding|3A|"; nocase; content:"chunked"; distance:0; nocase; reference:bugtraq,4474; reference:bugtraq,4485; reference:cve,2002-0071; reference:cve,2002-0079; reference:nessus,10932; classtype:web-application-attack; sid:1618; rev:16;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /StoreCSVS/InstantOrder.asmx request"; flow:to_server,established; uricontent:"/StoreCSVS/InstantOrder.asmx"; nocase; classtype:web-application-activity; sid:1626; rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS users.xml access"; flow:to_server,established; uricontent:"/users.xml"; nocase; classtype:web-application-activity; sid:1750; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS as_web.exe access"; flow:to_server,established; uricontent:"/as_web.exe"; nocase; reference:bugtraq,4670; classtype:web-application-activity; sid:1753; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS as_web4.exe access"; flow:to_server,established; uricontent:"/as_web4.exe"; nocase; reference:bugtraq,4670; classtype:web-application-activity; sid:1754; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS NewsPro administration authentication attempt"; flow:to_server,established; content:"logged,true"; reference:bugtraq,4672; classtype:web-application-activity; sid:1756; rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS pbserver access"; flow:to_server,established; uricontent:"/pbserver/pbserver.dll"; nocase; reference:url,www.microsoft.com/technet/security/bulletin/ms00-094.mspx; classtype:web-application-activity; sid:1772; rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS trace.axd access"; flow:to_server,established; uricontent:"/trace.axd"; nocase; reference:nessus,10993; classtype:web-application-activity; sid:1660; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /isapi/tstisapi.dll access"; flow:to_server,established; uricontent:"/isapi/tstisapi.dll"; nocase; reference:bugtraq,2381; reference:cve,2001-0302; classtype:web-application-activity; sid:1484; rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS mkilog.exe access"; flow:to_server,established; uricontent:"/mkilog.exe"; nocase; reference:nessus,10359; reference:url,www.osvdb.org/274; classtype:web-application-activity; sid:1485; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ctss.idc access"; flow:to_server,established; uricontent:"/ctss.idc"; nocase; reference:nessus,10359; classtype:web-application-activity; sid:1486; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /iisadmpwd/aexp2.htr access"; flow:to_server,established; uricontent:"/iisadmpwd/aexp2.htr"; reference:bugtraq,2110; reference:bugtraq,4236; reference:cve,1999-0407; reference:cve,2002-0421; reference:nessus,10371; classtype:web-application-activity; sid:1487; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS WebDAV file lock attempt"; flow:to_server,established; content:"LOCK "; depth:5; reference:bugtraq,2736; classtype:web-application-activity; sid:969; rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ISAPI .printer access"; flow:to_server,established; uricontent:".printer"; nocase; reference:arachnids,533; reference:bugtraq,2674; reference:cve,2001-0241; reference:nessus,10661; classtype:web-application-activity; sid:971; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ISAPI .ida attempt"; flow:to_server,established; uricontent:".ida?"; nocase; reference:arachnids,552; reference:bugtraq,1065; reference:cve,2000-0071; classtype:web-application-attack; sid:1243; rev:11;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ISAPI .ida access"; flow:to_server,established; uricontent:".ida"; nocase; reference:arachnids,552; reference:bugtraq,1065; reference:cve,2000-0071; classtype:web-application-activity; sid:1242; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ISAPI .idq attempt"; flow:to_server,established; uricontent:".idq?"; nocase; reference:arachnids,553; reference:bugtraq,1065; reference:bugtraq,968; reference:cve,2000-0071; reference:cve,2000-0126; reference:nessus,10115; classtype:web-application-attack; sid:1244; rev:14;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ISAPI .idq access"; flow:to_server,established; uricontent:".idq"; nocase; reference:arachnids,553; reference:bugtraq,1065; reference:cve,2000-0071; classtype:web-application-activity; sid:1245; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS %2E-asp access"; flow:to_server,established; content:"%2easp"; nocase; reference:bugtraq,1814; reference:cve,1999-0253; classtype:web-application-activity; sid:972; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS *.idc attempt"; flow:to_server,established; uricontent:"/*.idc"; nocase; reference:bugtraq,1448; reference:cve,1999-0874; reference:cve,2000-0661; classtype:web-application-attack; sid:973; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS Directory transversal attempt"; flow:to_server,established; content:"..