What to check if one suspects a regBot attack going on → http://web.archive.org/web/20080109214340/http://www.cert.org/tech_tips/intruder_detection_checklist.html
I get a firekeeper alert here, but why?

=== Triggered rule === alert (msg:"The address you tried to access points to a Malware. Please visit http://www.malwarepatrol.net for more information"; url_content:"http://web.archive.org/"; reference:url,www.malwarepatrol.net; fid:367737; rev:20130308215849;)

=== Request URL ===
http://mirror.toolbar.netcraft.com/check_url/v2/http://web.archive.org/3488735934/info

Also check http://www.botscout.com/ipcheck.htm?ip=

polonus