LoFP LoFP / internal development or testing scripts. consider filtering by source ip if this is expected from certain systems.

Techniques

Sample rules

Potential Hello-World Scraper Botnet Activity

Description

Detects network traffic potentially associated with a scraper botnet variant that uses the “Hello-World/1.0” user-agent string.

Detection logic

condition: selection
selection:
  c-useragent: Hello-World/1.0
  cs-method: GET