|5C|.."; reference:bugtraq,2218; reference:cve,1999-0229; classtype:web-application-attack; sid:974; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS Alternate Data streams ASP file access attempt"; flow:to_server,established; uricontent:".asp|3A 3A 24|DATA"; nocase; reference:bugtraq,149; reference:cve,1999-0278; reference:nessus,10362; reference:url,support.microsoft.com/default.aspx?scid=kb\;EN-US\;q188806; classtype:web-application-attack; sid:975; rev:12;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .bat? access"; flow:to_server,established; uricontent:".bat?"; nocase; reference:bugtraq,2023; reference:cve,1999-0233; reference:url,support.microsoft.com/support/kb/articles/Q148/1/88.asp; reference:url,support.microsoft.com/support/kb/articles/Q155/0/56.asp; classtype:web-application-activity; sid:976; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .cnf access"; flow:to_server,established; uricontent:".cnf"; nocase; reference:bugtraq,4078; reference:nessus,10575; classtype:web-application-activity; sid:977; rev:11;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ASP contents view"; flow:to_server,established; content:"%20"; content:"&CiRestriction=none"; nocase; content:"&CiHiliteType=Full"; nocase; reference:bugtraq,1084; reference:cve,2000-0302; reference:nessus,10356; classtype:web-application-attack; sid:978; rev:11;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ASP contents view"; flow:to_server,established; uricontent:".htw?CiWebHitsFile"; reference:bugtraq,1861; reference:cve,2000-0942; classtype:web-application-attack; sid:979; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS CGImail.exe access"; flow:to_server,established; uricontent:"/scripts/CGImail.exe"; nocase; reference:bugtraq,1623; reference:cve,2000-0726; classtype:web-application-activity; sid:980; rev:7;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS JET VBA access"; flow:to_server,established; uricontent:"/scripts/samples/ctguestb.idc"; nocase; reference:bugtraq,307; reference:cve,1999-0874; reference:nessus,10116; classtype:web-application-activity; sid:984; rev:10;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS JET VBA access"; flow:to_server,established; uricontent:"/scripts/samples/details.idc"; nocase; reference:bugtraq,286; reference:cve,1999-0874; classtype:web-application-activity; sid:985; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS MSProxy access"; flow:to_server,established; uricontent:"/scripts/proxy/w3proxy.dll"; nocase; reference:url,support.microsoft.com/?kbid=331066; classtype:web-application-activity; sid:986; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS +.htr code fragment attempt"; flow:to_server,established; uricontent:"+.htr"; nocase; reference:bugtraq,1488; reference:cve,2000-0630; reference:nessus,10680; classtype:web-application-attack; sid:1725; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .htr access"; flow:to_server,established; uricontent:".htr"; nocase; reference:bugtraq,1488; reference:cve,2000-0630; reference:nessus,10680; classtype:web-application-activity; sid:987; rev:14;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS SAM Attempt"; flow:to_server,established; content:"sam._"; nocase; reference:url,www.ciac.org/ciac/bulletins/h-45.shtml; classtype:web-application-attack; sid:988; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS achg.htr access"; flow:to_server,established; uricontent:"/iisadmpwd/achg.htr"; nocase; reference:bugtraq,2110; reference:cve,1999-0407; classtype:web-application-activity; sid:991; rev:8;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS adctest.asp access"; flow:to_server,established; uricontent:"/msadc/samples/adctest.asp"; nocase; classtype:web-application-activity; sid:992; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /scripts/iisadmin/default.htm access"; flow:to_server,established; uricontent:"/scripts/iisadmin/default.htm"; nocase; classtype:web-application-attack; sid:994; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ism.dll access"; flow:to_server,established; uricontent:"/scripts/iisadmin/ism.dll?http/dir"; nocase; reference:bugtraq,189; reference:cve,1999-1538; reference:cve,2000-0630; classtype:web-application-attack; sid:995; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS anot.htr access"; flow:to_server,established; uricontent:"/iisadmpwd/anot"; nocase; reference:bugtraq,2110; reference:cve,1999-0407; classtype:web-application-activity; sid:996; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS asp-dot attempt"; flow:to_server,established; uricontent:".asp."; nocase; reference:bugtraq,1814; reference:nessus,10363; classtype:web-application-attack; sid:997; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS asp-srch