Saw this example provided by our forum member, Pondus. Thanks Pondus. See: http://urlquery.net/report.php?id=1474535
IDS alert sid: ET POLICY Maxmind geoip check to /app/geoip.js
Tested here at Maxmind’s: IP Address Country Code Location Postal Code Coordinates ISP Organization Domain Metro Code
66.147.235.148 US Clifton Park, New York, United States 12065 42.8571, -73.7993 HostRocket Web Services DotBlock.com hrwebservices.net 532
Full alert reads:

alert tcp $HOME_NET any → $EXTERNAL_NET $HTTP_PORTS (msg:“ET POLICY Maxmind geoip check to /app/geoip.js”; flow:established,to_server; content:“/app/geoip.js”; http_uri; fast_pattern:only; content:“maxmind.com|0d 0a|”; http_header; classtype:policy-violation; sid:2015878; rev:1;)

Fraudulent IP abuse IDS detection going on since 2012-11-13 01:25:32 UTC

pol

Saw this example provided by our forum member, Pondus

well it was actually [b]chabbo[/b] that gave it to me, he found it on FaceBook ;) possible win iphone scam

Norman lab added url to url blocklist