attempt"; flow:to_server,established; uricontent:"|23|filename=*.asp"; nocase; classtype:web-application-attack; sid:998; rev:7;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS bdir access"; flow:to_server,established; uricontent:"/scripts/iisadmin/bdir.htr"; nocase; reference:bugtraq,2280; classtype:web-application-activity; sid:999; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS bdir.htr access"; flow:to_server,established; uricontent:"/bdir.htr"; nocase; reference:bugtraq,2280; reference:nessus,10577; classtype:web-application-activity; sid:1000; rev:11;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cmd32.exe access"; flow:to_server,established; content:"cmd32.exe"; nocase; classtype:web-application-attack; sid:1661; rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cmd.exe access"; flow:to_server,established; uricontent:"cmd.exe"; nocase; classtype:web-application-attack; sid:1002; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cmd? access"; flow:to_server,established; content:".cmd?&"; nocase; classtype:web-application-attack; sid:1003; rev:7;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS codebrowser Exair access"; flow:to_server,established; uricontent:"/iissamples/exair/howitworks/codebrws.asp"; nocase; reference:cve,1999-0499; reference:cve,1999-0815; classtype:web-application-activity; sid:1004; rev:8;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS codebrowser SDK access"; flow:to_server,established; uricontent:"/iissamples/sdk/asp/docs/codebrws.asp"; nocase; reference:bugtraq,167; reference:cve,1999-0736; classtype:web-application-activity; sid:1005; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cross-site scripting attempt"; flow:to_server,established; uricontent:"/Form_JScript.asp"; nocase; reference:bugtraq,119; reference:bugtraq,1594; reference:bugtraq,1595; reference:cve,2000-0746; reference:cve,2000-1104; reference:nessus,10572; classtype:web-application-attack; sid:1007; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cross-site scripting attempt"; flow:to_server,established; uricontent:"/Form_VBScript.asp"; nocase; reference:bugtraq,119; reference:bugtraq,1594; reference:bugtraq,1595; reference:cve,2000-0746; reference:cve,2000-1104; reference:nessus,10572; classtype:web-application-attack; sid:1380; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS del attempt"; flow:to_server,established; content:"&del+/s+c|3A 5C|*.*"; nocase; classtype:web-application-attack; sid:1008; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS directory listing"; flow:to_server,established; uricontent:"/ServerVariables_Jscript.asp"; nocase; reference:nessus,10573; classtype:web-application-attack; sid:1009; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS encoding access"; flow:to_server,established; content:"%1u"; reference:arachnids,200; reference:bugtraq,886; reference:cve,2000-0024; classtype:web-application-activity; sid:1010; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS exec-src access"; flow:to_server,established; content:"|23|filename=*.exe"; nocase; classtype:web-application-activity; sid:1011; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS fpcount attempt"; flow:to_server,established; uricontent:"/fpcount.exe"; content:"Digits="; nocase; reference:bugtraq,2252; reference:cve,1999-1376; classtype:web-application-attack; sid:1012; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS fpcount access"; flow:to_server,established; uricontent:"/fpcount.exe"; nocase; reference:bugtraq,2252; reference:cve,1999-1376; classtype:web-application-activity; sid:1013; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS getdrvs.exe access"; flow:to_server,established; uricontent:"/scripts/tools/getdrvs.exe"; nocase; classtype:web-application-activity; sid:1015; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS global.asa access"; flow:to_server,established; uricontent:"/global.asa"; nocase; reference:cve,2000-0778; reference:nessus,10491; reference:nessus,10991; classtype:web-application-activity; sid:1016; rev:12;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS idc-srch attempt"; flow:to_server,established; content:"|23|filename=*.idc"; nocase; reference:cve,1999-0874; classtype:web-application-attack; sid:1017; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS iisadmpwd attempt"; flow:to_server,established; uricontent:"/iisadmpwd/aexp"; nocase; reference:bugtraq,1191; reference:bugtraq,2110; reference:cve,2000-0304; classtype:web-application-attack; sid:1018; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS index server file source code attempt"; flow:to_server,established; uricontent:"?CiWebHitsFile=/"; content:"&CiRestriction=none&CiHiliteType=Full"; reference:bugtraq,1084; reference:cve,2000-0302; reference:nessus,10356; classtype:web-application-attack; sid:1019; rev:12;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS isc$data attempt"; flow:to_server,established; uricontent:".idc|3A 3A 24|data"; nocase; reference:bugtraq,307; reference:cve,1999-0874; reference:nessus,10116; classtype:web-application-attack; sid:1020; rev:12;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ism.dll attempt"; flow:to_server,established; uricontent:" .htr"; nocase; reference:bugtraq,1193; reference:cve,2000-0457; reference:nessus,10680; classtype:web-application-attack; sid:1021; rev:13;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS jet vba access"; flow:to_server,established; uricontent:"/advworks/equipment/catalog_type.asp"; nocase; reference:bugtraq,286; reference:cve,1999-0874; classtype:web-application-activity; sid:1022; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS msadcs.dll access"; flow:to_server,established; uricontent:"/msadcs.dll"; nocase; reference:bugtraq,529; reference:cve,1999-1011; reference:nessus,10357; classtype:web-application-activity; sid:1023; rev:11;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS newdsn.exe access"; flow:to_server,established; uricontent:"/scripts/tools/newdsn.exe"; nocase; reference:bugtraq,1818; reference:cve,1999-0191; reference:nessus,10360; classtype:web-application-activity; sid:1024; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS perl access"; flow:to_server,established; uricontent:"/scripts/perl"; nocase; classtype:web-application-activity; sid:1025; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS perl-browse newline attempt"; flow:to_server,established; uricontent:"|0A|.pl"; nocase; reference:bugtraq,6833; classtype:web-application-attack; sid:1026; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS perl-browse space attempt"; flow:to_server,established; uricontent:" .pl"; nocase; reference:bugtraq,6833; classtype:web-application-attack; sid:1027; rev:8;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS query.asp access"; flow:to_server,established; uricontent:"/issamples/query.asp"; nocase; reference:bugtraq,193; reference:cve,1999-0449; classtype:web-application-activity; sid:1028; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS scripts-browse access"; flow:to_server,established; uricontent:"/scripts/ "; nocase; reference:nessus,11032; classtype:web-application-attack; sid:1029; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS search97.vts access"; flow:to_server,established; uricontent:"/search97.vts"; reference:bugtraq,162; classtype:web-application-activity; sid:1030; rev:7;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /SiteServer/Publishing/viewcode.asp access"; flow:to_server,established; uricontent:"/SiteServer/Publishing/viewcode.asp"; nocase; reference:nessus,10576; classtype:web-application-activity; sid:1031; rev:8;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode access"; flow:to_server,established; uricontent:"/Sites/Knowledge/Membership/Inspired/ViewCode.asp"; nocase; reference:nessus,10576; classtype:web-application-activity; sid:1032; rev:7;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode access"; flow:to_server,established; uricontent:"/Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp"; nocase; reference:nessus,10576; classtype:web-application-activity; sid:1033; rev:7;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode access"; flow:to_server,established; uricontent:"/Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp"; nocase; reference:nessus,10576; classtype:web-application-activity; sid:1034; rev:7;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode access"; flow:to_server,established; uricontent:"/Sites/Samples/Knowledge/Push/ViewCode.asp"; nocase; reference:nessus,10576; classtype:web-application-activity; sid:1035; rev:7;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode access"; flow:to_server,established; uricontent:"/Sites/Samples/Knowledge/Search/ViewCode.asp"; nocase; reference:nessus,10576; classtype:web-application-activity; sid:1036; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode.asp access"; flow:to_server,established; uricontent:"/showcode.asp"; nocase; reference:bugtraq,167; reference:cve,1999-0736; reference:nessus,10007; classtype:web-application-activity; sid:1037; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS site server config access"; flow:to_server,established; uricontent:"/adsamples/config/site.csc"; nocase; reference:bugtraq,256; reference:cve,1999-1520; classtype:web-application-activity; sid:1038; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS srch.htm access"; flow:to_server,established; uricontent:"/samples/isapi/srch.htm"; nocase; classtype:web-application-activity; sid:1039; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS srchadm access"; flow:to_server,established; uricontent:"/srchadm"; nocase; reference:nessus,11032; classtype:web-application-activity; sid:1040; rev:12;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS uploadn.asp access"; flow:to_server,established; uricontent:"/scripts/uploadn.asp"; nocase; reference:bugtraq,1811; reference:cve,1999-0360; classtype:web-application-activity; sid:1041; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS view source via translate header"; flow:to_server,established; content:"Translate|3A| F"; nocase; reference:arachnids,305; reference:bugtraq,1578; classtype:web-application-activity; sid:1042; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS viewcode.asp access"; flow:to_server,established; uricontent:"/viewcode.asp"; nocase; reference:cve,1999-0737; reference:nessus,10576; classtype:web-application-activity; sid:1043; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS webhits access"; flow:to_server,established; uricontent:".htw"; reference:arachnids,237; reference:bugtraq,950; reference:cve,2000-0097; classtype:web-application-activity; sid:1044; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS doctodep.btr access"; flow:to_server,established; uricontent:"doctodep.btr"; classtype:web-application-activity; sid:1726; rev:4;)
# alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"WEB-IIS Unauthorized IP Access Attempt"; flow:to_server,established; content:"403"; content:"Forbidden|3A|"; classtype:web-application-attack; sid:1045; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS site/iisamples access"; flow:to_server,established; uricontent:"/site/iisamples"; nocase; reference:nessus,10370; classtype:web-application-activity; sid:1046; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS CodeRed v2 root.exe access"; flow:to_server,established; uricontent:"/root.exe"; nocase; reference:url,www.cert.org/advisories/CA-2001-19.html; classtype:web-application-attack; sid:1256; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS outlook web dos"; flow:to_server,established; uricontent:"/exchange/LogonFrm.asp?"; nocase; content:"mailbox="; nocase; content:"%%%"; reference:bugtraq,3223; classtype:web-application-attack; sid:1283; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /scripts/samples/ access"; flow:to_server,established; uricontent:"/scripts/samples/"; nocase; reference:nessus,10370; classtype:web-application-attack; sid:1400; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /msadc/samples/ access"; flow:to_server,established; uricontent:"/msadc/samples/"; nocase; reference:bugtraq,167; reference:cve,1999-0736; reference:nessus,1007; classtype:web-application-attack; sid:1401; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS iissamples access"; flow:to_server,established; uricontent:"/iissamples/"; nocase; reference:nessus,11032; classtype:web-application-attack; sid:1402; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS iisadmin access"; flow:to_server,established; uricontent:"/iisadmin"; nocase; reference:bugtraq,189; reference:cve,1999-1538; reference:nessus,11032; classtype:web-application-attack; sid:993; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS msdac access"; flow:to_server,established; uricontent:"/msdac/"; nocase; reference:nessus,11032; classtype:web-application-activity; sid:1285; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS _mem_bin access"; flow:to_server,established; uricontent:"/_mem_bin/"; nocase; reference:nessus,11032; classtype:web-application-activity; sid:1286; rev:8;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS scripts access"; flow:to_server,established; uricontent:"/scripts/"; nocase; classtype:web-application-activity; sid:1287; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS htimage.exe access"; flow:to_server,established; uricontent:"/htimage.exe"; nocase; reference:bugtraq,1117; reference:bugtraq,964; reference:cve,2000-0122; reference:cve,2000-0256; reference:nessus,10376; classtype:web-application-activity; sid:1595; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS MS Site Server default login attempt"; flow:to_server,established; uricontent:"/SiteServer/Admin/knowledge/persmbr/"; nocase; pcre:"/^Authorization|3A|\s*Basic\s+TERBUF9Bbm9ueW1vdXM6TGRhcFBhc3N3b3JkXzE=/smi"; reference:nessus,11018; classtype:web-application-attack; sid:1817; rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS MS Site Server admin attempt"; flow:to_server,established; uricontent:"/Site Server/Admin/knowledge/persmbr/"; nocase; reference:nessus,11018; classtype:web-application-attack; sid:1818; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS postinfo.asp access"; flow:to_server,established; uricontent:"/scripts/postinfo.asp"; nocase; reference:bugtraq,1811; reference:cve,1999-0360; classtype:web-application-activity; sid:1075; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /exchange/root.asp attempt"; flow:to_server,established; uricontent:"/exchange/root.asp?acs=anon"; nocase; reference:bugtraq,3301; reference:cve,2001-0660; reference:nessus,10755; reference:nessus,10781; classtype:web-application-attack; sid:1567; rev:11;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /exchange/root.asp access"; flow:to_server,established; uricontent:"/exchange/root.asp"; nocase; reference:bugtraq,3301; reference:cve,2001-0660; reference:nessus,10755; reference:nessus,10781; classtype:web-application-activity; sid:1568; rev:11;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .asa HTTP header buffer overflow attempt"; flow:to_server,established; content:"HTTP/"; nocase; uricontent:".asa"; nocase; content:"|3A|"; content:"|0A|"; content:"|00|"; reference:bugtraq,4476; reference:cve,2002-0150; classtype:web-application-attack; sid:1802; rev:7;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .cer HTTP header buffer overflow attempt"; flow:to_server,established; content:"HTTP/"; nocase; uricontent:".cer"; nocase; content:"|3A|"; content:"|0A|"; content:"|00|"; reference:bugtraq,4476; reference:cve,2002-0150; classtype:web-application-attack; sid:1803; rev:8;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .cdx HTTP header buffer overflow attempt"; flow:to_server,established; content:"HTTP/"; nocase; uricontent:".cdx"; nocase; content:"|3A|"; content:"|0A|"; content:"|00|"; reference:bugtraq,4476; reference:cve,2002-0150; classtype:web-application-attack; sid:1804; rev:8;)
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .asp HTTP header buffer overflow attempt"; flow:to_server,established; content:"HTTP/"; nocase; uricontent:".asp"; nocase; content:"|3A|"; content:"|0A|"; content:"|00|"; reference:bugtraq,4476; reference:cve,2002-0150; classtype:web-application-attack; sid:1801; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS WEBDAV exploit attempt"; flow:to_server,established; content:"HTTP/1.1|0A|Content-type|3A| text/xml|0A|HOST|3A|"; content:"Accept|3A| */*|0A|Translate|3A| f|0A|Content-length|3A|5276|0A 0A|"; distance:1; reference:bugtraq,7116; reference:bugtraq,7716; reference:cve,2003-0109; reference:nessus,11413; reference:url,www.microsoft.com/technet/security/bulletin/ms03-007.mspx; classtype:attempted-admin; sid:2090; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS WEBDAV nessus safe scan attempt"; flow:to_server,established; content:"SEARCH / HTTP/1.1|0D 0A|Host|3A|"; content:"|0D 0A 0D 0A|"; within:255; reference:bugtraq,7116; reference:cve,2003-0109; reference:nessus,11412; reference:nessus,11413; reference:url,www.microsoft.com/technet/security/bulletin/ms03-007.mspx; classtype:attempted-admin; sid:2091; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS Battleaxe Forum login.asp access"; flow:to_server,established; uricontent:"myaccount/login.asp"; nocase; reference:bugtraq,7416; reference:cve,2003-0215; classtype:web-application-activity; sid:2117; rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS nsiislog.dll access"; flow:to_server,established; uricontent:"/nsiislog.dll"; nocase; reference:bugtraq,8035; reference:cve,2003-0227; reference:cve,2003-0349; reference:nessus,11664; reference:url,www.microsoft.com/technet/security/bulletin/ms03-018.mspx; classtype:web-application-activity; sid:2129; rev:11;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS IISProtect siteadmin.asp access"; flow:to_server,established; uricontent:"/iisprotect/admin/SiteAdmin.asp"; nocase; reference:bugtraq,7675; reference:cve,2003-0377; reference:nessus,11662; classtype:web-application-activity; sid:2130; rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS IISProtect globaladmin.asp access"; flow:to_server,established; uricontent:"/iisprotect/admin/GlobalAdmin.asp"; nocase; reference:nessus,11661; classtype:web-application-activity; sid:2157; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS IISProtect access"; flow:to_server,established; uricontent:"/iisprotect/admin/"; nocase; reference:nessus,11661; classtype:web-application-activity; sid:2131; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS Synchrologic Email Accelerator userid list access attempt"; flow:to_server,established; uricontent:"/en/admin/aggregate.asp"; nocase; reference:nessus,11657; classtype:web-application-activity; sid:2132; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS MS BizTalk server access"; flow:to_server,established; uricontent:"/biztalkhttpreceive.dll"; nocase; reference:bugtraq,7469; reference:bugtraq,7470; reference:cve,2003-0117; reference:cve,2003-0118; reference:nessus,11638; classtype:web-application-activity; sid:2133; rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS register.asp access"; flow:to_server,established; uricontent:"/register.asp"; nocase; reference:nessus,11621; classtype:web-application-activity; sid:2134; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS UploadScript11.asp access"; flow:to_server,established; uricontent:"/UploadScript11.asp"; nocase; reference:cve,2001-0938; classtype:web-application-activity; sid:2247; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS DirectoryListing.asp access"; flow:to_server,established; uricontent:"/DirectoryListing.asp"; nocase; reference:cve,2001-0938; classtype:web-application-activity; sid:2248; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /pcadmin/login.asp access"; flow:to_server,established; uricontent:"/pcadmin/login.asp"; nocase; reference:bugtraq,8103; reference:nessus,11785; classtype:web-application-activity; sid:2249; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS foxweb.exe access"; flow:to_server,established; uricontent:"/foxweb.exe"; nocase; reference:nessus,11939; classtype:web-application-activity; sid:2321; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS foxweb.dll access"; flow:to_server,established; uricontent:"/foxweb.dll"; nocase; reference:nessus,11939; classtype:web-application-activity; sid:2322; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS VP-ASP shopsearch.asp access"; flow:to_server,established; uricontent:"/shopsearch.asp"; nocase; reference:bugtraq,9133; reference:bugtraq,9134; reference:nessus,11942; classtype:web-application-activity; sid:2324; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS VP-ASP ShopDisplayProducts.asp access"; flow:to_server,established; uricontent:"/ShopDisplayProducts.asp"; nocase; reference:bugtraq,9133; reference:bugtraq,9134; reference:nessus,11942; classtype:web-application-activity; sid:2325; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS sgdynamo.exe access"; flow:to_server,established; uricontent:"/sgdynamo.exe"; nocase; reference:bugtraq,4720; reference:cve,2002-0375; reference:nessus,11955; classtype:web-application-activity; sid:2326; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS NTLM ASN.1 vulnerability scan attempt"; flow:to_server,established; content:"Authorization|3A| Negotiate YIQAAABiBoMAAAYrBgEFBQKgggBTMIFQoA4wDAYKKwYBBAGCNwICCqM"; reference:bugtraq,9633; reference:bugtraq,9635; reference:cve,2003-0818; reference:nessus,12052; reference:nessus,12055; reference:nessus,12065; classtype:attempted-dos; sid:2386; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access"; flow:to_server,established; uricontent:"/frmGetAttachment.aspx"; nocase; reference:bugtraq,9805; classtype:web-application-activity; sid:2571; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt"; flow:to_server,established; uricontent:"/login.aspx"; nocase; content:"txtusername="; isdataat:980,relative; content:!"|0A|"; within:980; nocase; reference:bugtraq,9805; classtype:web-application-attack; sid:2572; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS SmarterTools SmarterMail frmCompose.asp access"; flow:to_server,established; uricontent:"/frmCompose.aspx"; reference:bugtraq,9805; classtype:web-application-activity; sid:2573; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ping.asp access"; flow:to_server,established; uricontent:"/ping.asp"; nocase; reference:nessus,10968; classtype:web-application-activity; sid:2667; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS w3who.dll buffer overflow attempt"; flow:to_server,established; uricontent:"/w3who.dll?"; nocase; pcre:"/w3who.dll\x3F[^\r\n]{519}/i"; classtype:attempted-admin; reference:bugtraq,11820; reference:cve,2004-1134; sid:3087; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .cmd executable file parsing attack"; flow:established,to_server; uricontent:".cmd|22|"; nocase; pcre:"/.cmd\x22.*\x26.*/smi"; reference:cve,CVE-2000-0886; reference:bugtraq,1912; classtype:web-application-attack; sid:3193; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .bat executable file parsing attack"; flow:established,to_server; uricontent:".bat|22|"; nocase; pcre:"/.bat\x22.*\x26.*/smi"; reference:cve,CVE-2000-0886; reference:bugtraq,1912; classtype:web-application-attack; sid:3194; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS httpodbc.dll access - nimda"; flow:to_server,established; uricontent:"/httpodbc.dll"; nocase; classtype:web-application-activity; reference:cve,2001-0333; reference:bugtraq,2708; sid:3201; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS SQLXML content type overflow"; flow:to_server,established; pcre:"/\.x[sm]l/Ui"; uricontent:"contenttype="; pcre:"/contenttype=[^\r\n\x3b\x38]{100}/smiU"; classtype:attempted-admin; reference:url,www.westpoint.ltd.uk/advisories/wp-02-0007.txt; reference:url,www.microsoft.com/technet/security/bulletin/MS02-030.mspx; reference:cve,2002-0186; sid:3150; rev:2;)
distrib
>
Mageia
>
7
>
i586
>
media
>
core-release
>
by-pkgid
>
f6d3ed8bfd9b39f251600d80dca5d5d8
>
files
>
50
